GDPR Compliance at Hambrand Technology Company

At Hambrand Technology Company, we take data protection seriously and are committed to ensuring compliance with the General Data Protection Regulation (GDPR), which governs how personal data is processed within the EU and beyond. Here, we outline how we manage GDPR to protect your personal data and support your compliance efforts.

What is GDPR?

The GDPR is a regulation that aims to protect the personal data of individuals within the EU, requiring businesses to handle this data with care, transparency, and security. Non-compliance can result in significant penalties.

Our Role in GDPR Compliance

Hambrand Technology Company acts as a data processor while our clients (you) act as the data controllers. As a processor, we handle personal data on your behalf under your instructions, ensuring it is processed in line with GDPR requirements.

Data Processing Agreement (DPA)

We provide a comprehensive Data Processing Agreement (DPA) that outlines the responsibilities and obligations of both parties in compliance with Article 28 of the GDPR. This agreement governs how we process data on your behalf and ensures that we meet the highest standards of data protection.

Data Security Measures

We implement robust security measures to safeguard personal data, including:

Encryption: Data is encrypted both in transit and at rest to prevent unauthorized access.
Access Controls: We use strict access controls to ensure that only authorized personnel can access sensitive data.
Regular Audits: Our systems are regularly audited to identify and mitigate any potential vulnerabilities.

Vendor Management

We work only with GDPR-compliant vendors who meet the same stringent standards we apply to ourselves. Any third parties involved in data processing are carefully vetted and subject to data protection agreements to ensure compliance.

Your Responsibilities as a Data Controller

While we help facilitate GDPR compliance, it is essential that you, as the data controller, manage your own GDPR responsibilities. These include:

Obtaining explicit consent: Ensure you have lawful consent from individuals to collect and process their personal data.
Responding to Data Subject Requests: Be prepared to respond to data subject requests, such as the right to be forgotten, data access, or rectification.
Data Minimization: Only collect the data you need and ensure it is relevant and limited to what is necessary for your purposes.

Data Subject Rights

The GDPR grants individuals the following rights over their personal data:

Right to Access: Individuals can request access to their personal data.
Right to Rectification: Individuals can request corrections to inaccurate data.
Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data, subject to legal obligations.
Right to Data Portability: Individuals can request a copy of their data in a structured, machine-readable format.

We assist you in addressing these requests by providing tools within our software to fulfill your GDPR obligations.

International Data Transfers

As a global company, we may transfer data outside the European Economic Area (EEA). However, we ensure that any international data transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs), to guarantee GDPR-compliant data protection levels.

Data Breach Response

In the unlikely event of a data breach, we have a detailed Data Breach Response Plan in place. This ensures we can identify, contain, and report breaches to relevant supervisory authorities within the required 72-hour window, and notify affected data subjects where necessary.

Ongoing Compliance and Support

GDPR compliance is not a one-time effort; it requires continuous monitoring and adaptation to evolving data protection standards. Hambrand Technology Company is committed to ongoing compliance by:

Regularly reviewing and updating our policies and practices.
Providing support and guidance to our clients on GDPR-related issues.
Offering updates and resources to help you stay compliant.

Contact Us

If you have any questions about how Hambrand Technology Company manages GDPR compliance or need further assistance, please contact us at:
Hambrand Technology Company
27 St Cuthbert’s
Bedford, MK40

+44 20 4538 2875
[email protected]