Softworks respect your right to privacy.
- Softworks and Softworks employees have an inherent responsibility to protect the physical information assets of the company as well as confidential customer data and intellectual capital owned by the company. These critical assets must be safeguarded to mitigate any potential impacts to Softworks and Softworks customers. Information Security at Softworks is, therefore, a critical business function that is incorporated into all aspects of Softworks business practices and operations
- This document details the information Softworks collect relating to our roles as a data processor for potential and current clients.
- This notice applies to Softworks website / Softworks hosted solutions / Softworks on premise solutions.
If you have any questions on this policy please contact firstname.lastname@example.org
Softworks helps companies streamline processes, increase productivity and reduce costs through improved management, scheduling and utilisation of labour resources. Softworks offer reliable, proven, easy to use and intuitive solutions for Time & Attendance/Flexitime, Labour Scheduling/Rostering, HR and Absence Management allowing both private and public organisations to better ensure compliance, reduce errors, eliminate redundancies and improve reporting while promoting a safe, positive working environment for all employees.
What information do we collect?
- Softworks website collects data when visitors access certain areas of our sites such as Customer area, Chat, White Paper reports or brochures etc. Softworks are a controller for this information.
- Softworks collect some marketing information via the third party tool Hubspot. This would include; name, organisation name, job title, email address and phone number. Softworks do not share this information outside of Softworks marketing and sales teams.
- Softworks workforce management solutions do not collect any data for Softworks, any data added to a Softworks system is by and for the client and their staffís usage and as such the client retains control of the information as the data controller and Softworks are a data processor for the client.
- As a data processor Softworks follow the following processes when dealing with client data. Where possible client data is anonymised to ensure subjects anonymity. If the data has been provided for a specific task it is logged upon receipt. Stored in a secure location. Access is on a least privilege basis and it is securely destroyed once the task has been completed.
How do we use personal information?
- account set up and administration
- delivering marketing and events communication
- providing workforce management solutions
- meeting internal audit requirements
What legal basis do we have for processing your personal data?
- Contract – Where Softworks is a data processor on behalf of a client, the client has retained our services on a contractual basis to provide a solution for their company and staff.
- Legitimate interests – In the case of marketing information that a client or potential client may receive we send this information on the basis of legitimate interest. Please email email@example.com if you wish to be removed. You can also unsubscribe at any stage by clicking on the unsubscribe link that is included on all marketing emails.
When do we share personal data?
Softworks treat data provided by clients as private between Softworks and the data subject. We will not share it with any third parties except to allow us provide our services.
- Personal information gathered via Softworks website is not shared with 3rd parties except where a service is used to allow us communicate with the data subject, e.g mailshot via Hubspot. Any third parties used by Softworks have been reviewed and confirmed to have the correct GDPR policies in place to protect the information provided.
- Softworks use secure processes and technology to ensure the protection of data provided. This includes encryption, anonymization, SSL as well as secure file transfer.
Where do we store and process personal data?
Softworks store and process all data provided by clients within the EEA.
Where Softworks marketing department use the third-party software Hubspot, Hubspot’s current Data Processing Agreement applies. For full details please see https://legal.hubspot.com/dpa
How do we secure personal data?
Softworks follow two policies in relation to GDPR. Softworks data protection and Softworks data security policies. These policies detail how Softworks staff interact with both Softworks and Softworks client data. We work with a least privilege methodology.
- Intake procedures for the traceability, access and destruction of all data received by Softworks.
- Softworks use Watchguard and Cisco firewalls on all network boundaries. Softworks use virus scanning software on all Softworks equipment. Softworks perform annual penetration tests of our infrastructure and software application as well as weekly vulnerability scanning of internet facing equipment.
- Access to data is managed via Active Directory to ensure only authorised users have access.
- Softworks conduct privacy impact assessments when implementing any changes to our processes or when adding new ones.
- The Softworks training team provide regular training to all Softworks staff on their roles and responsibilities in relation to GDPR.
- Softworks manage third party risks, through use of contracts and security reviews.
How long do we keep your personal data for?
Softworks website information is held for as long as the task it was supplied for is valid. Softworks hosted solutions hold client data for the period of the client’s contract with Softworks. Where client information is provided directly to Softworks for the implementation or support of a system it is held for the purpose given and anonymised or destroyed afterwards.
Your rights in relation to personal data
Where information is gathered via the Softworks website and Softworks is the data controller the data subject has the following rights and can apply them by contacting firstname.lastname@example.org
- Access to personal information held by Softworks.
- Correction and deletion of this data.
- The withdrawal of consent.
- Softworks will provide the information held by Softworks if requested to do so by the data subject per data portability restriction of processing and objection. In cases where Softworks are acting as a data processor for the data controller Softworks will refer the data subject to the data controller.
- Lodging a complaint with the Data Protection Commission / Information Commissioner’s Office if a situation arises that requires they be notified.
Where personal information is gathered by a Softworks client for an on premise or hosted Softworks solution, Softworks will direct the data subject to contact the appropriate contact in the data controller’s organisation as per our controller / processor GDPR contract or contract addendum.
Data subjects in this case should contact email@example.com for assistance.
Where Softworks must verify a data subject’s identity we may ask that an email be sent from the address that was registered via the Softworks website.
Linking to other websites / third party content
Softworks accept no liability for the contents of any websites linked to from the Softworks website.