From May 25, 2018, the General Data Protection Regulation (GDPR) has been in force across the European Union. This regulation sets strict standards on how companies collect, process, and store the personal data of individuals – including data of employees, customers, and partners.

At Samay, we are fully committed to complying with GDPR and ensuring that your personal data is processed lawfully, fairly, and transparently. We also support employers and organizations (i.e. data controllers) in fulfilling their GDPR responsibilities.

1. How We Store Your Data

Your data is safe with us.
We host our services on secure, industry-leading infrastructure (AWS®), which is fully compliant with recognized international standards, including:

  • GDPR

  • ISO 27001

  • SOC 1 and SOC 2

  • HIPAA

  • FedRAMP

2. Deleting Data and Limiting Processing

Under GDPR, you have the right to be forgotten.

  • If you wish, your personal data can be completely anonymized or deleted from our systems.

  • Where an account must remain active temporarily (e.g., for payroll settlement or compliance reasons), we can block access until it can be fully deleted.

3. Data Portability and Transfers

We make it easy to transfer your data.

  • You can export your information from Samay to Excel, HR & payroll software, calendars, and other applications.

  • Data transfers are carried out securely and in compliance with GDPR requirements.

4. Privacy & Cookies

Your privacy and comfort are our top priority.

  • Details on how we process personal data and the cookies we use are available in our Privacy Policy

5. Security Measures

We take data security seriously:

  • All data is encrypted and transmitted over 256-bit Secure Socket Layer (SSL) connections.

  • Backup copies of all databases are created every 24 hours.

  • Regular tests are performed to verify backup recovery and system resilience.