Published, 21st November 2023
Workability AS, we value your privacy.
In providing you with access to Workability AS’s products, services, and websites (including, but not limited to, www.workability.app, www.workability.no ), Workability AS collects and uses certain information about you. This Privacy Policy is meant to help you understand what information is collected from you, how we use it, and how you can protect your privacy rights.
Workability AS process your personal data in three main contexts.
Workability website – stands as a controller and determine the usage and process according to legitimate interest and goals determined in this Policy
Workability SaaS – gathers and process information regarding your employment for your employee. On this behalf Workability AS stands as a processor and controller. As a controller we determine how we would use the data for providing Services. You Employer(Client) stands as controller, as far as they determine how to use the data the get from the platform. Regarding data processing on Client side please contact you Employer responsible person.
Workability AS, org. no. 926624636 (“we”, “us”) is the controller of personal data processed when you use the Services.
At a glance, this Privacy Policy contains the following information:
What information we collect.
How we collect your information.
How we use your information.
How long we store information.
What information we share.
What rights and choices you have in relation to your information.
What security measures we have in place to protect your information.
This is important to us, so we hope you take the time to read and review it carefully.
“Account” refers as a service account in out Services.
”Services” refers as a solution regarding managing the workspace by the Client.
”Client” refers as a Employer that signed a contract for the Service.
”User” refers as a Employee of the Client
“Cookies Policy” refers to the most recent version of our Cookies Policy
For proper use of the platform we would use technologies like cookies. All the related information about Cookies can be found in our Cookie Policy. When we collect the data prior to login this data is related to functional cookies, remembering your consent. All gathered information won’t be linked to you as a person unless you log in to the Service.
We gather and process and gather the following information:
Name
Contact details
Company address/invoice address
Information about the customer relationship
Your specified preferences, notifications and communication settings
Login information
Your communication with us
Other information you may provide us with
To provide and administer our services to you. The legal basis for this is GDPR article 6b (necessary to enter into and fulfill an agreement).
To improve and further develop our services. The legal basis for this is GDPR article 6f (necessary to fulfill our legitimate interest in product development and innovation). Where practicable, we will use anonymized data for this purpose.
To send or show you newsletters, event invitations and marketing for our services corresponding to those on which our customer relationship is based. The legal basis for this is GDPR article 6f (necessary to fulfill our legitimate interest in communicating about our products and offers). We will be able to customize such marketing to your choices and our knowledge of you, unless you have asked us to receive only general, non-customized marketing. Also you have the right to unsubscribe from receiving letters or opt out your consent.
We may share information in different ways prior receiving consent from you.
We may also use you personal information in our marketing researches or for proposing you additional services based on your previous purchases on out platform. After receiving your consent.
If you are a user at Workability, we need to process information about you to assess your status. Workability AS uses the portal to manage submitted users.
Information about you can either come to us by you submitting yourself or by us entering contact information about you based on the fact that you have been recommended or manually added to an existing customer (you will then be notified by email, and will be able to consent to or decline further processing).
In order to assess submitted information, conduct interviews and your documentation, the legal basis for processing is Article 6(1)(b) of the GDPR. This provision allows us to process personal data when it is necessary to take action on users’ requests before the case is closed. In other cases, our legal basis for processing is Article 6(1)(a) of the GDPR, i.e. your explicit consent, cf. Article 9(2)(a).
If we conduct our own investigations beyond this, for example to contact someone who has issued a certificate, or to add contact information about you to the system on the basis of a recommendation or to an existing process, the legal basis for such investigations is Article 6(1)(f) of the GDPR, which allows us to process data that is necessary to safeguard a legitimate interest that overrides the interests or fundamental rights and freedoms of the individual. The legitimate interest is to find a good solution for users.
User information is stored in our system. We store information about you for up to 36 months, unless you request that your information be deleted sooner.
We store your personal data for as long as necessary to fulfil the purposes for which it was collected.
Our criteria for determining how long we keep your data are:
The length of your customer relationship with us. We will typically store all data for the duration of your customer relationship, and contact details and information about your customer relationship for up to five years thereafter.
Statutory storage obligations. For example, we will store transaction information and supporting documentation in accordance with the Bookkeeping Act.
We may store and use anonymized data regardless of the above storage/deletion criteria.
You can ask us to delete your personal data at any time. You can do this by contacting our customer centre or via the deletion functionality in the individual service.
We do not share information about you with unrelated third parties.
We have contracts with other 3rd party services for providing us functionality needed. We share only information that only needed for proper functioning of our Services to them and any additional information that you might submit to or through them. We are not sharing or using your personal information in scopes that re not described in this Privacy Policy
We process data about you with our subcontractors to the extent necessary for them to provide their services to us. We have data processing agreements with such subcontractors to ensure proper processing of the data.
You have several rights under the data protection regulations. An overview of these is provided below. Please contact us if you wish to exercise your rights. We will respond to your enquiry as soon as possible, typically within one month at the latest. Please note that certain conditions and exceptions to these rights apply.
Access: You have the right to access the personal data we have registered about you.
Rectification or erasure: You have the right to ask us to correct inaccurate information about you and to ask us to delete personal data about you.
Restriction: You have the right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you believe that we are processing personal data about you unlawfully and you do not want us to erase it in accordance with our erasure policy until this is clarified.
Data portability: Where we process your data on the basis of consent or agreement, you have the right to request the transfer of your personal data in a commonly used, machine-readable format.
Objection: You have the right to object to our processing of your personal data if your particular situation warrants it. You may also object to us using your personal data for marketing purposes, which you can do by using the link included in each email.
Complaint to the Norwegian Data Protection Authority: If you believe that we have not complied with your rights under the Personal Data Act, you have the right to complain to the Norwegian Data Protection Authority. We would appreciate it if you contact us first so that we can clarify any misunderstandings.
Workability AS develops, implements, and maintains a comprehensive security program designed to protect its networks and to safeguard the information it collects and stores. Workability AS protects information both online and off-line. Below are some of the many measures that Workability AS implements:
Transmission of information, including any payment information, is encrypted and protected using TLS/SSL technology.
Stored customer information is kept in a secure environment where access is restricted to employees who need the information to perform a specific job (for example, billing administration or the development team).
Employees are required to use password-protected screen-savers and keep their computers up-to-date.
Implementing detection and prevention controls to guard against malicious software and intrusions.
We provide as much as possible security regarding you account security including password requirements and multi-factor authentication
Database and data is encrypted at rest. User’s and Client’s PIIs are pseudonymised.
We will update our privacy policy when necessary. You will always find the latest version of our privacy policy on our website.
Phone: 416 68 505
E-mail: erlend@workability.no
If you have any questions about how we handle your privacy or about this privacy policy, please contact our data protection officer at erlend@workability.no or send mail to: Workability AS, Marielund 14, 9006 Tromsø, Norway.
Workability is helping leaders tackle modern workplace challenges
Email: contact@workability.no
Phone: +47 416 68 505
ORG no.: 926 624 636
Workability AS | 926 624 636 | Marielund 14, 2006 Tromsø, Norway