Workteam (including its affiliates) (“Workteam”, “we”, “our” or the “Company”) respect the privacy of its Users and is committed to protect the personal information that its Users share with it. You have a right to know our practices regarding the information we may collect and use when you use the Workteam service.
Workteam is a cloud-based web platform that enables organizations to manage their team productivity, including their time off, coaching conversations with managers, company-related goals, work-based projects and feedback. (the “Service” or “Workteam”). The service also includes a Microsoft Teams app, which gives users partial access to the features of the web platform through the Microsoft Teams platform.
A User may be either an entity, for example an employer which has executed an agreement with Workteam or with Workteam’s resellers or distributors who provide Workteam’s services (“Customer”) or a Customer’s users for example a Customer’s employees, of the Services (“End User(s)“) (Customer and End User shall collectively be referred to as “Users” or “you“).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of EU data protection law, (the “Data Protection Law“), the data controller is the Customer who makes available and permits End Users to access and use the Service or anyone on its behalf (the “Controller”).
Data we collect about you from your use of the Service
The first type of Data is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected Non- Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Service. Non-personal Information which is being gathered consists of technical information which may include, the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, time zone setting, the User’s ‘click-stream’ on the website, the period of time the User visited the website and methods used to browse away from a page.
Data you give us
The second type of Data is individually identifiable information (“Personal Information”).
This information may identify an individual. It may be of a private and/or sensitive nature.
Personal Information which is being gathered consists of any personal details provided consciously and voluntarily by a Customer, End User or the Customer’s administrator or through your use of the Workteam platform. This may include your name (first and last), nickname, nationality, job title, phone number(s), date you first started working for your employer, department you work in, employee ID/ national security number, address, country, city, postcode, gender and birth date, your bank account details (bank name, account number, account type SWIFT code, IBAN code, sort code, branch address), details regarding your salary and work (pay period, payment frequency, base salary, gross salary, overtime, bonuses, commissions, statutory payments such as sick, maternity/paternity leave, salary payment currency, tax code, emergency contact details, vacation dates and other time off dates, termination date, termination reason, probation end date, status in the system and in the workplace.
We will never sell your Personal Information to third parties. (for more information see the Section titled: “Sharing Data gathered through Workteam with third parties”).
You do not have any legal obligation to provide any information to Workteam however, we require certain information in order to provide the Services. If you choose not to provide us with certain information we may not be able to provide you with the Services. Login credentials (email address) are required to have the Workteam system work properly. We may keep such Personal Information in a database. This information will be owned and controlled by the Controller.
Workteam may also collect the email addresses of people who communicate with Workteam via email or via messenger services or create accounts and login credentials.
By registering for a trial account on Workteam’s general web site, Workteam will collect your name, company name, phone number and company email you provided. Workteam may use this information to offer Workteam’s services and support.
Workteam may not be aware of the nature of the information collected through the Services. Such information may include Personal Information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Information “).
How We Collect Information On Users
There are two main methods we use:
We collect Non-Personal Information through your use of our Service. In other words, when you are using the Service we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services.
We collect Personal Information which you provide us voluntarily. We collect Personal Information required to operate the Service when you or the Customer’s administrator registers and opens an account. In addition, we collect your Personal Information, which may be considered as personally identifiable, whether you provide us such information by entering it manually or via a Customer. We also collect Personal Information entered voluntarily by a Customer administrator.
Why We Collect This Information
We will use this Data only to provide the Services including:
- carrying out our obligations arising from any contracts entered into between you and Workteam and/or any contracts entered into between a Customer and Workteam and to provide you with the information, products and Services that you request from Workteam;
- administering your account with Workteam;
- verifying and carrying out financial transactions in relation to payments you make in connection with the Service;
- notifying you about changes to our Service;
- contacting you for the purpose of providing you with technical assistance and other related information about the Service;
- replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Sharing Data Gathered Through Workteam With Third Parties
We may share your data in a limited fashion with selected third parties. Our selected third parties may include:
- business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analysing data, providing IT and other support services or in other tasks, from time to time. These third parties will only use your information to the extent necessary to perform their functions;
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy (this will not identify you as an individual) and data processors who process your personal data on our behalf and in accordance with our instructions and applicable data protection law.
A full list can be seen below:
- Amazon, Infrastructure and backups, https://aws.amazon.com/privacy/
- IBM Compose (https://www.ibm.com/cloud/compose)
- Mailgun (https://www.mailgun.com/)
- Stripe, Payment (Credit Cards), https://stripe.com/us/privacy/
- TawkTo, Customer support platform, https://www.tawk.to
- Mailchimp, communication emails, https://mailchimp.com/legal/privacy/
- Google analytics, General statistics, https://www.google.com/intl/en/policies/privacy/
We may disclose your personal information to a third party if all or substantially all of Workteam’s assets are acquired by such third party.
Where We Store Your Data
The Data we collect is hosted in IBM Compose storage and on the Amazon Cloud in US East. We use other sub-processors to help us process your data. Some or all of your data may be exported outside the EU. The following is a list of such sub-processors, along with an explanation of how we ensure your data is protected to the level required by the GDPR.
|Amazon Web Services Inc
410 Terry Avenue North
Seattle, WA 98109-5210
|Provider of file storage and encryption services to Workteam. Storage is located in US East. They provide adequate GDPR data protection through standard EU Data Commision-approved model clauses and participate in the EU-US Privacy shield.|
|Stripe Payments Europe
C/o A&l Goodbody, Ifsc,
North Wall Quay,
Dublin 1, 662880
|Payment provider to Workteam, processing credit card and billing information. Storage is located in US. They provide adequate data protection through the EU Privacy Shield.|
IBM Technology Campus,
Damastown Industrial Estate,
Dublin 15, Ireland
|Provider of data storage, hosting the Workteam data store. Storage is located in US East. They provide adequate GDPR data protection through standard EU Data Commission-approved model clauses and participate in the EU-US Privacy shield.|
|Meteor Development Group
140 10th Street,
CA 94103. USA
|Application host for Workteam. Processing is based in US. They provide adequate data protection through the EU-US Privacy Shield.|
|Mailgun Technologies Inc
535 Mission St,
CA 94105. USA
|A mail sending sub-processor for Workteam in-app email notifications. Processing is based in US. They provide adequate data protection through the EU-US Privacy Shield.|
The Rocket Science Group
675 Ponce de Leon Ave NE, Suite 5000
GA 30308. USA
|A mailing list sub-processor for Workteam. Processing is based in US. They provide adequate data protection through the EU Privacy Shield.|
Modification or Deletion of Personal Information Gathered Through Workteam
Data stored through Workteam is inherently dynamic and may contain errors and omissions. If for any reason you wish to modify your Personal Information you may do so through Workteam by editing the relevant data that needs to be modified. Please note that certain data cannot be edited without the Controller’s consent such as data related to your engagement with your employer (job title, start date, salary related details, work status and termination etc.). In order to delete your Personal Information completely please contact the Controller.
Workteam is a mere processor of data and is not the data owner or Controller. As such Workteam may not be able to delete your information without Controller’s authorization.
End Users may have a legal right under certain applicable laws (for instance if the End User is an E.U. citizen) to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes.
If, for any reason, an End User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (e.g. Workteam’s Customer, your employer). The Controller shall perform the necessary process to identify the End User as an End User who has the right to retrieve the specific information and then make the appropriate change/retrieval.
For any request or question regarding deletion or amendment of User data, please contact us at email@example.com.
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Workteam shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Workteam’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreement).
Workteam will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Workteam is backed up for system continuity purposes and each backup file may be stored for up to 90 days.
After a request from the Controller to delete any data or a deletion of data from the Workteam interface, the data will either be permanently deleted or marked as deleted. Any data that is not permanently deleted shall be kept in an anonymized manner. When an organization account is closed the account and all its data will be permanently deleted after 60 days of closure. Upon termination (but not deletion) of an employee, Workteam will flag to the Customer the appropriate time to anonymize the data, according to the Customer’s retention policy setting, as defined in the Workteam interface.
Workteam collects and retains metadata and statistical information concerning the use of the Service which are not subject to the deletion procedures in this policy and may be retained by Workteam for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.
Customer may retain Personal Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer.
Cookies & local storage
When you access or use the Service, Company may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The cookies used by the Service are created per session and do not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Service may be limited.
- Strictly necessary cookies. These are cookies that are required for the operation of our Site and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Service.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Site. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your choice of language or region).
The effect of disabling cookies depends on which cookies you disable but, in general, the Service may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to use our Services.
Security and storage of information
We take a great care in implementing, enforcing and maintaining the security of the Service, and our Users’ Personal Information. Workteam implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis.
The Personal Information is hosted on IBM Compose Servers and on the Amazon Cloud in US East, which provides advanced security features and is compliant with ISO 27001 standard, among other certifications, as listed here: https://aws.amazon.com/compliance/. All Personal Information is stored with logical separation from information of other customers. However, we do not guarantee that unauthorized access will never occur.
Workteam shall act in accordance with its policies to promptly notify Customer in the event that we discover that any personal data processed by Workteam on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Workteam undertakes to co-operate with Customer in investigating and remedying any such security breach. If any security breach involves Personal Information, Workteam shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 16 to register for the Workteam Service. If you are under 16, do not register or attempt to register for the Workteam Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Information or Personal Data from a child under the age of 16, we reserve the right to delete that Personal Information or Personal Data as soon as reasonably practicable without any liability to Workteam from any User. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: firstname.lastname@example.org as soon as possible.
Questions, contact information and complaints