GDPR FAQ
If you have any questions related to your responsibilities or our compliance under GDPR, please see if they are answered here first
Q: Under GDPR Article 28, we are required to have a valid DPA (Data Processing Agreement) with any data processor we use. Where can we get this for Huma?
A: This is already in place! The overarching customer agreement (https://humahr.com/terms-of-service) includes a DPA (https://humahr.com/data-processing-agreement), as explicitly mentioned in ToS 1.1. This DPA is fully compliant with GDPR.
Q: When logging in to Huma with a code from email. How many times can a code be entered incorrectly before lockout?
A:
-
After 3 incorrect code entries, the code is invalidated and a new code must be requested.
-
Code requests are rate-limited: You can request a maximum of 5 codes in 15 minutes.
-
Security monitoring: We continuously monitor for repeated attempts and suspicious activity to protect your account.
Q: How do you verify that a report is submitted by a human in the Whistleblowing portal?
A: The Whistleblowing portal uses CAPTCHA as an additional security measure to help verify that a submission is made by a human and to protect the portal from automated or suspicious activity.