At H-Authentica, we are committed to protecting the privacy and data security of our users. As part of our dedication to safeguarding personal information, we adhere to the General Data Protection Regulation (GDPR), which is a comprehensive data protection law enacted by the European Union (EU). The following outlines our GDPR compliance practices:

  1. Lawful Basis for Data Processing:

    • We ensure that all data processing activities are based on one of the lawful bases outlined in the GDPR, such as consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.

  2. User Rights:

    • We respect the rights of individuals regarding their personal data, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and not be subject to automated decision-making.

  3. Data Protection Officer (DPO):

    • We have appointed a Data Protection Officer responsible for overseeing GDPR compliance, handling data protection impact assessments (DPIAs), and serving as a point of contact for data subjects and supervisory authorities.

  4. Data Processing Transparency:

    • We provide transparent information to users regarding our data processing activities, including the purposes of processing, the legal basis for processing, data retention periods, and any third parties involved in data processing.

  5. Data Security Measures:

    • We implement appropriate technical and organizational measures to ensure the security of personal data, including encryption, access controls, pseudonymization, regular security assessments, and employee training on data protection best practices.

  6. Data Breach Notification:

    • In the event of a data breach that may pose a risk to individuals' rights and freedoms, we promptly notify the relevant supervisory authority and affected data subjects in accordance with GDPR requirements.

  7. International Data Transfers:

    • When transferring personal data outside the European Economic Area (EEA), we ensure compliance with GDPR provisions on international data transfers, such as using Standard Contractual Clauses (SCCs) or ensuring the receiving country offers an adequate level of data protection.

  8. Data Subject Requests:

    • We have established processes for handling data subject requests, including procedures for verifying the identity of data subjects, responding to requests within the required timeframes, and documenting our responses.

  9. Privacy by Design and Default:

    • We integrate privacy considerations into our data processing activities from the outset, following the principles of privacy by design and default to minimize data collection and processing, implement privacy-enhancing technologies, and enhance user control over their data.

  10. Vendor and Partner Compliance:

    • We ensure that third-party vendors and partners involved in data processing activities on our behalf comply with GDPR requirements through contractual agreements, vendor assessments, and ongoing monitoring.

  11. GDPR Training and Awareness:

    • We provide regular training and awareness programs for our employees to ensure they understand their responsibilities under the GDPR and are equipped to handle personal data in accordance with applicable data protection laws.

  12. Data Protection Impact Assessments (DPIAs):

    • We conduct DPIAs for high-risk data processing activities to assess and mitigate potential risks to individuals' privacy rights, involving relevant stakeholders and consulting with supervisory authorities where necessary.

By adhering to GDPR principles and requirements, H-Authentica is dedicated to upholding the highest standards of data protection and privacy for our users. If you have any questions or concerns about our GDPR compliance practices, please contact our Data Protection Officer at ej@h-authentica.com.