GDPR
GDPR at absentify
Last updated: April 27, 2024
absentify and the responsible company, BrainCore Solutions GmbH, are committed to full compliance with the European Union's General Data Protection Regulation (GDPR). Our goal is to uphold the highest standards of data protection, ensuring that our customers and their employees can trust that their data is securely and GDPR-compliantly processed.
What is GDPR?
The General Data Protection Regulation (GDPR) is a data protection law enacted by the European Union that has been in effect since May 25, 2018. Its purpose is to protect the privacy of individuals within the EU and includes the following rights:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to avoid automated decision-making
absentify processes sensitive data, such as employee information and absence details, on behalf of our customers. Protecting this data is one of our top priorities.
Who is responsible?
Responsible entity under GDPR:
BrainCore Solutions GmbH
Panoramaweg 1
8274 Tägerwilen, Switzerland
EU Representative under Article 27 GDPR:
MPH-GL GmbH
Reichenaustrasse 11a
78467 Konstanz, Germany
Contact:
Phone: +49 251 9811573777
Email: support@absentify.com
Technical and Organizational Measures (TOM)
To ensure the security and confidentiality of personal data, absentify has implemented robust technical and organizational measures, including:
- Data encryption: Ensuring all data transfers are secured via SSL/TLS.
- Access management: Strict role-based access control following the principle of least privilege.
- Monitoring: Regular monitoring and improvement of our security infrastructure.
- Backups: Routine backups to ensure data restoration in case of incidents.
These measures are documented and continuously optimized using Robin-Data, our data protection management tool.
Data Processing Agreement (DPA)
Customers can download our Data Processing Agreement (DPA) to review our data protection policies and practices.
How to complete the DPA:
- Download the DPA.
- Sign the document and send a scanned PDF copy to support@absentify.com.
- We will countersign the agreement and return a copy to you.
Where is data processed?
Customer data is processed and stored within the European Union (EU). Should data be processed outside the EU, we ensure compliance with GDPR requirements through Standard Contractual Clauses (SCCs).
Data protection incidents
In the rare event of a data protection incident, we will:
- Immediately analyze and resolve the issue.
- Notify the relevant supervisory authority within 72 hours if the incident cannot be resolved promptly.
- Work closely with our external data protection consultant to determine the best course of action.
Data subject requests
absentify handles all data subject requests, including:
- Access to stored data,
- Correction or deletion of data,
- Restriction of data processing.
For inquiries, please contact us at support@absentify.com.
Certifications
absentify is ISO 27001 certified and has successfully achieved the Microsoft 365 App Certification. These certifications demonstrate our commitment to maintaining the highest security and data protection standards.
Note: SOC 2 compliance is currently not planned.
Frequently Asked Questions (FAQ)
What does absentify do to comply with GDPR?
absentify employs state-of-the-art security measures and regularly reviews its processes to ensure GDPR compliance.
Does absentify provide resources for GDPR compliance?
Yes, you can access the following resources: