GDPR Compliance

1. What is GDPR?

General Data Protection Regulation (GDPR) serves as the primary legal framework for data protection across the European Union, having superseded the previous fragmented national laws on May 25, 2018. This regulation established a unified and directly enforceable set of rules across all member states of the EU, enforced to enhance individual privacy rights and provide legal clarity for global organizations.

Key Regulatory Provisions:

• Extraterritorial Scope: The GDPR applies to all organizations, regardless of their physical location, that process the personal data of individuals residing within the EU.
• Controlled Compliance: While member states retain limited flexibility in specific areas, the regulation provides a centralized standard for data processing and protection.
• Enforcement and Penalties: Non-compliance with GDPR carries significant financial risk i.e. authorities may impose administrative fines of up to €20,000,000 or 4% of a company’s total global annual turnover, whichever is greater.

2. What is Considered Personal Data?

Under the General Data Protection Regulation (GDPR), “personal data” is broadly defined as any information that can lead to the identification of any user.

3. Data We Collect

We collect and process various categories of data to ensure the effective delivery of our services. As of 2026, the information we gather includes:

• Personal Information: This encompasses identifiers such as legal names, email addresses, professional designations, organizational affiliations, and contact details, as well as any additional data voluntarily submitted during service engagement or direct correspondence.
• Usage Data: We monitor interactions with our platform and website, including IP addresses, browser specifications, device identifiers, page views, and specific user actions.
• Cookies and Tracking Technologies: We utilize cookies and analogous tracking mechanisms based on our cookies policy to optimize user experience, conduct performance analytics, and provide personalized content and advertising.

4. Cross-border Data Transfers

HRTion stores data securely in physically isolated data centers. In certain instances, data may be transferred to or processed in alternative jurisdictions.

In such cases, we implement rigorous safeguards to ensure a level of protection equivalent to that mandated by European Union law. These measures include the execution of Standard Contractual Clauses (SCCs) or reliance on formal Adequacy Decisions issued by the European Commission.

5. Data Sharing

HRTion maintains a strict policy against the sale, rental, or trade of personal information. As of 2026, data sharing is restricted to the following circumstances:

• Internal Affiliates: Data may be shared between HRTion affiliate entities to ensure seamless service delivery.
• Authorized Service Providers: Information may be disclosed to trusted third-party partners who assist in platform operations. These engagements are governed by confidentiality and security protocols.
• Legal Compliance: Data will be shared when mandated by applicable law, regulatory provisions, or formal legal proceedings.
• Corporate Transactions: In the event of a merger, acquisition, or significant business restructuring, your data may be transferred, provided it remains subject to the same level of protection and privacy standards.

6. Our Security Measures

We prioritize the security of your data and have implemented rigorous technical, organizational, and administrative protocols to safeguard your information against unauthorized access, loss, or misappropriation. As of 2026, our comprehensive security framework includes:

• Data Encryption: Deployment of robust encryption protocols for data in transit to ensure secure communication.
• Data Security: Utilization of advanced firewalls and enterprise-grade antivirus software.
• Access Governance: Strict internal access controls combined with ongoing security awareness training for all personnel.
• Continuous Improvement: Systematic monitoring and routine updates to our security infrastructure to address emerging threats.

7. Data Breach and our Response

In the event of a data breach impacting your personal information, we will promptly notify you and the appropriate regulatory authorities in accordance with our legal obligations under the General Data Protection Regulation (GDPR).

8. Contact Us

For any query, comment, or complaint, please contact us at support@hrtion.com.