Hubstaff handles data under GDPR and is Privacy Shield certified.

At Hubstaff we understand how important privacy is for your business and its customers. We comply with the EU’s General Data Protection Regulation (GDPR) law that went into effect on May 25, 2018. Our team works hard every day to ensure that data subjects are protected. Among the steps we’ve taken to meet GDPR requirements and be transparent about what we do with your data, we became Privacy Shield certified, updated our Privacy Policy, and list all of our subprocessors.

The Data Processing Addendum (DPA) is provided to help meet GDPR (General Data Protection Regulation) requirements. The DPA has been pre-signed by Netsoft Holdings, LLC (the owners of Hubstaff). If required by the GDPR, please download the DPA and email a signed copy to [email protected].

Download DPA

The DPA contains a lot of useful and detailed information regarding the GDPR and how Hubstaff operates according to this law. Please, make sure to read it to get a better understanding of the matter.

Information about Hubstaff’s GDPR Compliance

Filing a request to delete my data

If you are an owner of a Hubstaff organization, and/or owner of a Hubstaff Talent Agency, and/or an owner of a Hubstaff Tasks organization. Please, send a personal data deletion request to [email protected].

If you are a member of a Hubstaff organization, and/or a member of a Hubstaff Talent Agency, and/or a member of Hubstaff Tasks organization, you have to contact the owner of your organization or agency and ask them to contact Hubstaff’s Support Team with the permission to delete your data.

Hubstaff’s Support Team will check your case and act accordingly.

You will be informed if your request will be processed or you will get explanations about why it is declined. Once your request is accepted for the deletion, it will take around 5-7 business days to complete. You will receive a confirmation when the deletion is processed.

Organization Data Controller information

Your organization and its owner(s) are considered to be the Data Controller. This means that the Data Controller, once it receives the data deletion request, has to give Hubstaff an order and permit such data deletion. Hubstaff cannot delete your data without the Data Controller’s permission.

GDPR Compliance, and organization’s GDPR status When A Removal Request Is Initiated By A User

Since Hubstaff is GDPR compliant, according to the law we consider any organization and its owner(s) to be the Data Controller. Even if such an organization is not GDPR compliant itself, we cannot delete your data without their permission.

Hubstaff Account information Release Information

All Hubstaff employees are knowledgeable, trained, and are required to handle sensitive data such as PII (Personally Identifiable Information) in compliance with the DPA (Data Processing Addendum). Because of this Hubstaff employees cannot release personal information from your Hubstaff account.

We treat data handling with the utmost care and control who has access to it by implementing two levels of permissions (administrator and super administrator).

Viewing and Accessing Data within Hubstaff

The data is only accessed directly when we’re working with you on a support ticket or diagnosing an error that our code generated (which is shared internally). In these specific cases, our support team and/or a few developers may need access to your data. Our team is trained to handle sensitive information.

Data is encrypted during transmission and at rest, however, if we need to troubleshoot a support issue or debug a server error we would need to decrypt the data to view it and access it when needed.

Data Encryption Information

We encrypt all data during transmission and at rest. Therefore, in the event our database is compromised, all the data is encrypted.

Subprocessors Data handling Information

We have a list of subprocessors publicly available on our website.

We have signed DPAs (data protection addendum) with all of these vendors. They are being held to the same standards as we are held to under the GDPR and Privacy Shield certification.

Hubstaff’s Role According To The GDPR Law

Unless specifically agreed in writing by the parties, Hubstaff is the Data Processor. Please, read more about the (other) parties’ roles in the DPA that you can download below.

Download DPA

Hubstaff Activity Data Retention Information

How long the activity data is retained varies between free and paid plans. Learn more about Data Retention Comparison.

Hubstaff Talent Search Engine Data Information 

Once the Hubstaff Talent information is openly available on the Internet (e.g., the freelancer’s profile that has visibility “Everyone”), any third party can collect and store this information for its needs. Search engines, such as Google, may keep a cache of the data and store it in their records, so it may take some time before they are completely removed.

Hubstaff can neither control nor delete such data and, unfortunately, we cannot provide you with any information when/if this will be deleted. In such a case, you may try to contact any search engine directly with a request to delete your data.

Hubstaff Controls For Internal Use Of Confidential Data

All of our team members signed a legal document during their training that holds them personally liable for any such actions. We would prosecute them to the fullest extent of the law if this ever occurred.

Hubstaff’s Data Protection Officer and EU representative

Hubstaff has appointed a data protection officer (DPO). You may contact Hubstaff’s DPO Jared Brown at [email protected].

Our EU representative may be reached by contacting:

Maetzler Rechtsanwalts GmbH & Co KG,
Attorneys at Law,
c/o Netsoft Holdings, LLC,
Schellinggasse 3/10, 1010 Vienna, Austria

Please add the following subject to all correspondence:
GDPR-REP ID: 19160560