Assembly Logo

    GDPR Compliance
    and Data Privacy Framework
    Commitment

    Last updated on February 05, 2025

    Ensuring Compliance with GDPR, SCCs, and Secure Data Transfers

    CarrotHR, Inc. (DBA Assembly) is committed to safeguarding personal data and ensuring compliance with the General Data Protection Regulation (GDPR). Our security measures, transparent data processing practices, and legal mechanisms ensure that all transfers of personal data outside the European Economic Area (EEA) align with GDPR requirements.

    Cross-Border Data Transfers

    Transfers of Personal Data Outside the EEA

    Pursuant to GDPR Article 46, organizations transferring personal data outside the EU or EEA must implement legally binding and enforceable safeguards. CarrotHR, Inc. (DBA Assembly) ensures compliance through:

    • EU Standard Contractual Clauses (SCCs): We rely on European Commission-approved SCCs to provide a lawful basis for data transfers outside the EU/EEA. Assembly commits to monitoring updates from the European Commission regarding SCCs and will implement new versions as required. If revised SCCs are issued, they shall automatically apply to all international data transfers.
    • Data Privacy Framework (DPF) Compliance: CarrotHR, Inc. (DBA Assembly) is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ensuring compliance with GDPR and international data transfer requirements.
    • Supplementary Security Measures: We employ end-to-end encryption, strict access controls, and data minimization techniques to protect personal data during international transfers.

    For organizations requiring a Data Processing Agreement (DPA) that includes EU Standard Contractual Clauses (SCCs), CarrotHR, Inc. (DBA Assembly) is prepared to sign such an agreement. Entities seeking a DPA may contact us at support@joinassembly.com.

    For additional information regarding GDPR Article 46 and SCCs, see the European Commission's official guidance.

    CarrotHR, Inc. (DBA Assembly) Certification Under the Data Privacy Framework (DPF)

    CarrotHR, Inc. (DBA Assembly) has obtained certification with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in compliance with the U.S. Department of Commerce. This certification ensures that our organization complies with applicable data protection regulations for personal data transferred from the European Union, United Kingdom, and Switzerland to the United States.

    Under the DPF certification, CarrotHR, Inc. (DBA Assembly) adheres to core DPF Principles and DPF Principles (best practice).

    More Information: CarrotHR's DPF certification is publicly available on the U.S. Department of Commerce's DPF List.

    We remain attentive regarding any DPF compliance, posted notice of Privacy Policy, Privacy Safeguards, data processing on third parties in open GDPR means like governing state meets like processed, data and location along to final consolidated.

    User Rights and Data Protection Under GDPR

    CarrotHR, Inc. (DBA Assembly) believes individuals have full control over their personal data in compliance with their GDPR rights:

    • Right to Access and Correction: Users may request to update their personal information.
    • Right to Erasure ("Right to be Forgotten"): Users may request the deletion of their personal data.
    • Data Portability and Transparency: Our Privacy Policy provides clear information on how we use, why we collect personal data.

    For any privacy-related inquiries, users may contact: support@joinassembly.com

    Ongoing Security and Compliance Measures

    CarrotHR, Inc. (DBA Assembly) continuously evaluates its data protection, and compliance measures to align with GDPR, Data Protection Authorities (DPAs), authorizing best practices.

    • Regular Security Audits: Regular security audits enhance compliance with industry standards.
    • Encryption and Access Controls: Data is encrypted both in transit and at rest with strict access controls applied.
    • GDPR-Compliant Processes: We work with expert third-party vendors and procurement to provide our services securely and efficiently. All procurement is contractually bound to comply with GDPR and other data protection laws.
    • Access Subscriber Information: To meet our list of subprocessors or contracted service changes, please contact us at support@joinassembly.com.

    We provide continuous commitment to ongoing security, user protection, and compliance alignment. Please contact our Privacy Policy for more information.

    Commitment to GDPR Compliance and Data Protection

    CarrotHR, Inc. (DBA Assembly) is dedicated to ensuring the highest standards of data privacy for its users by adhering to GDPR Article 46, SCCs, and the Data Privacy Framework (DPF), our privacy policies and procedural security protocols ensure compliant international data transfers while maintaining strong data security at all times.

    For our continuing compliance with the Data Processing Agreement (DPA) with EU Standard Contractual Clauses (SCCs) or for any privacy-related inquiry, please contact: support@joinassembly.com