Haiilo complies with the requirements of the GDPR and offers a secure communication platform that protects employee and customer data alike.
Our customers' right to privacy and the security of personal data are our top priorities. That's why, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.
In this article, we answer the most important questions:
- What is the GDPR?
- What are the implications of GPDR for you?
- How do I get a GPDR compliant data processing agreement from Haiilo?
- Does a personal allocation take place when downloading or uploading files?
- Is there a way to see who’s deleted certain content?
- How long does Haiilo store information about users' end devices?
- How long does Haiilo store the IP address of users?
- Where is our Haiilo Cloud data hosted?
- Are your hosting partners certified?
- How does this look legally?
If you have any further questions about the general data protection regulation that are not answered here, you can contact our data protection officer at email@example.com.
You can find our complete data protection regulation here.
What is the GPDR?
The European General Data Protection Regulation, GDPR for short, is a new regulation regarding the protection of personal data of citizens within the EU. The regulation includes strict requirements for the collection and processing of personal data and therefore also affects the majority of all companies and public institutions. The GDPR has been in force since May 25, 2018.
What are the implications of GPDR for you?
The scope of the GDPR is very comprehensive with regard to the protection of personal data. For you, this means that you, as the controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the GDPR.
To minimize the risk of our customers around the GDPR, we at Haiilo have taken comprehensive measures in technical as well as structural terms. In addition, we have developed a "contract for the processing of personal data on behalf of a controller" (ADV contract), which we conclude with our customers to create legal certainty for both sides.
How do I get a GPDR compliant data processing agreement from Haiilo?
You can find out how to obtain a data processing agreement with us here.
Does a personal allocation take place when downloading or uploading files?
No, in Haiilo no personal association to file accesses is made or stored.
Is there a way to see who’s deleted certain content?
No. For data protection reasons, we don’t log which person changed or deleted what when.
How long does Haiilo store information about users' end devices?
The application itself only stores the ID of mobile devices and the device name until they are manually deleted by the user in the profile settings. We have spoken with our hoster and we can assure that the load balancer does not store any information about users' devices.
How long does Haiilo store the IP address of users?
The application itself does not store IP addresses. Related to firewall and load balancer: IP addresses are stored for 90 days only in case of error.
Where is our Haiilo Cloud data hosted?
The data of our Haiilo Cloud customers is hosted by one of our partners in Germany. Haiilo and our hosting partners are thus subject to the EU-GDPR. You will receive detailed guidelines and further information with the contract documents.
Are your hosting partners certified?
Yes. In addition to IT security certification ISO 27001 and certification for quality management ISO 9001, our data center service provider is a member of the independent digital business association "Cloud EcoSystem e.V." and has been certified there as a German Cloud provider.
How does this look legally?
Insofar as personal data is stored and processed by our customers in the Haiilo Cloud, Haiilo GmbH acts as a processor and is obligated to its customers to implement technical organizational measures in accordance with Article 32 GDPR.