Legal

GDPR Compliance

Our commitment to data protection

1. Our Commitment to GDPR

HRKunda is fully committed to compliance with the General Data Protection Regulation (GDPR). We recognize the importance of data protection and have implemented comprehensive measures to ensure the security and privacy of personal data.

2. Data Controller and Processor

When you use HRKunda:

  • Your organization acts as the Data Controller for employee data
  • HRKunda acts as a Data Processor, processing data on behalf of your organization

We provide Data Processing Agreements (DPAs) to all customers to formalize this relationship.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Portability: Receive your data in a machine-readable format
  • Right to Restrict Processing: Limit how your data is used
  • Right to Object: Object to certain types of processing

4. Data Security Measures

We implement robust security measures including:

  • End-to-end encryption (TLS 1.3)
  • Data encryption at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

5. Data Transfers

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, it is securely deleted or anonymized.

7. Breach Notification

In the event of a personal data breach, we will notify affected customers within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

8. Data Protection Officer

For any GDPR-related inquiries, please contact us through our contact page.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact your employer (the Data Controller) or reach out to us directly. We will respond to all requests within 30 days.