Haiilo complies with the requirements of the GDPR and offers a secure communication platform that protects employee and customer data. Our customers' right to privacy and the security of personal data is our top priority. Therefore, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.

Visit our Trust Center for detailed information. If you have any questions about the general data protection regulation, you can also contact our data protection officer at dpo@haiilo.com or our security team at security@haiilo.com.

GDPR

The European General Data Protection Regulation (GDPR) is a regulation regarding the protection of citizens' personal data within the EU. The regulation includes strict requirements for the collection and processing of personal data and, therefore, also affects the majority of all companies and public institutions. The GDPR has been in force since May 25, 2018.

The scope of the GDPR is very comprehensive concerning protecting personal data. For you, this means that you, as the data controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the GDPR.

To minimize our customers' risk around the GDPR, we at Haiilo have taken comprehensive measures in technical and structural terms. In addition, we have developed a "contract for the processing of personal data on behalf of a controller" (ADV contract), which we conclude with our customers to create legal certainty for both sides.

Insofar as personal data is stored and processed by our customers in the Haiilo Cloud, Haiilo GmbH acts as a processor and is obligated to its customers to implement technical organizational measures under Article 32 of the GDPR.

Hosting

Recognizing the significance of hosting locations for our customers and their adherence to compliance standards, Haiilo offers a choice between EU and US hosting options for our services in the cloud. For our EU customers, the EU cloud is hosted in Germany, and for US customers, the US cloud is hosted in the US.

You can find additional information in our Trust Center. You will also receive detailed guidelines and further information with your contract documents.

Data storage

Below are answers to frequently asked questions on storing data:

• No, Haiilo does not link or store personal data to file accesses.
• For incident handling purposes, load balancer logs are stored for 7 days. The logs might include information on which person changed or deleted what and when in Haiilo, primarily for use in case of a security incident.
• The application only stores the ID of mobile devices and the device name until the user manually deletes them in the profile settings. The load balancer does not store any information about users' devices.
• The application itself does not store IP addresses. Regarding the firewall and load balancer, IP addresses are stored for 90 days only in case of error.
• As a cloud customer, we can make your data available to you as an export at the end of the term. Please contact our Service Desk for assistance with this. The export is provided as a .json file with an extra folder for all uploaded files via a download link. If you do not wish to export your data, Haiilo will completely delete your instance with all data after 30 days.