GDPR Commitment

GDPR Compliance Measures

EasyClocking has implemented the following measures:

• Security infrastructure investments and certifications
• Updated contractual terms
• EU-based customer provisioning and support
• Data portability tools including import/export capabilities, user profile management for personal data deletion requests, access privileges and settings management, and API access (restricted by credentials and security tokens)

We continually monitor regulatory guidance and update our practices accordingly.

Security Infrastructure and Certifications

EasyClocking maintains the following certifications:

• SAS 70
• SSAE 16 Type II SOC 1, SOC 2, and SOC 3
• HIPAA Compliance
• PCI Compliance

We maintain a dedicated security team handling threat detection and tool development. We are obligated to notify customers of security incidents per GDPR requirements.

Information and Data Security Policy

Purpose

• Protect integrity and validity of company data
• Assure security of sensitive information
• Provide policies for managing sensitive and confidential data
• Prevent information compromise and misuse

Scope

This policy covers operational, financial, product, customer, and user-related data deemed sensitive and confidential.

Data Security Practices

Device Data Security

• Data encrypted at rest and in transit
• Returned devices factory reset before repurposing
• Remote access logged in support tickets with activity details

Access Control

• Individual usernames required — password sharing prohibited
• Privileged user passwords changed every 120 days
• Auto-lock enabled after maximum 10-minute idle time
• Biometric access required for office premises
• Server room access logged (name, date, time, reason)
• Remote access limited to authorized users with manager approval and firewall configuration

Service Cancellation

Upon service cancellation, licenses terminate immediately. Written requests for data destruction are honored. Customer data is archived for one year post-cancellation.

Incident Response

Suspected or actual breaches are reported immediately to our Information Office, which assesses threat level and responds per established guidelines. Service providers must provide contractual assurance protecting sensitive information per our policy standards.

Contact Us

For GDPR-related questions regarding user rights or customer compliance assistance, contact us at marketing@easyclocking.com.