Haiilo complies with the requirements of the GDPR and offers a secure communication platform that protects employee and customer data. You can find our complete data protection regulation here.

Our customers' right to privacy and the security of personal data are our top priorities. That's why, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations. If you have any questions about the general data protection regulation, please contact our data protection officer at dpo@haiilo.com.

If you have any questions about Haiilo's security, please contact security@haiilo.com.

GDPR

The European General Data Protection Regulation (GDPR) is a regulation regarding the protection of personal data of citizens within the EU. The regulation includes strict requirements for the collection and processing of personal data and, therefore, also affects the majority of all companies and public institutions. The GDPR has been in force since May 25, 2018.

The scope of the GDPR is very comprehensive with regard to the protection of personal data. For you, this means that you, as the controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the GDPR.

To minimize the risk to our customers around the GDPR, we at Haiilo have taken comprehensive measures in technical and structural terms. In addition, we have developed a "contract for the processing of personal data on behalf of a controller" (ADV contract), which we conclude with our customers to create legal certainty for both sides.

Insofar as personal data is stored and processed by our customers in the Haiilo Cloud, Haiilo GmbH acts as a processor and is obligated to its customers to implement technical organizational measures in accordance with Article 32 GDPR.

Here are some answers to frequently asked questions on storing data:

• There is no personal allocation for downloading or uploading files. In Haiilo, no personal association to file accesses is made or stored.
• For data protection reasons, we don't log which person changed or deleted what or when in Haiilo.
• The application itself only stores the ID of mobile devices and the device name until they are manually deleted by the user in the profile settings. The load balancer does not store any information about users' devices.
• The application itself does not store IP addresses. Related to firewall and load balancer: IP addresses are stored for 90 days only in case of error.

Hosting

The data of our Haiilo Cloud customers is hosted by one of our partners in Germany. Haiilo and our hosting partners are thus subject to the EU-GDPR. You will receive detailed guidelines and further information with the contract documents.

In addition to IT security certification ISO 27001 and certification for quality management ISO 9001, our data center service provider is a member of the independent digital business association "Cloud EcoSystem e.V." and has been certified there as a German Cloud provider.