Privacy is Paramount at Koru — What We’ve Done To Comply With GDPR

Koru has always taken data privacy very seriously.

Our clients regularly entrust us with confidential employment-related information. We understand that expectations are high. 

The General Data Protection Regulation (GDPR) goes into effect on March 25th, 2018. The GDPR clarifies and strengthens data protection and privacy for individuals within the European Union. In particular, it gives more control to citizens as the “data subject” and sets clear expectations for organizations as “data controllers” – our clients – and “data processors” — like Koru.

Koru is committed to complying with the requirements of GDPR across our services and has been working towards our compliance ahead of the May 25th effective date.

In preparation for GDPR, Koru conducted an assessment of our data privacy systems and processes and took several important actions that we’ve outlined below.


Koru’s Actions to Strengthen Privacy

1. Updated Privacy Policy

We have updated our privacy policy to be consistent with GDPR expectations and clarify our role as a processor for client data.

2. Data Processor Addendum for Customers

Under GDPR, Koru is a “data processor” and our customers are “data controllers.” We have drafted a Data Processor Addendum that defines the data usage and protections limitations on behalf of our data controller customers. Customers can work with their Koru account executive to review this addendum.

3. Data Subprocessor Addendum for Vendors

Koru relies on third-party vendors to support our technology infrastructure and deliver high-quality customer experiences. Examples of these vendors are Amazon Web Services for web hosting and Intercom for customer support. We are putting Data Subprocessor agreements in place with each of these vendors whose systems interact with personal data.


Koru’s work to protect personal data and to comply with GDPR and other privacy and cyber security laws will continue well beyond May 25th, 2018.

For additional questions on data privacy and GDPR, please contact us at



More from J

Leave a Reply