HubBroker - Roles and Responsibilities under GDPR
Roles and Responsibilities under GDPR
This document lists the types of data handled by HubBroker ApS, as well as the responsibilities of HubBroker ApS as a data processor vs. the responsibilities of the customer as the data controllers.
HubBroker ApS customers are data controllers. HubBroker ApS is a data processor.
Personal Data Handled by HubBroker ApS
HubBroker ApS handles end-user data present in user profiles, including metadata.
Data Controller (Customer) Responsibilities
Ultimately, you, as the data controller, are responsible for GDPR compliance, which mostly consists of operational procedures and documentation.
More specifically, the customer is responsible for:
- End-user notification, consent, and withdrawal of consent
- Deciding what data they expose to HubBroker ApS
- Deciding what connections (where end user data and passwords reside) to use
- Signing up and, if necessary, creating new users
- Ensuring their users meet the age requirements and obtaining the appropriate consent if necessary (such as parental consent for children)
- Implementing the mechanisms necessary for their end users to retrieve, review, correct, or remove personal data
- Deleting user data after receiving right-to-be-forgotten requests
- Providing data in standardized formats
- Responding to their end users' privacy-related requests (DSAR)
- Responding to communications from the European Union Data Privacy Authorities
- Data breach notifications sent to supervisory authorities and end users (HubBroker ApS will assist the customer and provide the necessary information if we are involved)
- Selecting an EU tenant when setting up their HubBroker ApS tenants
The customer is the party that's responsible for the security of their data. HubBroker ApS has no knowledge of how the customer processes data, configures their applications, and so on.
Data Processor (HubBroker ApS) Responsibilities
HubBroker ApS is responsible for:
- Following the data processor's instructions as explicated in the Subscription Agreement (SA) and Data Processing Addendum (DPA) (for enterprise customers) or Terms of Service (for self-service customers)
- Notifying the customer if it receives requests from the customer's end users exercising their GDPR rights as subjects for data access, erasure, and so on
- Notifying the customer if it receives requests from EU Data Privacy Authorities (unless prohibited by law enforcement)
- Notifying the customer if it becomes aware of a confirmed security breach
- Notifying the customer if any of its sub-processors notify HubBroker ApS about a confirmed data breach that impacts HubBroker ApS customer data (unless prohibited by law enforcement)
- Providing information about its data processing, so that customer has info it needs to process data lawfully
- Defining its services and features, how data is processed, and the rights and obligations of customers
- Providing the means to enable customers to retrieve, review, correct, or delete customer data via the HubBroker ApS Dashboard and the HubBroker ApS Management API
- Providing a mechanism for customers to display consent terms and a consent agreement checkbox on the Lock widget. Customers can also design custom signup and login forms if more elaborate consent schemes are needed
HubBroker ApS Data Processing
This document discusses what data HubBroker ApS has, as well as how it processes this data.
Data HubBroker ApS Possesses
All of the data HubBroker ApS has about an end user is located in the HubBroker ApS user profile. The specific attributes contained in the user profile vary based on customer implementation and are based on a number of factors, such as connection type, user consent during the authentication flow, and whether you've augmented the user profiles with additional information.
Where HubBroker ApS Data is Stored
The HubBroker ApS user profile information is stored in HubBroker ApS when you use a database connection. If a user logs in using any other type of connection (including custom database connections), HubBroker ApS stores information provided by the external identity provider for future queries.
How HubBroker ApS Uses the Data It Stores
The personal data stored in HubBroker ApS is used only for the purposes of providing its services, namely authenticating users
What Happens to Data When an End User's Account is Deleted
When an end user's account is deleted, their user profile, included metadata, is removed.
Last date of update: 24.09.2018