Security

  • Data Storage
  • Security

Your data is safe with us

When it comes to data security, there's no room for mistakes or half-measures.

What makes us stand out?

Data Storage
GDPR Compliance
Data Protection
Learn More

Data Storage

We use Microsoft® Azure® servers, compliant with global and industry standards such as the General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.

What else do we offer besides a great team?

01

Our data centers are located within the European Economic Area (EEA). Personal data is processed in Poland, the Netherlands (MS Azure Data Center), and Ireland (MS Azure Data Center).

02

We encrypt data at the interface level using SSL TLS 1.2 when connecting to external systems.

03

Our databases are encrypted with TDE (AES 256) and Dynamic Data Masking.

04

Every user can view the scope of their processed data. During the agreement period, clients can export their data at any time. Once the agreement ends, we delete the data.

05

We use technical and network safeguards to prevent data interception. System security relies on logical authentication and authorization mechanisms.

06

To maintain high security, we use monitoring tools that detect and prevent malicious events, threats, and intrusion attempts.

More info
Find out more about Azure’s physical security measures.

GDPR Compliance

At HRnest, data security is our top priority. Our system includes built-in privacy tools like encryption, data minimization principles, and user data management.

We believe our platform is one of the best choices on the market for businesses that value data protection.

All our employees are trained in:

GDPR-compliant data processing and security principles.

Data protection laws and information security requirements.

Reporting and handling incidents, including rapid response procedures and corrective actions.

Securing access to mobile devices and protection against malware.

Safe remote work – best practices for Wi-Fi and VPN usage.

Using IT infrastructure, including hardware, for business tasks.

More info
Want to exercise your data rights? Contact our Data Protection Officer (Michał Strzelecki) at: iod@hrnest.com

System Access and Configuration

  • Only authorized individuals who have signed confidentiality agreements and follow our security procedures can process data in HRnest.
  • Access is function-specific and occurs within secured VPN networks.
  • Before partnering with any tech provider, we thoroughly vet them to ensure they meet our standards. We have procedures in place for managing data breaches and security incidents. Our approach is transparent – clients know exactly how we keep their data safe.

GDPR Compliance

  • We appointed a Data Protection Officer and implemented policies required under GDPR, including a custom-developed personal data protection policy, a register of processing activities and categories, a documented risk assessment methodology based on ENISA guidelines, and periodic risk evaluations.

End-to-End Data Protection

Your data is safe at every step. We follow the highest security standards to ensure its confidentiality and integrity.

System Design

01

We apply privacy by design and privacy by default in development processes to ensure safe and controlled software updates.

02

All workstations have antivirus software with auto-updates, and we manage vulnerabilities through patch management.

03

We conduct regular penetration testing by external auditors, along with internal IT security audits.

04

We separate production from testing and development environments, so personal data isn’t used outside production.

05

Users working in HRnest don’t have direct access to the core business logic or database layers.

06

User roles and permissions are strictly defined and managed. Read, write, update, and delete actions are granted per user or role – nothing extra, nothing loose.

We regularly test our systems and apps for data security. We update infrastructure, operating systems, and apps to fix vulnerabilities. Every IT change considers its impact on security.

The infrastructure, operating systems, and applications used for processing personal data are continuously updated to address existing vulnerabilities. When implementing changes in IT systems, security requirements are taken into account, and the impact of those changes on existing safeguards is assessed.

Login Security

  • Define password rules: minimum length, change frequency, and alerts.
  • Enable external logins with Microsoft or Google accounts, and enforce login via those methods.
  • Enforce two-factor authentication (2FA) for all users.

Backups and Disaster Recovery

  • Full backups of client databases are created every 24 hours, with incremental backups every 5 minutes.
  • The data recovery process is tested every two months to ensure reliability.
  • Clients can export their data and create their own backups at any time, with all backups stored separately from the main server.
Our website uses cookies

This website uses cookies so that we can provide you with the best possible service. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary cookies

Necessary cookies should always be enabled so that we can save your cookie settings preferences.

CookieDomainDescriptionDurationType
elementorhrnest.comThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change website content in real time.alwaysNecessary
moove_gdpr_popuphrnest.comThis cookie is used to remember your choices regarding cookie settings.1 yearNecessary
Statistical and marketing cookies

Enabling these cookies helps us improve our website.

CookieDomainDescriptionDurationType
_gcl_auhrnest.comStatistical and marketing Provided by Google Tag Manager to experiment with the advertising performance of sites using their services.e cookies3 monthsStatistics
test_cookiedoubleclick.netThe test_cookie file is set by doubleclick.net and is used to determine whether the user's browser supports cookies.15 minutesMarketing
_gahrnest.comThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for site analytics reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.14 monthsStatistics
_gidhrnest.comThe _gid cookie installed by Google Analytics stores information about how visitors use the website, while also creating an analytical report on the website's performance. Some of the data collected includes the number of visitors, their source, and the pages they visit anonymously.1 dayStatistics
_gat_UA-{id}hrnest.comA variation of the _gat cookie set by Google Analytics and Google Tag Manager to enable website owners to track visitor behavior and measure site performance. The pattern element in the name contains the unique identification number of the account or website to which it refers.1 minuteStatistics
_ga_{id}hrnest.comThis cookie is installed by Google Analytics.2 yearsStatistics
FPAUhrnest.comThis cookie is set by Facebook in order to display advertisements on Facebook or on a digital platform supported by Facebook Ads, after you have visited the website.3 monthsMarketing
_clckhrnest.comIt retains the user ID and Clarity preferences, unique to this website and assigned to the same user ID.1 yearStatistical
_clskhrnest.comIt combines multiple page views of the user into a single Clarity session recording.1 dayStatistical
_uetsidhrnest.comIt contains the session identifier for a unique session on the website. Note: Since July 2023, _uetsid has been updated with additional parameters as follows: Insights_sessionId, timestamp, page number, refresh, submit.1 dayMarketing
_uetvidhrnest.comUET assigns this unique, anonymous guest identifier representing a unique guest. UET stores this data in its own cookie file. Note: Since July 2023, _uetvid has been updated with additional parameters as follows: Insights_userId, cookieVersion, expiration time, consent, cookie creation time.One year rounded to the nearest full monthMarketing
Powered by  GDPR Cookie Compliance