The General Data Protection Regulation (GDPR / DSVGO) is the toughest privacy and security law in the world. It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018.
Hook0 uses certain sub-processors to assist it in providing Application Services to its customers, as described in the Master Services Agreement or Terms of Use available at terms-of-service or such other location as the Terms of Use may be posted from time to time (as applicable, the “Agreement”). Defined terms used herein shall have the same meaning as defined in the Agreement.
What is personal data?
GDPR is especially concerned about protecting personal data of individuals. Personal data (Art. 4 GDPR) consists of any information that allows us to identify a person directly or indirectly and can be anything such as a name, email address, credit card number, or documents with personal information.
How we process personal data
When you visit our websites or use our services, we will most likely process your personal data in one way or another. You can find all relevant information about which data we process, our legal basis for processing, and your rights regarding your personal data in our privacy policy.
Subprocessors and their roles
A subprocessor is a third-party data processor engaged by Hook0, including entities from within the Hook0 group, who has or potentially will have access to or process Customer Content (which may contain Personal Data). Hook0 engages different types of subprocessors to perform various functions as explained in the tables below.
Infrastructure
We use the following subprocessors to provide our cloud infrastructure environment and storage of our Customer Content:
| Subprocessor | Country of Processing | Purpose |
|---|---|---|
| Clever Cloud SAS | France, Europe | Hook0 customer database, API, and web application |
| Cloudflare | USA | DNS and DDoS protection |
Processing of Customer Content
Hook0 works with various subprocessors that monitor, maintain, and support the Application Services. These subprocessors may, but not necessarily will, have access to Customer Content:
| Subprocessor | Country | Purpose |
|---|---|---|
| Clever Cloud SAS | France, Europe | Workers that call the webhook subscription endpoints |
| Scaleway SAS | France, Europe | Private dedicated workers that call the webhook subscription endpoints (only for relevant customers) |
| Stripe Inc. | USA | Hook0's customer subscription management |
| Brevo | France, Europe | Automated emailing |
| Postmark | USA | Automated emailing |
| BetterUptime | Czech Republic, Europe | Uptime monitoring, status page, and on-call management |
| Sentry | USA | Error tracking |
| Crisp | France, Europe | Customer relations management |
| Gmail | USA | Support mailbox |
* Note, the list of subprocessors applies to any new Hook0 customers as of that date, or existing Hook0 customers who have not otherwise received notice of a different effective date of this list.
Stay in Control
As a French SaaS, Hook0.com offers unmatched GDPR compliance. We leverage the best global infrastructure to ensure the highest levels of confidentiality, integrity, and availability for your data. We understand the need for control and independence, so if you prefer not to rely solely on our or our sub-processors' measures, you can still access our support services without compromising your data.
Data Ownership and Management
There are no data transfers outside of the EU for your deployment (assuming EU-based hosting). The only exception is for disaster recovery purposes, where backups are stored securely in French data centers. Moreover, all our staff and consultants who might access your deployment are based in the EU.
Regarding your own user database (i.e., your ), you must establish the required processes to comply with GDPR yourself and declare all data transfers that you handle independently. In this case, Hook0 acts as a subprocessor, and our DPA (Data Processing Agreement) specifies what we do.