GDPR Controller and Processor Supplement
Last Updated: May 12, 2020
As noted in our Privacy Policies, Harvard Business Services, Inc. (the “Company,” we”, “us”) is both a data controller and a data processor under the EU General Data Protection Regulation. This Supplement on Processing Activities (“GDPR Supplement”) describes how the Company (physically located entirely in the U.S.) processes personal data under the GDPR. The Company recognizes that Article 30 of the GDPR imposes documentation requirements on data controllers and data processors. This GDPR Supplement describes how we comply with our obligations.
The Company is the data controller for the Website. For our contact information, see the section in our general Privacy Policies headed “How to Contact Us”.
Categories of Data Subjects
Categories of Personal Data
Purposes of Data Processing
The Company collects and processes personal data about Website users, persons with an account with the Company, and persons subscribed for our blog, podcasts, or other such materials for the following purposes:
Categories of Personal Data Recipients
The Company discloses personal data to the following categories of recipients, a very small number of which may be (but none are currently) located in third countries:
The Company may make limited personal data transfers subject to the second sub-paragraph of Article 49(1) which are necessary for the Company’s compelling legitimate interests. The Company will comply with all reporting, disclosure, and sufficient analysis requirements of such sub-paragraph.
Personal Data Retention Periods
Except as otherwise permitted or required by applicable law or regulation, the Company retains personal data for as long as necessary to fulfill the purposes the Company collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes.
To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for processing the personal data, whether the employer can fulfill the purposes of processing by other means, and any applicable legal requirements. The Company does not retain payment information (e.g., credit card numbers, checking account numbers, etc.) after the payment is processed; such information is securely destroyed immediately after payment processing is complete.
Generally, the Company maintains client records of details regarding our formation and registered agent services indefinitely. Other information is retained only for so long as there is a reason to retain it (e.g., blog and podcast info, questions put to our chatbot, or questions posed to or information collected by our sales and filing staff that do not result in a contract for services).
Technical and Organizational Security Measures
Changes to this Record of Processing Activities
Record of Processing Activities
This section describes how the Company processes personal data.
Data Processor Details:
Name: Harvard Business Services, Inc. (Data Processor)
Address: 16192 Coastal Highway, Lewes, DE 19958
Telephone Number: 1 (800) 345-2677
Categories of Processing
Since 1981, Harvard Business Services, Inc. has helped form 353,190 Delaware corporations and LLCs for people all over the world.
Harvard Business Services, Inc. guarantees your annual Delaware Registered Agent Fee will remain fixed at $50 per company, per year, for the life of your company.
Harvard can provide assistance throughout the life of your company. These custom services are the most popular with our clients: