HRX360HRX360

GDPR Compliance

Last updated: 23 August 2025

HRX360 is designed to help UK businesses meet their GDPR obligations.

Our approach

  • Data minimisation and privacy by design
  • Access controls and audit logging
  • Data subject rights tooling
  • Encryption in transit and at rest

Lawful bases

We rely on multiple lawful bases where appropriate, including contract (provision of services), legitimate interests (service improvement and security), consent (for optional features like certain analytics), and legal obligation.

Data processing

We act as a processor for customer employee data and as a controller for our own business operations.

Subprocessors

We maintain a list of approved subprocessors and ensure appropriate safeguards (including SCCs where relevant) for international transfers.

See our current list here: Subprocessors

Contact

For data protection queries or DSRs: hello@hrx360.com