HubBroker - Roles and Responsibilities under GDPR



Roles and Responsibilities under GDPR


This document lists the types of data handled by HubBroker ApS, as well as the responsibilities of HubBroker ApS as a data processor vs. the responsibilities of the customer as the data controllers.

Roles

HubBroker ApS customers are data controllers. HubBroker ApS is a data processor.

Personal Data Handled by HubBroker ApS

HubBroker ApS handles end-user data present in user profiles, including metadata.

Data Controller (Customer) Responsibilities

Ultimately, you, as the data controller, are responsible for GDPR compliance, which mostly consists of operational procedures and documentation.

More specifically, the customer is responsible for:

  • End-user notification, consent, and withdrawal of consent
  • Deciding what data they expose to HubBroker ApS
  • Deciding what connections (where end user data and passwords reside) to use
  • Signing up and, if necessary, creating new users
  • Ensuring their users meet the age requirements and obtaining the appropriate consent if necessary (such as parental consent for children)
  • Implementing the mechanisms necessary for their end users to retrieve, review, correct, or remove personal data
  • Deleting user data after receiving right-to-be-forgotten requests
  • Providing data in standardized formats
  • Responding to their end users' privacy-related requests (DSAR)
  • Responding to communications from the European Union Data Privacy Authorities
  • Data breach notifications sent to supervisory authorities and end users (HubBroker ApS will assist the customer and provide the necessary information if we are involved)
  • Selecting an EU tenant when setting up their HubBroker ApS tenants

The customer is the party that's responsible for the security of their data. HubBroker ApS has no knowledge of how the customer processes data, configures their applications, and so on.

Data Processor (HubBroker ApS) Responsibilities

HubBroker ApS is responsible for:

  • Following the data processor's instructions as explicated in the Subscription Agreement (SA) and Data Processing Addendum (DPA) (for enterprise customers) or Terms of Service (for self-service customers)
  • Notifying the customer if it receives requests from the customer's end users exercising their GDPR rights as subjects for data access, erasure, and so on
  • Notifying the customer if it receives requests from EU Data Privacy Authorities (unless prohibited by law enforcement)
  • Notifying the customer if it becomes aware of a confirmed security breach
  • Notifying the customer if any of its sub-processors notify HubBroker ApS about a confirmed data breach that impacts HubBroker ApS customer data (unless prohibited by law enforcement)
  • Providing a privacy policy, terms of service, security statement, data protection agreement, and so on, to provide info on its policies and practices
  • Providing information about its data processing, so that customer has info it needs to process data lawfully
  • Defining its services and features, how data is processed, and the rights and obligations of customers
  • Providing the means to enable customers to retrieve, review, correct, or delete customer data via the HubBroker ApS Dashboard and the HubBroker ApS Management API
  • Providing a mechanism for customers to display consent terms and a consent agreement checkbox on the Lock widget. Customers can also design custom signup and login forms if more elaborate consent schemes are needed


HubBroker ApS Data Processing

This document discusses what data HubBroker ApS has, as well as how it processes this data.

Data HubBroker ApS Possesses

All of the data HubBroker ApS has about an end user is located in the HubBroker ApS user profile. The specific attributes contained in the user profile vary based on customer implementation and are based on a number of factors, such as connection type, user consent during the authentication flow, and whether you've augmented the user profiles with additional information.

Where HubBroker ApS Data is Stored

The HubBroker ApS user profile information is stored in HubBroker ApS when you use a database connection. If a user logs in using any other type of connection (including custom database connections), HubBroker ApS stores information provided by the external identity provider for future queries.

How HubBroker ApS Uses the Data It Stores

The personal data stored in HubBroker ApS is used only for the purposes of providing its services, namely authenticating users

What Happens to Data When an End User's Account is Deleted

When an end user's account is deleted, their user profile, included metadata, is removed.


Category: GDPR
Last date of update:
24.09.2018


How did we do?