GDPR Compliance
HirAgent is committed to full compliance with the General Data Protection Regulation (GDPR). This guide explains your rights under EU data protection law and how we ensure compliance in Luxembourg.
Last updated: 27/07/2025
GDPR at a Glance
EU Jurisdiction
Luxembourg-based with full GDPR compliance
Your Rights
Complete data subject rights protection
Privacy by Design
Built-in data protection safeguards
Your Data Subject Rights
Under GDPR Article 12-22, you have comprehensive rights regarding your personal data. These rights are fundamental and can be exercised at any time.
Right of Access (Art. 15)
Request confirmation and copies of your personal data we process
Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data
Right to Erasure (Art. 17)
"Right to be forgotten" - request deletion of your data
Right to Restriction (Art. 18)
Limit the processing of your personal data
Right to Data Portability (Art. 20)
Receive your data in structured, machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests
Automated Decision-Making (Art. 22)
Protection from automated processing and profiling
Withdraw Consent
Withdraw consent for consent-based processing
Exercising Your Rights: Contact our Data Protection Officer at dpo@hiragent.comto exercise any of these rights. We will respond within 30 days as required by GDPR Article 12.
Lawful Basis for Data Processing
Under GDPR Article 6, we process your personal data based on specific lawful grounds. Here's how we apply each basis:
Consent (Art. 6(1)(a))
Marketing communications, optional platform features, and data analytics where you've explicitly consented.
Your control: Withdraw consent anytime through account settings or email preferences.
Contract Performance (Art. 6(1)(b))
Account management, AI agent deployment, service delivery, billing, and customer support.
Necessity: Essential for providing our B2B AI agent services as per your agreement.
Legal Obligation (Art. 6(1)(c))
Tax records, regulatory compliance, anti-money laundering, and data breach notifications.
Examples: Luxembourg tax law, EU financial regulations, sector-specific compliance.
Legitimate Interest (Art. 6(1)(f))
Security monitoring, fraud prevention, service optimization, and business analytics.
Balancing test: Our interests balanced against your privacy rights and freedoms.
We clearly identify the lawful basis for each processing activity in our data processing records and privacy notices, ensuring full transparency as required by GDPR Article 12.
Data Protection Officer (DPO)
In accordance with GDPR Articles 37-39, HirAgent has appointed a Data Protection Officer to ensure compliance and serve as your point of contact for data protection matters.
Contact Our DPO
DPO Responsibilities
- • Monitor GDPR compliance across HirAgent
- • Conduct privacy impact assessments
- • Serve as contact point for supervisory authorities
- • Handle data subject rights requests
- • Provide data protection training and guidance
- • Investigate privacy concerns and complaints
Our DPO operates independently and reports directly to senior management. You can contact our DPO directly about any data protection concerns without going through other channels.
Data Breach Notification
HirAgent has implemented comprehensive data breach procedures in compliance with GDPR Articles 33-34 to ensure rapid response and notification.
Our Breach Response Process
Detection & Containment
Immediate breach detection and security response
Risk Assessment
Evaluate risk to rights and freedoms
Authority Notification
Report to CNPD within 72 hours
Individual Notification
Direct notification if high risk
Notification Timeline
Within 72 Hours
Notification to Luxembourg CNPD (Art. 33)
Without Undue Delay
Individual notification if high risk (Art. 34)
Continuous
Updates and follow-up communications
We implement technical and organizational measures including encryption, access controls, regular security audits, and staff training to prevent data breaches from occurring.
International Data Transfers
HirAgent ensures all international data transfers comply with GDPR Chapter V (Articles 44-49), providing adequate protection for your personal data.
Transfer Safeguards
EU/EEA Priority
Primary data processing within European Economic Area
Adequacy Decisions
Transfers to countries with EU adequacy decisions
Standard Contractual Clauses
EU-approved SCCs for third country transfers
Data Sovereignty Options
Enterprise customers can request EU-only processing
Transfer Impact Assessment
Before any international transfer, we conduct a Transfer Impact Assessment (TIA) evaluating:
- • Legal framework in destination country
- • Government access laws and practices
- • Data subject rights enforceability
- • Technical and organizational safeguards
- • Risk mitigation measures needed
Most HirAgent services operate within the EU/EEA. Where third-country transfers occur, we use appropriate safeguards and inform you through our privacy notices and data processing agreements.
Privacy by Design & Default
HirAgent implements Privacy by Design and Privacy by Default principles as required by GDPR Article 25, embedding data protection into our systems from the ground up.
Technical Measures
- • Data minimization in system design
- • Encryption by default for data storage and transmission
- • Automated data retention and deletion controls
- • Privacy-preserving AI model architectures
- • Granular access controls and audit logging
- • Pseudonymization and anonymization tools
Organizational Measures
- • Privacy impact assessments for new features
- • Data protection training for all staff
- • Privacy-first product development processes
- • Regular compliance audits and reviews
- • Vendor data protection requirements
- • Clear data governance policies and procedures
Our platform defaults to the most privacy-friendly settings. Optional features that involve additional data processing require explicit opt-in consent from users.
Cookie Compliance
HirAgent's website and platform currently operate without cookies or similar tracking technologies. This approach ensures maximum privacy compliance and eliminates the need for cookie consent banners.
Technical Implementation: We use server-side session management, stateless authentication tokens, and privacy-preserving analytics that don't require client-side storage.
Future Cookie Use: Should we implement cookies in the future, we will:
- • Update this compliance guide with detailed cookie information
- • Implement compliant consent management systems
- • Provide granular cookie controls and opt-out mechanisms
- • Distinguish between essential and optional cookies
- • Respect your preferences for cookie acceptance
Supervisory Authority
As a Luxembourg-based company, HirAgent is supervised by the Commission Nationale pour la Protection des Données (CNPD), Luxembourg's data protection authority.
CNPD Luxembourg
Your Right to Complain
Under GDPR Article 77, you have the right to lodge a complaint with the CNPD if you believe we have not handled your personal data in accordance with the law.
Before Complaining
Contact our DPO first - we may resolve your concern directly
Filing a Complaint
Submit complaints online or by post to CNPD
Cross-Border Cases
CNPD coordinates with other EU data protection authorities
How to Exercise Your Rights
Exercising your GDPR rights is straightforward with HirAgent. We've streamlined the process to ensure you can easily access, control, and manage your personal data.
Contact Methods
Self-service options in your platform dashboard
For basic data management and preferences
What to Include
Your full name and email address
Specific right you want to exercise
Details of your request or concern
Proof of identity (if required)
Response Time: We respond to all GDPR requests within 30 days. Complex requests may take up to 60 days with proper notification.
To protect your privacy, we may require identity verification for certain requests, especially those involving data access or deletion. This process is secure and GDPR-compliant.