Security and anonymity
Workheld GmbH (the operator of www.workheld.com/en, EVOCALL and the Workheld application hereinafter referred to as “Workheld”), with headquarters at Rotensterngasse 5, 1020 Vienna, attaches the highest importance to the issue of security and does everything in its power to prevent unauthorized access to data entrusted by its users. Technical protective measures such as SSL encryption and firewalls, in combination with a differentiated system of access authorisations, are intended to guarantee the highest possible level of data security.
The data that is transferred to other users when using the Workheld application, EVOCALL application, or other Workheld services is linked to the clear name chosen by the user.
The user has the right at any time to revoke, in whole or in part, his consent to the use of his data as described in detail below within the framework of the legal requirements. Furthermore, he has the right to object to the use of his anonymised or pseudonymised data.
For the revocation an e-mail to firstname.lastname@example.org, in which the customer names affected users accounts.
Security in HETZNER ONLINE – The cloud platform behind EVOCALL
The EVOCALL platform is operated in the HETZNER ONLINE datacenter. The HETZNER Cloud servers are located exclusively in Europe.
HETZNER ONLINE IS CERTIFIED IN ACCORDANCE WITH DIN ISO/IEC 27001
The ISO 27001 certificate, an internationally recognized standard for information security, certifies that Hetzner Online GmbH and Hetzner Finland Oy have established and implemented an appropriate information security management system (ISMS). The scope of Hetzner’s certified ISMS includes the infrastructure, operation and customer support of the data center parks in all three locations: Nuremberg, Falkenstein, and Helsinki. FOX Certification, a third party certification authority, performed the audits and officially awarded the cerificates.
The certificates confirm that Hetzner Online GmbH and Hetzner Finland Oy will uphold strict information security standards using its ISMS, including protecting the security, confidentiality, and integrity of its customers’ data. Moreover Hetzner will provide safeguards, so only authenticated users will have access to their IT systems. Finally, the certificates mean that Hetzner’s ISMS will not remain at the status quo. The ISO 27001 certificate requires Hetzner to continually reassess and improve its information security methods. Regular audits will be performed to verify that Hetzner’s ISMS remains current.
Certificate Hetzner Online: https://www.hetzner.com/pdf/en/FOX_Certificate.pdf
Statement of Applicability: https://www.hetzner.com/assets/Uploads/downloads/fox-zertifikat-statement-of-applicability.pdf
Collection, processing and use of personal data
Within the EVOCALL solution an assignment to dicstinct user groups is possible. They differ with regard to the permission to use some functions for communication.
In order to provide the services described in EVOCALL, it is necessary to collect, process and use personal data provided by the user during the registration process or when completing his/her profile.
Personal data are individual details about personal or factual circumstances of an identified or identifiable natural person.
In the course of registration the customer is requested to provide certain information. The following data is provided by the user during registration:
- Name (first and last name)
- E-mail address
- Password (chosen by the user)
- Preferred language
A user’s profile will only be visible to those users who are connected to him/her through the customer’s organization.
Creation of anonymous and pseudonymous user profiles for the optimization of services
With every access to EVOCALL, usage data is transmitted and stored in log files. Workheld will use this data to perform or have performed analyses of the behavior of its users in the context of the use of its service and will create anonymized or pseudonymized usage profiles for this purpose. This data is stored within the scope of application of the EU data protection basic regulation. The sole purpose of creating user profiles is to make Workheld’ service more efficient, secure and user-friendly.
Personal data is primarily collected to enable users to use EVOCALL securely, smoothly, efficiently and personally. This data is primarily used for the following:
- Providing the services requested by the user, adapting, measuring and improving the services of EVOCALL and its contents
Transfer of personal data to third parties
Workheld does not sell, trade, or otherwise unauthorized transfer of personal data and information to third parties for commercial purposes. Workheld does not share users’ personal information with third parties unless the user has given permission or Workheld is required to do so by law or governmental regulation.
Workheld is expressly authorized by the users during registration by accepting the General Terms and Conditions of Use (GTC) to allow the customer’s company management access to the participant data at their request. The users will be informed of this.
Third parties are not external service providers of Workheld who provide services in the name and on behalf of Workheld. These include host providers, payment providers, collection agencies, etc.
Information on stored data
The customer has the right to request information at any time about the data stored by Workheld for his or her organization, its origin, the purpose for which it is stored, and the recipient to whom the data is transferred. This information is free of charge and is provided in writing. The request for information must be made in writing, signed by the recipient and accompanied by a copy of his or her identity card, and sent to the following address
Rotensterngasse 5, 1020 Wien
Tel.: +43 1 9929028
Deletion and rectification of data
When the account is closed, the data associated with it will be deleted. Workheld stores the described data for as long as required by law. Workheld may therefore retain certain data even after the account has been closed. However, this does not restrict the right to close an account.
Review of personal data
In order to protect against persons who abuse Workheld’ internet services, Workheld uses various automated monitoring tools to randomly analyze activities on the platform and check user entries for plausibility, without Workheld having any legal obligation in this regard. Certain character strings or logins of different users, which appear to originate from a computer, for example, can lead to the blocking of suspicious activities.
Current state of technology
The user is aware that data protection for data transmissions on the Internet is not yet fully guaranteed according to the current state of technology. In particular, e-mails do not represent secure communication, as the “reading” of contents cannot be technically excluded. Workheld is not responsible for this; the user is responsible for the security of the data transmitted by him/her to the Internet.