Kopie von Kopie von Kopie von Kopie von Datenschutz & Informationssicherheit Best Practices
Bei Hawk gehen wir über die grundlegenden Anforderungen hinaus und setzen Best Practices der Branche zur proaktiven Schadensverhinderung ein.
Compliance
ISO 27001:2013
SOC 2 Type 2
GDPR Compliant

GDPR Statement
Hawk is committed to building trust with our past, existing and future clients. Data protection is one of our core principles at Hawk. We truly respect our and your clients’ data. As we are based in Europe, we are fully compliant with the General Data Protection Regulation (GDPR). These rights will apply to all our customers, regardless of where they are.

CCPA Statement
CCPA is a California Consumer Protection Act and the following statement shows how Hawk complies with it.
Handling Data Subject Requests
At Hawk, we value privacy, transparency and trust. Under the General Data Protection Regulation (GDPR), you have certain rights as a data subject, including the right to access, rectify, delete, or restrict the processing of your personal data, as well as the right to object to data processing and request data portability under certain conditions. Exercising these rights ensures transparency and control over the processing of your personal data.
Please note that Hawk generally processes data on behalf of its customers as a data processor and cannot independently fulfil requests without the authorization of the respective organization or financial institution. If you are an end customer of an organization or financial institution that uses Hawk's services as a data processor, please contact this organization directly regarding any requests related to your personal data and your rights as a data subject.
However, if Hawk is acting as the data controller - for example, in cases involving applicants, employees or staff of affiliated organizations - you may contact us directly at privacy@hawk.ai . We are committed to protecting your privacy and will promptly review and process your request in accordance with applicable data protection laws.
Other Data Protection Features
Access Management
Our access management policies follow the “principle of least privilege.” Our primary method of assigning and maintaining consistent access controls and rights is Role-Based Access Control (RBAC). This includes, but is not limited to, Multi-Factor Authentication (MFA), system access protected via VPNs, strict password policy, and Single-Sign-On (SSO).
Respecting Client Data
All GDPR-relevant Personal Identifiable Information (PII) data gets tokenized, stored separately, and encrypted from other data. PII data elements do not allow tracing or matching to individuals. Access to the data necessary for investigation is secured with a roles and rights system, is logged with an audit trail, and is only granted on an individual case-by-case basis.
Firewalls
All of our systems are protected by sensitive Web Application Firewalls (WAF). These firewalls enable fine-tuned incoming and outgoing traffic management. We utilize Distributed Denial of Service (DDoS) mitigation measures and network intrusion detection software to monitor for malicious activity, providing additional security controls for our network stack.
Data Encryption
All data is encrypted both in transit and at rest, resulting in the robust protection of client data. We use Advanced Encryption Standard (AES) on all information systems to ensure effective encryption. We have deployed HashiCorp Vault to store secrets and manage the key rotation for Personally Identifiable Information in line with GDPR requirements.