Compliance This policy is designed to ensure that all information held on individuals is properly handled in all cases. Work in wind Aps is the Data Controller and we are thereby responsible for the processing of data that we collect and store through our website or otherwise. We ensure that your data is processed according to any applicable law. Our contact information for any matters relating to this policy are:
Contact: Jannick Skytte
Address: Cortex park 26E 1.sal 5230 Odense M
Phone no.: 42444471
How we align with the GDPR requirements At Work in wind, we take data security and privacy very seriously. Our service is inherently secure and its architecture protect data, meeting strict security demands. Being a holder of personal information, security compliance has always been key and one of the core principles for the members of Work in wind. Already in the onboarding phase, we focus on the importance of respecting data security by training new employees in data protection. Moreover, we have formed a data protection task force to make sure that we are constantly updated on new data protection requirements and new potential ways of optimizing data security procedures. With the introduction of GDPR we have carefully made an action plan of how to accommodate our product, and the way we store data, to the new requirements. Furthermore, we have made a road map, making it transparent how we store and protect data.
We have gathered a list of all the personal information we collect through Work in wind, when creating a profile or otherwise when using the site:
- a. Name
c. Date of birth
d. Social security number
e. Email f. Employee ID
g. Profile picture/photo
h. Job position
j. Phone number
k. Bank account information
l. Signature m. Salary
n. Access control: passwords (hashed)
i. We log IP addresses and the activity belonging to that
ii. We log all user activity (jobs taken, ratings, etc.)
Where is the personal data stored?
- The data is stored in a secure database hosted by Unoero
- Profile pictures and other pictures (such as signatures) are stored at Unoero
- “Day to day” data is stored at Unoero.
Why do we store the data? We collect and store personal information about our users, so enable us to provide our service. Without storing personal information from our users, we would not be able to run our business. The whole flow of our platform builds on the information that our users provide us with. Dividing the different personal information into categories, we will explain the purpose of storing the specific data:
- a. Name
c. Date of birth d. Email
e. Profile picture/photo
f. Job position
h. Phone number
When a member applies for a job, the user company chooses the preferred member based on their profile (and thereby their qualifications). In order to make a well-founded decision, the user company has to be able to access the person’s resume; educational achievements, previous/current job positions, etc. Also, the age and profile picture are relevant in providing a complete presentation of the member. When notifying members about new job posts, and whether they have got a job, etc. it is necessary to notify them through email or text messages. Also, when a member gets hired for a job, the user companies require being able to reach the hired member, by phone or email, if necessary.
- i.Social security number
j. Employee ID
k. Bank account information
l. Signature m. Salary
Having completed a job, we are responsible of the payout of the salary. To execute this salary process we need to know ID’s, bank account information and salary information of the members. The purpose of storing this information, is therefore to fulfill our duties according to the employment contract with our users.
- n. Logging:
Members tend to report platform errors. In order to verify these claims, it is important that we can check with the logging history. Furthermore, we use the logging data for statistical purposes.
How long do we store the data? The data we collect, is stored by the time allowed by any applicable law, and we delete them when they are no longer necessary. The period depends on the nature of the data and the purpose for storage.
We can disclose or transfer your data, if we are obligated to do so by law. Transfer can also happen by request of a court or authority or to protect trademarks, rights or property. This entails exchange of information with other companies or organisations with the purpose of protection against fraud.
We use Data Processors and other service providers, who work on our behalf. Services can include server hosting and system maintenance, analysis, payment solutions, address- and solidity control, e-mail services etc. These collaborators can gain access to data in the extent that it-is necessary to deliver their services. Collaborators will be contractually obligated to process any data confidentially, and are not authorized to use, store or process data for any other purposes than what is described in their contractual relationship with us. We control and supervise, that our collaborators honor their commitments.
Should we transfer or disclose any data to a service provider or Data Processer outside of the EU, we guarantee that they meet and comply with any demands or requirements set forth by law for such transfers.
Your rights If you wish to gain access to your data, get them corrected or deleted or make any reservations towards our data processing, we will investigate whether or not this is possible according to any of our legal obligations, and get back to your request as soon as possible and no later than a month after we received your request.
You have the right to be informed, what data we have stored concerning you, where they are collected and what they are being used for. You can be informed about our retention periods, who receives data concerning you, in the extent that we disclose or transfer your data.
You can request to gain access to any data processed regarding your person. Access can be limited in cases where it can compromise other people’s privacy, trade secrets or intangible rights.
You have the right to correct any information that is no longer correct or current. If you become aware that any of the data that we store concerning you are incorrect, you have the right to get such information corrected or deleted.
You also have the right to object our processing of your data, or to our disclosure or transfer of your data for marketing purposes. You have the right to receive any data that we are prossecing regarding your person, this includes data collected directly from your or from other parties. In the event that you put in such a request, your data will be provided for you on a commonly used digital transportable format.
If our collection, storage or processing of your data should raise any concerns with you, you have the right to file a complaint with the Danish Data Protection Agency at firstname.lastname@example.org.
Our suppliers/Data Processors and how they align with the GDPR requirements: