Hogan Statement on GDPR Compliance
Hogan Assessment Systems, Inc. (“Hogan”) knows you care how information about you is used and appreciates your trust that we will do so carefully and sensibly. Hogan takes a proactive approach to safeguarding the confidentiality of all information. We use a variety of industry-standard administrative, physical, and security technologies and procedures to help protect personal information from unauthorized access, use, or disclosure. Hogan is committed to the security, availability, confidentiality, and processing integrity of all information collected, regardless of location.
Hogan maintains an information security and privacy program consistent with industry standards, which includes appropriate administrative, physical, and technical safeguards to a) maintain and protect against anticipated threats or hazards to the security, privacy, confidentiality, and integrity of data; and b) protect against any security incident. Additionally, Hogan has undertaken thorough GDPR readiness and impact assessments to ensure the proper policies and procedures are in place for compliance.
In regard to GDPR, Hogan is generally considered a Processor or Sub-Processor, although there may be some instances where Hogan is a Controller (i.e. customer relationship management, accounting processes). As such, Hogan’s legal basis for processing data will typically rely on the following provisions: Article 6(1)(b) ‘performance of a contract’, and Article 6(1)(f) ‘legitimate interest’.
Data will be retained by Hogan 1) for as long as the Controller or Processor is a client of Hogan, 2) until the data is requested to be deleted by the Controller, Processor, or Data Subject, or 3) until the data is no longer necessary to provide the requested services. Anonymized data may be aggregated for our own research purposes.
Hogan utilizes the European Commission’s Standard Contractual Clauses developed and approved as ensuring adequate protection for data subjects in accordance with the EU Data Protection Directive 95/46/EC. The SCC are generally referenced within a Data Processing Agreement entered between Hogan and applicable parties. Hogan will implement any GDPR-specific clauses promulgated by the regulatory body when available.
Hogan has extensive security and privacy policies and procedures which serve as a strong foundation to address the key components within GDPR legislation. An important component of our current security and privacy compliance is the US-based SSAE 16 Service Organization Control (SOC2) Trust Principles. SOC2 compliance and audits map to ISO standards, and as such, share many principles with GDPR in the areas of technical and organizational measures on data security, availability, processing integrity, confidentiality and privacy.
Please contact us with requests for data access, data deletion, or any other questions. We can be reached at firstname.lastname@example.org.