General Data Protection Regulation (GDPR)
GitKron is committed to supporting compliance with the European Union General Data Protection Regulation (GDPR).
This page outlines how GitKron approaches data protection and privacy within its services.
1. Role Under GDPR
Depending on the service configuration, GitKron may act as:
- • Data Processor when processing personal data on behalf of customers
- • Data Controller for limited operational data such as account management and billing
Customers remain the Data Controller for repository and workflow data processed within their environments.
2. Data Processing Principles
GitKron adheres to GDPR principles including:
- • Lawfulness, fairness, and transparency
- • Purpose limitation
- • Data minimisation
- • Accuracy
- • Storage limitation
- • Integrity and confidentiality
- • Accountability
Data is processed only as necessary to deliver the service.
3. Data Security Measures
GitKron implements appropriate technical and organisational measures including:
- • Encrypted data transmission
- • Role-based access controls
- • Secure authentication protocols
- • Infrastructure monitoring
- • Incident response procedures
Security documentation is available upon enterprise request.
Security and Trust →4. Data Processing Agreement (DPA)
Enterprise customers may request a Data Processing Agreement (DPA) covering:
- • Scope of processing
- • Security obligations
- • Sub-processor engagement
- • Data transfer mechanisms
- • Data subject rights assistance
5. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), GitKron:
- • Implements appropriate safeguards
- • Utilises Standard Contractual Clauses where required
- • Ensures Sub-processors meet regulatory standards
6. Data Subject Rights
GitKron supports customers in fulfilling data subject rights requests, including:
- • Access
- • Rectification
- • Erasure
- • Restriction
- • Portability
- • Objection
Requests can be directed to: privacy@gitkron.com (or your contact channel).
7. Data Retention
Personal data is retained only:
- • For the duration necessary to provide services
- • To meet contractual obligations
- • To comply with legal requirements
Retention periods may vary based on service usage and contractual terms.
8. Incident Notification
In the event of a security incident involving personal data, GitKron will:
- • Assess severity
- • Notify affected customers without undue delay
- • Provide relevant information for regulatory reporting
9. Customer Responsibilities
Customers are responsible for:
- • Ensuring lawful basis for processing
- • Managing repository content appropriately
- • Configuring access controls
- • Fulfilling regulatory obligations applicable to their organisation
GitKron supports but does not replace customer compliance programs.