Effective May 25, 2018.
Hrvey is committed to complying with the GDPR and helping our customers comply as well. This means that we have in place all the necessary safeguards to keep your data safe, and that you and your employees have the right to request all personal information that we store about them, and to have this data deleted, to the extent that we are not required by law to archive it. Furthermore we are obligated to only use subprocessors (such as payment providers, server hosting and similar) that are obligated to provide provide the same level of safety and right to have your data extracted or deleted. If you are not subject to the GDPR (because your organization is located outside of the EU and does not process the data of EU citizens) then you still get to enjoy the benefits of additional data rights that the GDPR grants you.
In the context of GDPR Hrvey is what is called a Data Processor, while our customers are Data Controllers, since we only process their personal information at their instruction and when they provide us with it.
It is the data controller's duty to ensure that they have consent from the individuals (employees) whose information is collected and stored. Note that in some jurisdictions there is an implied consent implicit in a job contract to collect HR related data and there is also in many jurisdictions an obligation for employers to collect records of leave, so that this collection does not require explicit consent from the employees. Note that this does not constitute legal advice, and you should contact a lawyer to ensure your employment contracts are GDPR-compliant.
By accepting our terms of service and creating an organization on the hrvey.com website you are instructing the service to process the HR- and leave-related information that you and your employees provide to the service. You can withdraw that instruction at any time by contacting us at email@example.com to have your account closed down.
After you have signed up, you can download a Data Processing Agreement here between yourself and the service in compliance with the GDPR (as the data controller it is your obligation that a such exists, but we are providing one for you as a service). This agreement formalizes the right granted to you under the GDPR and lists the data we collect and the subprocessors that we may send this data to. In case of any contradictory terms, that agreement takes precedence over these general terms. You can read more about the GDPR and see an example DPA in this knowledge base article
WE RESPECT YOUR PRIVACY
COLLECTING PERSONAL INFORMATION
As part of the service we provide to you and your organization, we collect personal information from you and your employees. Such personal information may include name, user name, email address, postal code, leave records, date of birth, gender, job start date, job title, profile picture, log-in IP address (for security audit purposes only), Contract of employment & HR details. ("personal information" or "User Data"). If you choose to sign up via an external sign up feature made available by Hrvey, some of the listed personal information will be transferred to Hrvey from there. If you subscribe to additional Services subject to charges, Hrvey will potentially require credit card information from you.
We encourage you to at all times keep your personal information updated.
If you provide us with personal information on a third party, for instance if you invite your friends to join you on the Hrvey community, we will only use such third-party data for the specific purpose (delivering the invitation). We will not contact the third party further unless the third party contacts us.
TRANSER OF PERSONAL INFORMATION
Transfer of personal information is subject to your consent
We will only with your consent disclose and share your identifiable personal information with business partners, third parties or other individuals outside of the Hrvey community.
However, we may need to transfer your personal information to our service providers in order to perform the Services to you and conduct our business; for example the handling of credit card processing, shipping, data management, email distribution, market research, information analysis, and promotions management etc. The transfer will be secure and the data recipient shall accrue no proprietary rights to your personal information outside the purpose of the transfer.
Further disclosure of your information may occur when it is required to comply with law, court order or similar.
Transfer of de-identifiable personal information
We may share aggregated or in other ways de-identifiable personal information publicly and with our business partners, e.g. advertisers or connected sites.
Your personal information may be transferred if Hrvey is involved in a merger, acquisition or asset sale in whole or in part. However, besides from the actual transfer of ownership, we will continue to ensure the confidentiality of any personal information. In case of the aforementioned transactions occurs we will provide notice to the affected users.
We encourage you to be on our e-mailing list in order to receive electronic information, news and updates on our services.
We will only send you emails about product and feature updates, company news, other Hrvey news and/or offers from selected partners, if you have accepted to receive such.
To later unsubscribe and stop receiving such communication, please follow the instructions in the email.
Please note that irrespective of your settings, Hrvey is entitled to send notifications to you pertaining the performance of the Services, e.g. revisions of Terms or other formal communication etc.
Subject to Hrvey's Age Restrictions for use of the Services in the Terms we encourage parents and legal guardians to participate in and advise their children on their use of online activities. We encourage children to get their parents and/or guardian's permission before disclosing any information to an online media.
LINKS TO THIRD PARTIES
AUTOMATICALLY COLLECTED DATA
This information can be combined with information you have provided to us (for instance by registering), and will enable us to analyse and customise our services to you.
A cookie is a small string of information, a text file, a pixel etc. transferred to and stored on your computer for identification purposes. Cookies can be used to follow your activity on the Site and that information helps us to understand your preferences and improve your experience and use of our Services.
By using the Site and the Services you consent to Hrvey's setting of cookies on the devices.
Third party cookies
Besides Hrvey cookies, the Site sets cookies from Google Analytics and Hrvey may at its own discretion add additional third party services that sets cookies. These cookies and used to analyze Site statistics and User behavior, and to identify and diagnose errors, bugs etc. Google Analytics does not collect personal information.
Turning off cookies
You can turn off all cookies, in case you prefer not to receive them. You can also have your computer to warn you whenever cookies are being used. For both options you have to adjust your browser settings. If you turn off all cookies, you may not have access to features that makes your experience more efficient and some Services may not function accurate.
DATA PROTECTION AND DATA CONTROLLER
In order to protect your personal data and all other information we have stored, we and our data center service providers have implemented various security measures whereby your personal data is stored in a secure environment and treated confidentially and personal data is only accessible by a limited number of employees at Hrvey, who all have special access rights and are required to keep the information confidential.
Right of access to data
All personal information and User Generated Content are stored and processed by Hrvey on servers located within the European Union. The personal information processed on you is accessible on your account via the Site or the Software. You may contact us at firstname.lastname@example.org to get information on what personal information are processed in relation to you and if relevant have them erased or rectified.