How Utuflow helps you stay compliant with the General Data Protection Regulation.
The General Data Protection Regulation (GDPR) applies to the processing of personal data of individuals in the European Union. As a platform that processes employee data on behalf of our customers, Utuflow plays an important role in your GDPR compliance posture.
When you use Utuflow to process employee data, your organization is the Data Controller — you determine the purposes and means of processing employee personal data.
Utuflow processes data on your behalf as a Data Processor. We only process employee data to the extent necessary to provide the Services you've subscribed to, and in accordance with your documented instructions.
We provide a standard Data Processing Agreement (DPA) to all customers. The DPA covers our obligations as a processor, including technical and organizational security measures, sub-processor management, and procedures for handling data subject requests.
To request our DPA, email privacy@utuflow.com.
Utuflow makes it easy for your organization to respond to data subject requests from employees:
Utuflow is hosted in the EU by default. For customers who require data to remain in the EU, we offer EU-only data residency. International transfers, where required, are governed by EU Standard Contractual Clauses (SCCs).
We maintain a current list of all sub-processors involved in processing your data. This list is available to customers on request and is updated whenever we add or change a sub-processor (with 30 days' advance notice).
Our Data Protection Officer can be reached at dpo@utuflow.com for any GDPR-related inquiries.