Within the framework of the services and the services which we offer our customers, we identified the data we need:

• Authentication Data: email address. Password (for precise purposes such as the authentication)
• Directory Data: first name, last name, title, position (if need for organization chart). Location (if necessary). An ID interns.
• The Data summarized from the OFFICE 365 profile.  

All these data are collected for precise purposes, and are kept only for the duration required for the service, thus we define shelf-life according to our services:

• The user’s KPIs on the use of Worksy are kept 3 months and are then anonymized.
• All the user’s Data are deleted when the user is deleted.  

‍

Worksy: How do we respond to the GDPR? (the data used)

We implement the protection of personal Data from conception, by defining for example the collection and the conservation of the traces of consent. We also take into account the portability of the data by the possible export of the data users by our APIs. The users are notified that we use their personal data when they log in for the first time. We are therefore at your disposal “End User Licence Agreement.”

In accordance with the regulations, users can:

Modify personal data (directory) Make the request to export their personal data to worksy@worksy.co. Eventually, users can export their personal data themselves through Worksy. In accordance with the regulations, Worksy has planned various modules of purge to allow the controllers of data (the customer) to choose the type of suppression according to its own charter user: Deletion of all user data suppression Deletion of data from the directory, anonymization of other data (posts, KPIs, Gamification). Worksy: How do we respond to the GDPR ? (the data protection) To meet your challenges, we have defined a “security” framework: Anonymization of Data not necessary for treatments Enhanced access management (systematic and periodic reviews): sharing Privacy policy Audits of our subcontractors Surveillance and detection of possible weaknesses Deletion of personal data in accordance with European regulations Secure development taking into account good security practices and the protection of personal data (anonymous or fictitious test data) Implementation of processes with our customers for escalation or incidents Security certification process

‍

Worksy: How do we respond to the GDPR? (our commitments)

We process only the Data which are entrusted to us for precise and defined purposes

Our commitments:

We act on instruction of our customers. We guarantee the confidentiality and the integrity of the data. Our subcontractors are required to respect the obligations and instructions of our customers. We collaborate with our customers so that they can answer their obligations in particular in term of exercising the rights of concerned people or carrying out impact analysis. We ensure the security of entrusted Data. We are committed to implementing the reversibility of entrusted data. We formalize and give to our customers all the necessary documentation to demonstrate the respect for our obligations. We guarantee that the levels and access rights granted to Worksy employees depend on their position and role. The employees only have access to information that is essential to perform their duties. We will provide each client with a description of the purpose for the processing we do on personal Data: Authentication KPIs (Roadmap) Gamification (Roadmap) Machine learning. This description contains for each data: Storage life Recipients or categories of recipients.

‍

Worksy: The customer’s obligations with GDPR

The Worksy customers are responsible for controlling the personal data they provide to Worksy as part of their use of services. The Data controllers define the purpose of personal data and how it is processed. The Customers are responsible for the control of the data. They are responsible for putting in place appropriate technical and organizational measures to guarantee and prove that the data are processed according to the GDPR. Their obligations concern the principles of legality, fairness, transparency, restriction of purpose, minimization and accuracy of data as well as respect for the rights of the people concerned about their data.

‍

‍