Data security & GDPR

At Alexis, data privacy isn’t just a checkbox; it’s a commitment. Our principles adhere to GDPR and Schrems II regulations and are based on international safety standards such as SoC II and ISO/IEC 27001. Find more information in our DPA, Terms and Conditions or below.

Security first

At AlexisHR, safeguarding your personal data is our top concern. We're committed to ensuring its protection and making sure it aligns with all regulations. Security always comes first and every action we take is driven by security considerations. In choosing Alexis, you are not just choosing a service; you’re choosing a commitment to the utmost data security and privacy

Reliability

To uphold our security promise, we exclusively select providers that offer our services securely and with the highest quality. Our providers are known for exceptional standards and reliability, ensuring that their services store and manage data in compliance with GDPR. Quality will always be at the forefront of our decisions.

Frequently asked questions & answers

Data Storage and Management

Compliance and Regulations

At AlexisHR, we are committed to ensuring the highest standards of data protection and compliance, especially in light of evolving legal landscapes. The Schrems II verdict by the Court of Justice of the European Union (CJEU) in July 2020 invalidated the previous transatlantic data flow framework, the EU-U.S. Privacy Shield. This led to significant challenges for companies transferring data from the EU to the U.S., requiring them to rely on mechanisms like standard contractual clauses (SCC) or binding corporate rules, and to prepare Transfer Impact Assessments (TIA).

However, on 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework. This new framework is designed to address the concerns raised by the CJEU in the Schrems II verdict. Specifically:

1. Level of Protection: The European Commission has determined that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union. This means that data can be transferred safely from the EU to U.S. companies participating in the framework without needing additional data protection safeguards set out in Article 46 of the GDPR, such as SCCs or binding corporate rules.

2. Limitations on U.S. Intelligence Agencies: The EU-U.S. Data Privacy Framework limits U.S. intelligence agencies' access to EU data to what is necessary and proportionate. It also establishes a Data Protection Review Court (DPRC), an independent and impartial redress mechanism, aimed at resolving EU individuals' complaints regarding the collection of their data for national security purposes.

3. Commitment by U.S. Companies: To join the EU-U.S. Data Privacy Framework, U.S. companies must self-certify and commit to privacy principles contained in the European Commission’s adequacy decision. This includes limiting personal data to what is relevant for processing, deleting it when no longer necessary, and informing data subjects of the main features of their data processing.

4. Other Transfer Mechanisms: The safeguards put in place by the U.S. also apply when data is transferred from the EU to the U.S. using other transfer mechanisms, such as SCCs and binding corporate rules.

At AlexisHR, we are actively monitoring these developments and are committed to ensuring that our data transfer practices remain compliant with the latest regulations. We are here to support and provide clarity to our clients during these changing times.

Data security & GDPR

Security first

Reliability

Frequently asked questions & answers

Data Storage and Management

Compliance and Regulations

Monitoring and Reviews

Ownership and Availability

Privacy- and Cookie Policy

Do you have a specific questions?