Workio Ltd (Company number 11003951) (Workio, we, us or our) provides the products and services offered on the Workio website and/or mobile application and/or other applications www.workio.co (Platform).
For the purposes of the Data Protection Act 1998 and General Data Protection (Regulation), which entered into effect on the 25th of May 2018, we are the data controller.
We have adopted this policy to ensure that we have standards in place to protect the data that we collect about you that is necessary and incidental to:
By publishing this policy, we aim to make it easy for our users, customers and the public to understand what data we collect and store, why we do so, how we receive and/or obtain that information and the rights you have with respect to your data in our possession.
We handle data in our own right and also for and on behalf of our customers and users.
Our policy does not apply to information we collect about organisations or companies, however, it does apply to information about the people in those organisations or companies which we store.
The policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
If at any time, you provide data or other information about someone other than yourself, you warrant that you have that person’s consent to provide such information for the purpose specified.
In the course of business, it is necessary for us to collect data. This information allows us to identify who you are for the purposes of our business, share data when asked of us, contact you in the ordinary course of business and transact with you. Without limitation, the type of information we may collect is:
Device Information. We collect device-specific information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, unique device identifiers, browser type, and language; and information you send us. We may collect any personal correspondence that you send us, or that is sent to us by others about your activities.
We may collect other data about you, which we will maintain in accordance with this policy.
We may also collect anonymous non-data about you such as information regarding your computer, network and browser (including an IP address).
Most information will be collected in association with an individual’s use of Workio, our products and services, an enquiry about Workio, or generally dealing with us. However, we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, employees, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of their data being collected, in particular by third parties.
The data that we collect from you will be stored in the European Economic Area (EEA), but may be transferred to, and stored at, a destination outside the EEA, with and by third parties.
Data may also be processed by third parties and/or staff operating outside the EEA who work for us or for one of our third-party partners. Such staff may be engaged in, among other things, the fulfilment of our services to you, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.
In order to provide anonymised benchmarking data in the future, data we collect from you will be retained in aggregated form at the organisational, team or department and demographic levels by Workio indefinitely.
Survey data from individuals will be deleted after five years.
We will only use any data for the purpose for which it was collected, except with your permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
The information in the reports and analysis we provide to Workio client organisations is never personal and you will never be identifiable from them.
We may share these statistical and anonymised reports with third parties including non-Workio companies; and/or as required or permitted by any law (including the Act).
If you publicly post about Workio, or communicate directly with us, on a social media website, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customers services requests you may have and to monitor and influence public opinion of Workio.
It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business, such as for processing activities like website hosting, data storage, data analytics and payment processing.
We will not disclose or sell an individual’s data to unrelated third parties under any circumstances unless we employ other companies to perform tasks on our behalf and we need to share your information with them to provide products and services to you.
There are some circumstances in which we must disclose an individual’s information:
If the Company gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.
We may share an individual’s information with third party service providers in connection with the provision of Workio and related services to you, and otherwise operating our business, marketing and promoting our products and services. We may link your account with a third party to our services to enable certain functionality, which allows us to obtain information from those accounts.
For example, we may share an individual’s information as follows:
These service providers may be located or have facilities that are located a different jurisdiction (including outside the EEA), in which case your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
You may opt to not have us collect your data and communicate with you at certain times.
If you believe that you have received information from us that you did not opt-in to receive, you should contact us on the details provided at the bottom of this page.
We will take all reasonable precautions to protect your data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
Examples of such precautions include:
The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
Privacy or security practices of any third party (including third parties that we are permitted to disclose your data to in accordance with this policy or any applicable laws) may be subject to separate privacy and security policies than that of Workio’s.
If you suspect any misuse or loss of, or unauthorised access to, your data, you should let us know immediately.
We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
Current regulation gives you the right to request from us the data that we have about you.
We try to anonymise employee data as much as possible, so if we provide a non-email login mechanism you may need to note a unique identifier related to your survey response for future use in requests to update or remove data about you.
Candidate data is not anonymised due to the nature of the Workio product, so candidate survey responses can be removed by the candidate on request from the candidate.
We will correct any errors in the data we hold on you within one month of receiving written notice from you about these errors.
We may charge an you a reasonable fee for our costs incurred in meeting any of your requests to disclose the data we hold on you, if such a request is manifestly unfounded or excessive. We reserve the right to clarify the specific information your request relates to.
Information will be provided within one month of receipt of the request.
You have the right to request that information held on you by Workio is erased, where there are no additional legal and/or regulatory requirements for Workio doing so. However, if we are unable to identify which data relates to you because you have utilised our non-email-related login mechanism in the employee survey, then we will be unable to remove the data you provided from our systems.
You have the right to object to:
After 25th May 2018, you will be able to adjust your contact preferences at any time by contacting us through the Workio website.
You can choose how you would like to receive marketing and other non-business critical communications.
Any changes made to these contact preferences can take up to 72 hours to come into effect.
If you have a complaint about our handling of your data, you should address this complaint in writing to the details provided at the bottom of this page.
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the General Data Protection Regulation.
If you lodge a dispute regarding your data, we both must first attempt to resolve the issue directly between us.
If we become aware of any unauthorised access to your data which is likely to result in a high risk for the rights and freedoms of the data subjects, we will inform you without undue delay after becoming aware of it, once we have established what was accessed and how it was accessed.
We reserve the right to modify this policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Platform. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If we decide to change this policy, we will post the changes on our Platform at www.workio.co/privacy. It is your responsibility to refer back to this policy to review any amendments.
Any queries relating to this or other policies please contact us.