GDPR Compliance
MigiHub is a software-as-a-service platform developed and owned by InnuCloud Experts Inc. (the "Company"), located at 2020 Trans-Canada Hwy, Dorval, Quebec H9P 2N4, Canada. We design, build, and operate MigiHub to meet the requirements of the EU General Data Protection Regulation (GDPR) and to support our customers' compliance programs.
Our role under GDPR
- Processor: For customer content entered into MigiHub (e.g., end-user records, assignments, logs), InnuCloud Experts Inc. acts as a data processor; our customers (the organizations that subscribe to MigiHub) act as data controllers.
- Controller: For our own website analytics, billing, and account administration data, we act as a data controller.
A GDPR-compliant Data Processing Addendum (DPA) with Standard Contractual Clauses (SCCs) is available for all customers and is incorporated into agreements upon execution.
Lawful basis & purposes of processing
When we process personal data as a processor, we do so only on documented instructions from the controller, for purposes such as providing, securing, maintaining, and improving the MigiHub service; supporting users; and meeting legal obligations.
International data transfers
Where personal data is transferred outside the EEA/UK (for example, to Canada or other jurisdictions), we implement European Commission-approved SCCs, conduct transfer impact assessments, and apply layered technical and organizational safeguards.
Security by design
MigiHub is engineered with multiple layers of administrative, technical, and organizational controls, including:
- Encryption in transit (HTTPS/TLS) and encryption at rest
- Single Sign-On (SSO) support and strong password policies
- Role-based permissions and auditability of access to sensitive data
- Backups and recovery procedures
- Security patching and vulnerability monitoring on the server side
Data subject rights
We provide tooling and support to help controllers satisfy data subject requests under GDPR, including: access, rectification, erasure, restriction, portability, and objection. Where requests are sent to us directly, we promptly notify and cooperate with the relevant controller.
Sub-processors
We maintain a vetted list of sub-processors who assist in delivering MigiHub (e.g., hosting, communications). Each sub-processor is bound by written terms that impose GDPR-grade protections. We provide prior notice of any new sub-processor and allow customers to object where required.
Data retention & deletion
We retain customer personal data only for as long as necessary to provide the service or as directed by the controller. Upon contract termination or on request, we delete or return personal data in accordance with the DPA and our retention schedules.
Incident response
We operate security monitoring, maintain incident response runbooks, and will notify controllers without undue delay after becoming aware of a personal-data breach, sharing relevant details to support assessment and notification duties.
Governance & accountability
We maintain records of processing activities, apply privacy-by-design principles in our product lifecycle, and periodically review our controls. Our commercial terms and service posture align with common SaaS norms around license scope, acceptable use, uptime, and support.
Contact & EU representative
Data Protection Contact (InnuCloud Experts Inc.)
2020 Trans-Canada Hwy, Dorval, Quebec H9P 2N4, Canada
Email: [email protected]
If you require an EU/UK representative point of contact, we can designate one contractually upon request.
Next step
Review and sign the MigiHub Data Processing Addendum (DPA) to formalize processor obligations (including SCCs), then configure your tenant's security settings (SSO, roles/permissions, retention) to match your internal policies. Our team will support you through enablement and due diligence.
