Compliance & Data Protection

GDPR | SOC | ISO Compliance at Helpando

At Helpando, data protection, security, and compliance are core principles of how we operate. As a provider of professional data migrations, helpdesk migrations, and Zendesk migrations, we work with sensitive customer data on a daily basis and apply industry-standard safeguards to ensure confidentiality, integrity, and availability at all times.

Our internal processes and technical infrastructure are designed to align with the requirements of:

• GDPR (General Data Protection Regulation)
• SOC (Service Organization Controls) principles
• ISO 27001-aligned information security practices

GDPR Compliance

Helpando processes personal data in accordance with the General Data Protection Regulation (GDPR). As a provider of professional data migrations, helpdesk migrations, and Zendesk migrations, we may handle sensitive customer data strictly to deliver the agreed services.

We support our customers in meeting their obligations as data controllers and operate as a data processor where applicable.

• Personal data is processed lawfully, fairly, and transparently
• Data is collected only for specific, legitimate purposes
• We apply data minimization and purpose limitation principles
• We maintain appropriate safeguards to protect confidentiality and integrity
• We apply defined retention and deletion practices

Where required, we provide contractual safeguards such as Data Processing Agreements (DPA/AVV) and, when applicable, Standard Contractual Clauses (SCCs) for cross-border processing.

SOC-Aligned Controls

Helpando follows security and operational controls aligned with SOC (Service Organization Controls) principles to help ensure our services remain secure, reliable, and auditable. Our control approach includes:

• Role-based access control and least-privilege permissions
• Strong authentication and authorization mechanisms
• Security monitoring and event logging
• Change management and controlled deployments
• Incident response and escalation procedures

ISO 27001-Aligned Information Security Practices

Our information security practices are aligned with ISO 27001 concepts and include a risk-based approach to protecting systems and data. Key practices include:

• Documented security policies and internal procedures
• Secure infrastructure and network design
• Encryption of data in transit
• Key-based authentication (e.g., SSH keys) and secured remote access (e.g., VPN)
• Regular security reviews and internal assessments
• Controlled access to production environments

Data Processing for Data Migrations and Zendesk Migrations

To perform data migrations, including Zendesk migrations, we may process customer data strictly within the agreed project scope. Depending on the source and target systems, this may include:

• Temporary access credentials (API keys, tokens, service accounts)
• Helpdesk system metadata and configuration elements
• Ticket, user, and knowledge base records
• Attachments and comment history, where included in the migration scope

Access credentials are used exclusively to execute the migration, stored securely, and removed after completion in line with our retention and security practices.

Security and Infrastructure

Helpando applies industry-standard measures to protect customer data throughout our services, including:

• Encrypted connections (e.g., HTTPS)
• Secured administrative access and hardened environments
• Segregated access rights and least-privilege enforcement
• Logging and monitoring of system activity
• Backup and recovery measures appropriate to the service context

Where remote access is required for delivery, it is performed using secured, encrypted mechanisms and controlled authorization.

Data Subject Rights

In line with GDPR, individuals may have rights including access, correction, deletion, restriction of processing, objection, and data portability (where applicable).

Contractual and Legal Framework

Depending on the engagement, Helpando supports and uses appropriate contractual safeguards, which may include:

• Data Processing Agreements (DPA/AVV)
• Confidentiality Agreements (NDA)
• Service Level Agreements (SLA)
• Standard Contractual Clauses (SCCs), where applicable