Hubstaff handles data under GDPR and is Privacy Shield certified.
The Data Processing Addendum (DPA) is provided to help meet GDPR (General Data Protection Regulation) requirements. The DPA has been pre-signed by Netsoft Holdings, LLC (the owners of Hubstaff). If required by the GDPR, please download the DPA and email a signed copy to [email protected].
The DPA contains a lot of useful and detailed information regarding the GDPR and how Hubstaff operates according to this law. Please, make sure to read it to get a better understanding of the matter.
Questions about Hubstaff’s GDPR Compliance
How do I file a request to delete my data?
If you are an owner of a Hubstaff organization, and/or owner of a Hubstaff Talent Agency, and/or an owner of a Hubstaff Tasks organization. Please, send a personal data deletion request to [email protected].
If you are a member of a Hubstaff organization, and/or a member of a Hubstaff Talent Agency, and/or a member of Hubstaff Tasks organization, you have to contact the owner of your organization or agency and ask them to contact Hubstaff’s Support Team with the permission to delete your data.
Hubstaff’s Support Team will check your case and act accordingly.
You will be informed if your request will be processed or you will get explanations about why it is declined. Once your request is accepted for the deletion, it will take around 5-7 business days to complete. You will receive a confirmation when the deletion is processed.
I’m a member of an organization that uses Hubstaff. Who is considered to be the Data Controller in this case: my organization or Hubstaff?
Your organization and its owner(s) are considered to be the Data Controller. This means that the Data Controller, once it receives the data deletion request, has to give Hubstaff an order and permit such data deletion. Hubstaff cannot delete your data without the Data Controller’s permission.
I’m a member of an organization that happens to be not GDPR compliant, and they refuse to delete my data as per my request. Can Hubstaff still delete my data because Hubstaff is GDPR compliant?
Since Hubstaff is GDPR compliant, according to the law we consider any organization and its owner(s) to be the Data Controller. Even if such an organization is not GDPR compliant itself, we cannot delete your data without their permission.
Is Hubstaff allowed to release information from our account?
No. All Hubstaff employees are knowledgeable, trained, and are required to handle sensitive data such as PII (Personally Identifiable Information) in compliance with the DPA (Data Processing Addendum).
We treat data handling with the utmost care and control who has access to it by implementing two levels of permissions (administrator and super administrator).
Who can access and view data within Hubstaff?
The data is only accessed directly when we’re working with you on a support ticket or diagnosing an error that our code generated (which is shared internally). In these specific cases, our support team and/or a few developers may need access to your data. Our team is trained to handle sensitive information.
Data is encrypted during transmission and at rest, however, if we need to troubleshoot a support issue or debug a server error we would need to decrypt the data to view it and access it when needed.
Is the data encrypted?
We encrypt all data during transmission and at rest. Therefore, in the event our database is compromised, all the data is encrypted.
Do you have subprocessors that handle our data?
We have a list of subprocessors publicly available on our website.
We have signed DPAs (data protection addendum) with all of these vendors. They are being held to the same standards as we are held to under the GDPR and Privacy Shield certification.
What is Hubstaff’s role according to the GDPR law?
Unless specifically agreed in writing by the parties, Hubstaff is the Data Processor. Please, read more about the (other) parties’ roles in the DPA that you can download at the beginning of the article.
How long does Hubstaff keep activity data?
How long the activity data is retained varies between free and paid plans. Learn more about Data Retention Comparison.
I had an account with Hubstaff Talent which I have deleted, but I still see my personal data in Google. Can you delete it for me?
Once the information is openly available on the Internet (e.g., the freelancer’s profile that has visibility “Everyone”), any third party can collect and store this information for its needs. Search engines, such as Google, may keep a cache of the data and store it in their records, so it may take some time before they are completely removed.
Hubstaff can neither control nor delete such data and, unfortunately, we cannot provide you with any information when/if this will be deleted. In such a case, you may try to contact any search engine directly with a request to delete your data.
What controls are in place to prevent Hubstaff employees or subcontractors from transmitting confidential data?
All of our team members signed a legal document during their training that holds them personally liable for any such actions. We would prosecute them to the fullest extent of the law if this ever occurred.
Hubstaff’s Data Protection Officer and EU representative
Hubstaff has appointed a data protection officer (DPO). You may contact Hubstaff’s DPO Jared Brown at [email protected].
Our EU representative may be reached by contacting:Maetzler Rechtsanwalts GmbH & Co KG,
Attorneys at Law,
c/o Netsoft Holdings, LLC,
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence:
GDPR-REP ID: 19160560