This is an automated English translation of the data privacy regulation. Only the German version is therefore valid without exception. It can be found here.
Security and anonymity
Workheld GmbH (the operator of www.workheld.com/en and the Workheld application hereinafter referred to as ” Workheld”), with headquarters at Rotensterngasse 5, 1020 Vienna, attaches the highest importance to the issue of security and does everything in its power to prevent unauthorized access to data entrusted by its users. Technical protective measures such as SSL encryption and firewalls, in combination with a differentiated system of access authorisations, are intended to guarantee the highest possible level of data security.
The data that is transferred to other users when using Workheld or other services by the Workheld GmbH is linked to the clear name chosen by the user.
The user has the right at any time to revoke, in whole or in part, his consent to the use of his data as described in detail below within the framework of the legal requirements. Furthermore, he has the right to object to the use of his anonymised or pseudonymised data.
For the revocation an e-mail to firstname.lastname@example.org, in which the customer names affected users accounts.
Security in Microsoft Azure West Europe – The cloud platform behind Workheld
The Workheld platform is operated on the Microsoft Cloud Service Azure West Europe. The Microsoft Azure West Europe Cloud servers are located exclusively in Europe.
Security and privacy are integrated into the Azure Platform from the very beginning: The Security Development Lifecycle (SDL) ensures security at every stage of development – from initial planning to the release of your solution. In addition, Azure is constantly updated to make your solutions even more secure. Operational Security Assurance (OSA) is based on SDL expertise and processes and provides a framework that enables secure operation of cloud-based services throughout their lifecycle. Thanks to Azure Security Center, Azure is the only public cloud platform that provides continuous monitoring of security and integrity. Further information can be found here: https://azure.microsoft.com/de-de/overview/trusted-cloud/
Collection, processing and use of personal data
A distinction is made between the following user groups: coordinators and technicians / workers. They differ with regard to the authorization to use some functions.
Personal data are individual details about personal or factual circumstances of an identified or identifiable natural person.
In the course of registration the customer is requested to provide certain information. The following data is provided by the user during registration:
- Salutatory address
- Name (first and last name)
- E-mail address
- Password (chosen by the user)
- Billing address
A user’s profile will only be visible to those users who are connected to him/her through the customer’s organization. These are coordinators and technicians/workers within a company.
Creation of anonymous and pseudonymous user profiles for the optimization of services
With every access to www.workheld.com/en or the Workheld applications, usage data is transmitted and stored in log files. Workheld will use this data to perform or have performed analyses of the behavior of its users in the context of the use of its service and will create anonymized or pseudonymized usage profiles for this purpose. This data is stored within the scope of application of the EU data protection basic regulation. The sole purpose of creating user profiles is to make Workheld’ service more efficient, secure and user-friendly.
The data currently collected are:
In addition, the mobile application also integrates the crash report service “HockeyApp” from Microsoft, which stores some more data in addition to the data already mentioned in the table above. These are:
Device-Type, Device-Id, Device-Language, Device-Network, und StoreRegion.
These data are not personal but can only be traced back to the device used. It is collected automatically to provide Workheld’ services to the user.
Personal data is primarily collected to enable users to use Workheld securely, smoothly, efficiently and personally. This data is primarily used for the following:
- Providing the services requested by the user, adapting, measuring and improving the services of Workheld and its contents
Transfer of personal data to third parties
Workheld does not sell, trade, or otherwise unauthorized transfer of personal data and information to third parties for commercial purposes. Workheld does not share users’ personal information with third parties unless the user has given permission or Workheld is required to do so by law or governmental regulation.
Workheld is expressly authorized by the users during registration by accepting the General Terms and Conditions of Use (GTC) to allow the customer’s company management access to the participant data at their request. The users will be informed of this.
Third parties are not external service providers of Workheld who provide services in the name and on behalf of Workheld. These include host providers, payment providers, collection agencies, etc.
Workheld uses the newsletter dispatch service Mailchimp or similar services for sending newsletters and information mails. Mailchimp processes the data exclusively for and on behalf of Workheld (service provider); no data processing is carried out by Mailchimp for its own purposes. When the user registers on the Workheld platform, the data which the user provides during registration (i.e. clear name and e-mail address) is transferred to Mailchimp and stored there. After the direct registration via the newsletter order the user will receive an e-mail to confirm his registration (“double opt-in”). If the registration for the newsletter takes place during the creation of a user account, the confirmation for the newsletter registration is part of the confirmation for the creation of the user account.
Mailchimp offers extensive analysis possibilities about how the newsletter is opened and used. More information about Mailchimp can be found here: https://mailchimp.com/legal/
Workheld uses “cookies” for the purpose of providing its services. A cookie is a text file that is either temporarily stored in your computer’s memory (“session cookie”) or stored on your hard drive (“persistent” cookie). Cookies contain, for example, information about the user’s previous accesses to the corresponding server or information about which offers have been accessed so far. Cookies are not used to execute programs or load viruses onto your computer. Rather, the main purpose of cookies is to provide an offer that is specially tailored to the user and to make the use of the service as convenient as possible.
The user has the option of rejecting the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or by additional programs. Further details can be found in the help function of the browser used by the user. However, if the user decides to disable cookies, this may reduce the performance of the service and may have a negative impact on the use of Workheld’ services.
Information on stored data
The customer has the right to request information at any time about the data stored by Workheld for his or her organization, its origin, the purpose for which it is stored, and the recipient to whom the data is transferred. This information is free of charge and is provided in writing. The request for information must be made in writing, signed by the recipient and accompanied by a copy of his or her identity card, and sent to the following address
Rotensterngasse 5, 1020 Wien
Tel.: +43 1 9929028
Deletion and rectification of data
When the account is closed, the data associated with it will be deleted. Workheld stores the described data for as long as required by law. Workheld may therefore retain certain data even after the account has been closed. However, this does not restrict the right to close an account.
Review of personal data
In order to protect against persons who abuse Workheld’ internet services, Workheld uses various automated monitoring tools to randomly analyze activities on the platform and check user entries for plausibility, without Workheld having any legal obligation in this regard. Certain character strings or logins of different users, which appear to originate from a computer, for example, can lead to the blocking of suspicious activities.
Current state of technology
The user is aware that data protection for data transmissions on the Internet is not yet fully guaranteed according to the current state of technology. In particular, e-mails do not represent secure communication, as the “reading” of contents cannot be technically excluded. Workheld is not responsible for this; the user is responsible for the security of the data transmitted by him/her to the Internet.
Workheld has no control over the privacy practices of the operators of external websites and third-party services and cannot be responsible for the privacy practices of the operators of linked sites. Workheld does not endorse the content of external websites or files linked by Workheld or users.
The user agrees that Workheld may send him/her product information about Workheld Workheld as part of the free and, if applicable, paid contractual relationship. Newsletters as well as information on products and services of partner companies will only be sent to the user if he/she requests. If the User no longer agrees to receive such newsletters, he/she may object to them at any time. At the end of each e-mail/newsletter there is a clear indication of the possibility of objection and a link to the objection. Furthermore, the user can also deactivate the newsletter delivery in the settings of the user account.