GDPR
GDPR at absentify
Last updated: October 27, 2025
At absentify (BrainCore Solutions GmbH), protecting your data is our highest priority. We process personal data in full compliance with the General Data Protection Regulation (GDPR) and operate a certified Information Security Management System (ISMS) according to ISO 27001.
Your rights under the GDPR
You have the right to be informed, the right of access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to automated decision-making.
absentify processes sensitive data such as employee and absence information on behalf of companies — with a strong focus on security and confidentiality.
Controller
BrainCore Solutions GmbH
Panoramaweg 1, 8274 Tägerwilen, Switzerland
EU representative (Art. 27 GDPR):
MPH-GL GmbH
Reichenaustraße 11a, 78467 Konstanz, Germany
Contact:
support@absentify.com
Technical and Organizational Measures (TOM)
- Encryption: TLS 1.2+/1.3 during transmission, AES-256 at rest
- Access control: role-based permissions, multi-factor authentication, least-privilege principle
- Monitoring & logging: continuous system monitoring and audit trails
- Backups: regular encrypted data backups and restoration testing
- Organizational security: employee training, internal policies, regular audits
- Certification: operation of an ISO 27001-certified Information Security Management System (ISMS)
The ISO 27001 certificate is included as an attachment in the Data Processing Agreement (DPA).
Data Processing Agreement (DPA)
absentify provides a standardized Data Processing Agreement in accordance with Art. 28 GDPR.
The DPA is accepted electronically within the application – no signature or postal exchange is required.
- The DPA is presented when first accessing absentify or within the workspace settings and can be accepted with a single click.
- Acceptance is logged in a tamper-proof manner (timestamp, workspace ID, IP address, version).
- The current DPA can be downloaded at any time directly from within the app.
absentify provides a standardized SaaS solution; therefore, individual contract adjustments are not possible. Any updates to the DPA apply equally to all customers and will be communicated in advance.
Data Processing Locations and International Transfers
Data is processed in Switzerland and within the European Union (e.g., via Microsoft Azure in Ireland and Denmark).
Transfers to third countries are only carried out if the requirements of Articles 44 et seq. GDPR are fulfilled (such as EU Standard Contractual Clauses, adequacy decisions, or equivalent safeguards).
Data Protection Incidents
In the rare event of a data protection or security incident, we act immediately to analyze and resolve the issue.
Where required, we notify the competent supervisory authority within 72 hours and, if necessary, the affected individuals.
Data Subject Requests
For requests related to access, correction, deletion, restriction, or data portability, please contact us at
support@absentify.com
We support our customers in processing such requests in accordance with Articles 12–23 GDPR.
Certifications
- ISO 27001 (Information Security Management System) – certificate included in the DPA
- Microsoft 365 App Certification successfully completed
- SOC 2 compliance is currently not planned
Frequently Asked Questions (FAQ)
What does absentify do to comply with GDPR?
absentify employs state-of-the-art security measures and regularly reviews its processes to ensure GDPR compliance.
Does absentify provide resources for GDPR compliance?
Yes, you can access the following resources: