Humantic AI and GDPR Readiness

The General Data Protection Regulation (the “GDPR”) is an important legislation in the space of privacy and data protection. In this page, we address our commitment to adhering to the GDPR, how we are implementing it, and how these changes affect you, as our customers.

What is GDPR?
The GDPR is the European Union’s (“EU”) primary data protection and privacy law, which took effect on May 25th, 2018. The GDPR was conceptualised to protect and strengthen the right to data protection of EU individuals, and give them a greater say in how organisations collect and handle their personal data. The regulation modernised and replaced the age-old 1995 Data Protection Directive to keep pace with rapid technological developments and globalisation, which have significantly changed the way personal data is collected, accessed and used.

Whom Does the GDPR Apply to?
The applicability of the GDPR extends far beyond the EU, to regulate the processing of personal data by organisations located outside the EU as well, if they offer goods or services to, or monitor the behaviour of, EU individuals. It applies to all organizations processing and holding the personal data of EU individuals, regardless of the organisation’s location.

What Constitutes Personal Data under the GDPR?
Personal data is any information related to an identified or identifiable natural person or ‘data subject’. This could be anything from a name, a photo, an email address, bank details, posts on social networking websites, location, or a computer IP address.

What Constitutes Humantic Data?
Humantic Data is any personal data obtained by us from public data platforms and from third-party partners to prepare personality (or other) insight reports of our customer’s prospects, our customer’s prospective employees and any other individuals or groups of persons.

What is Humantic AI’s role as a controller for Humantic Data?
Humantic AI will be the controller of Humantic Data. We will process this data as per our privacy policy. It is our responsibility to ensure compliance with GDPR as a controller. If an individual’s personal data is a part of Humantic Data, they can, inter alia, exercise the following rights by contacting us at connect@humantic.ai.

1. Right to access and correct their personal data;
2. Right to object or restrict the processing;
3. Right to request erasure of their personal data.

In addition, such individuals also have the right to opt-out of processing or complain to a data protection authority about our collection and use of their personal data.

What is the legal basis for the data we process as a Controller?

Personal Data that we process as Controller	Legal basis for processing
User Data We process our customers’ users’ contact information like full name, email address to be able to provide our products and services to our customers. For example, we use such information to verify their identity and help them log into our services.	Our legal basis for such processing is that it is necessary for the performance of our contract with our customers; the consent of such users when they provide us with such data; our legitimate interests like protecting our products and services against fraud, and marketing our products to individuals, except where we are required by applicable law to obtain their consent.
Humantic Data We use personal data like name, email address, phone number, designation, resume, interests that an individual may share on a public platform for profiling such individuals and to create assessment reports like personality overview and personalization insights.	Our legal basis for such processing is: our legitimate interests to offer products and services that aid in having a contextual relationship with i) prospective customers thereby avoiding spamming or ii) candidates thereby making effective recruitment decisions. our legitimate interests to improve the efficiency of our products and services;

To know more about how we process personal data as a controller you can visit our privacy policy available at https://dev.humantic.ai/privacy.

What is Humantic AI’s role with respect to processing its customers’ data?
We will be the processor of our customers’ data that is transmitted to us and the customer will be the controller. What this means is that we will process any personal data that our customer transmits to us only on our customer’s behalf. While it is the responsibility of the customer to ensure compliance with GDPR as a controller, Humantic AI will, as a processor, enable the customer in its compliance in accordance with the agreements signed with the customer.

Commitment of Humantic AI towards GDPR compliance

At Humantic AI, we are committed to provide our customers as well as other individuals who interact with us, privacy and security in line with international best-practices and regulations.
We understand we receive critical data from you and we want to make sure that you have access to all the details you require in understanding how we protect the data that you share with us.
Here are some of the steps we have taken towards GDPR compliance:

1. Contractual Commitments
   1. Data Processing Agreements
      We are required to implement contractual commitments with our customers as a part of GDPR’s requirements for processors. Our standard customer agreements include Data Processing Agreements that automatically apply to personal data originating in the EU when you purchase a license for our products. We work extensively with our legal team to ensure that such agreements are up-to-date and incorporate and reflect all continuing developments in the EU’s data protection law. You can find our Customer Data Processing Agreement here.
   2. Standard Contractual Clauses
      Standard Contractual Clauses (“SCCs”) are one of the approved transfer methods to be put in place beforehand to ensure that protection guaranteed within the EU travels with personal data when it is transferred to a third country outside the EU. The SCCs are a set of compulsory clauses published by the EU Commission on 4 June, 2021 and are required to be included in contracts between data exporters and data importers. These SCCs are incorporated, as a default, in our Data Processing Agreements.


2. Security Measures
   We implement appropriate technical and organizational measures to protect customer data in our possession and to ensure that we serve our customers with secure products. You may request access to our security policy by writing to us at connect@humantic.ai.


3. Internal policies on data protection
   We have established internal policies, guidelines and processes concerning the handling of personal data by our employees including policies on confidentiality, incident management, access control, endpoint security, data backup and vendor management.


4. Right to Opt-out of processing for Humantic Data
   On our website we provide an opt-out option for individuals who do not want their personal data to be a part of Humantic Data. If an individual has exercised this option we stop such processing of their personal data. We maintain a do-not-disturb list of such individuals to ensure that we do not process their personal data in the future as well.


5. Right to Opt-out of marketing communication
   We only send marketing and promotional emails where we have obtained consent as required in the EU. Such emails also provide for an opt-out mechanism. We maintain a do-not-disturb list of recipients that have unsubscribed to our marketing communications.


6. Updated privacy policy
   We ensure that our privacy policy is periodically updated in line with the emerging requirements of data protection laws for the processing activities we undertake as a controller. You can read our privacy policy here.


7. Accountability and Governance
   We recognize the need to ensure that our employees understand the importance of data protection and are trained on the basic principles of GDPR. We extend training programs to our employees who handle personal data in the course of their employment in order to familiarize them with GDPR compliance. We also ensure that we implement measures to demonstrate that we fulfil obligations under GDPR.


8. Certifications
   We are committed to providing data privacy and security to our customers in accordance with industry standards. To this effect, we have in place SOC2 Type 2 certification which confirms that we have stringent data protection policies and measures in place to protect customer data.


9. Assessments
   We understand that compliance with GDPR is an ongoing process. In furtherance of our commitment to this we have internal assessments to ensure that our processing of an individual’s personal data does not override the interests, fundamental rights and freedoms of such individuals in relation to protection of their personal data.


10. Onward compliance
    We conduct the required due diligence to evaluate the security, privacy and confidentiality practices of our vendors prior to engaging them and execute agreements that impose GDPR-equivalent obligations on them.

If ever you need to know more about our commitment to GDPR compliance, please send an email to connect@humantic.ai.

Disclaimer
The content above is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with your legal and other professional counsel to determine exactly how GDPR may or may not apply to you and compliance with GDPR as applicable to you.