HRForecast Privacy Regulation Compliance

The data privacy regulatory landscape is undergoing a lot of change. You probably have heard about the EU General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. There are also other regulations in effect or in the works around the world. We’ve written up this reference document to put helpful information regarding our products and privacy regulations in one place. Please also view our full Privacy Policy. If you have any questions, comments, or concerns about our Privacy Policy, your data, or your rights with respect to your information, please email us at info@hrforecast.de.

EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. HRForecast is compliant.

Does GDPR affect me?

If you’re based in the EU or do business in the EU, you must comply with GDPR rules. For example, if you possess any EU personal data in your HRForecast account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third-party vendors you rely on, including HRForecast. These agreements are commonly called a Data Processing Addendum, or DPA.

Data Processing Addendum

Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. We have incorporated the DPA into our Master Service Agreement. You can find the DPA here. This addendum is in effect when the General Data Protection Regulation applies to your use of HRForecast Services to process Customer Data as defined in the DPA. The DPA includes the European Commission’s Standard Contractual Clauses to extend GDPR privacy principles, rights, and obligations.

To execute the DPA

Download the Data Processing Addendum

Complete and sign the DPA as described under “HOW TO EXECUTE THIS DPA”

Send the DPA to us

We’ll sign the DPA and return it to you

HRForecast subprocessors 

HRForecast uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed, and require the same of them.

Subprocessors are split into 2 groups: 
Subprocessors used for data about your own users, which HRForecast in GDPR terminology is the processor of, and you are the controller of. 

Subprocessors used for data about you (our customer), which HRForecast in GDPR terminology is the controller of.

Data about your customers/users 

We are a processor of data about your customers. We do not share or sell this data with any other providers. We only store it in our data center hosted with Google Cloud Platform.

Amazon Web Service EMEA SARL. Cloud services provider. Europe.