Published, 21st November 2023
Workability AS, we value your privacy.
Workability AS process your personal data in three main contexts.
Workability website – stands as a controller and determine the usage and process according to legitimate interest and goals determined in this Policy
Workability SaaS – gathers and process information regarding your employment for your employee. On this behalf Workability AS stands as a processor and controller. As a controller we determine how we would use the data for providing Services. You Employer(Client) stands as controller, as far as they determine how to use the data the get from the platform. Regarding data processing on Client side please contact you Employer responsible person.
Workability AS, org. no. 926624636 (“we”, “us”) is the controller of personal data processed when you use the Services.
What information we collect.
How we collect your information.
How we use your information.
How long we store information.
What information we share.
What rights and choices you have in relation to your information.
What security measures we have in place to protect your information.
This is important to us, so we hope you take the time to read and review it carefully.
“Account” refers as a service account in out Services.
”Services” refers as a solution regarding managing the workspace by the Client.
”Client” refers as a Employer that signed a contract for the Service.
”User” refers as a Employee of the Client
“Cookies Policy” refers to the most recent version of our Cookies Policy
We gather and process and gather the following information:
Company address/invoice address
Information about the customer relationship
Your specified preferences, notifications and communication settings
Your communication with us
Other information you may provide us with
To provide and administer our services to you. The legal basis for this is GDPR article 6b (necessary to enter into and fulfill an agreement).
To improve and further develop our services. The legal basis for this is GDPR article 6f (necessary to fulfill our legitimate interest in product development and innovation). Where practicable, we will use anonymized data for this purpose.
To send or show you newsletters, event invitations and marketing for our services corresponding to those on which our customer relationship is based. The legal basis for this is GDPR article 6f (necessary to fulfill our legitimate interest in communicating about our products and offers). We will be able to customize such marketing to your choices and our knowledge of you, unless you have asked us to receive only general, non-customized marketing. Also you have the right to unsubscribe from receiving letters or opt out your consent.
We may share information in different ways prior receiving consent from you.
We may also use you personal information in our marketing researches or for proposing you additional services based on your previous purchases on out platform. After receiving your consent.
If you are a user at Workability, we need to process information about you to assess your status. Workability AS uses the portal to manage submitted users.
Information about you can either come to us by you submitting yourself or by us entering contact information about you based on the fact that you have been recommended or manually added to an existing customer (you will then be notified by email, and will be able to consent to or decline further processing).
In order to assess submitted information, conduct interviews and your documentation, the legal basis for processing is Article 6(1)(b) of the GDPR. This provision allows us to process personal data when it is necessary to take action on users’ requests before the case is closed. In other cases, our legal basis for processing is Article 6(1)(a) of the GDPR, i.e. your explicit consent, cf. Article 9(2)(a).
If we conduct our own investigations beyond this, for example to contact someone who has issued a certificate, or to add contact information about you to the system on the basis of a recommendation or to an existing process, the legal basis for such investigations is Article 6(1)(f) of the GDPR, which allows us to process data that is necessary to safeguard a legitimate interest that overrides the interests or fundamental rights and freedoms of the individual. The legitimate interest is to find a good solution for users.
User information is stored in our system. We store information about you for up to 36 months, unless you request that your information be deleted sooner.
We store your personal data for as long as necessary to fulfil the purposes for which it was collected.
Our criteria for determining how long we keep your data are:
The length of your customer relationship with us. We will typically store all data for the duration of your customer relationship, and contact details and information about your customer relationship for up to five years thereafter.
Statutory storage obligations. For example, we will store transaction information and supporting documentation in accordance with the Bookkeeping Act.
We may store and use anonymized data regardless of the above storage/deletion criteria.
You can ask us to delete your personal data at any time. You can do this by contacting our customer centre or via the deletion functionality in the individual service.
We do not share information about you with unrelated third parties.
We process data about you with our subcontractors to the extent necessary for them to provide their services to us. We have data processing agreements with such subcontractors to ensure proper processing of the data.
You have several rights under the data protection regulations. An overview of these is provided below. Please contact us if you wish to exercise your rights. We will respond to your enquiry as soon as possible, typically within one month at the latest. Please note that certain conditions and exceptions to these rights apply.
Access: You have the right to access the personal data we have registered about you.
Rectification or erasure: You have the right to ask us to correct inaccurate information about you and to ask us to delete personal data about you.
Restriction: You have the right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you believe that we are processing personal data about you unlawfully and you do not want us to erase it in accordance with our erasure policy until this is clarified.
Data portability: Where we process your data on the basis of consent or agreement, you have the right to request the transfer of your personal data in a commonly used, machine-readable format.
Objection: You have the right to object to our processing of your personal data if your particular situation warrants it. You may also object to us using your personal data for marketing purposes, which you can do by using the link included in each email.
Complaint to the Norwegian Data Protection Authority: If you believe that we have not complied with your rights under the Personal Data Act, you have the right to complain to the Norwegian Data Protection Authority. We would appreciate it if you contact us first so that we can clarify any misunderstandings.
Workability AS develops, implements, and maintains a comprehensive security program designed to protect its networks and to safeguard the information it collects and stores. Workability AS protects information both online and off-line. Below are some of the many measures that Workability AS implements:
Transmission of information, including any payment information, is encrypted and protected using TLS/SSL technology.
Stored customer information is kept in a secure environment where access is restricted to employees who need the information to perform a specific job (for example, billing administration or the development team).
Employees are required to use password-protected screen-savers and keep their computers up-to-date.
Implementing detection and prevention controls to guard against malicious software and intrusions.
We provide as much as possible security regarding you account security including password requirements and multi-factor authentication
Database and data is encrypted at rest. User’s and Client’s PIIs are pseudonymised.
Phone: 416 68 505