GDPR FAQ
Frequently asked questions about GDPR, security and compliance in Huma
Where can I find documentation about Huma's security, compliance and certifications?
All security documentation, certifications and compliance information, including our ISO certification, is available at trust.humahr.com. Here you will find information about our security practices, certifications, sub-processors and more.
Under GDPR Article 28, we are required to have a valid DPA (Data Processing Agreement) with any data processor we use. Where can we get this for Huma?
This is already in place. The overarching customer agreement includes a DPA, as explicitly mentioned in ToS 1.1. This DPA is fully compliant with GDPR.
When logging in to Huma with a code from email — how many times can a code be entered incorrectly before lockout?
- After 3 incorrect code entries, the code is invalidated and a new code must be requested
- Code requests are rate-limited — you can request a maximum of 5 codes in 15 minutes
- We continuously monitor for repeated attempts and suspicious activity to protect your account
How do you verify that a report is submitted by a human in the Whistleblowing portal?
The Whistleblowing portal uses CAPTCHA as an additional security measure to help verify that a submission is made by a human and to protect the portal from automated or suspicious activity.