Personal data is a valuable asset. That is why STAFFOMATIC offers the highest level of data security.
What does STAFFOMATIC do to ensure compliance with the GDPR?
The management of the servers (application servers and database servers) is also handled by a partner from Germany.
We use third-party software for efficient and smooth business operations. Conformity with the GDPR is an obligatory selection criterion for us. This enables us to ensure that all data stored by us is secure, even when processed by third parties.
Our IT infrastructure is encrypted according to the latest standards, or runs in our own private networks. Access rights to IT systems for employees are assigned according to the principle of necessity.
We make these guidelines and the documentation of our IT security available in the user account under Settings.
Our employees are familiar with the requirements of data protection and our data protection guidelines. You will receive regular training in data protection from our partner and undertake to treat personal data confidentially.
Our business processes are increasingly digitalized and networked, which creates certain risks for the confidentiality, integrity and earmarking of data. We would like to take this into account and provide adequate protection of the personal data processed by us against misuse and other risks. How we handle personal data internally at STAFFOMATIC is regulated in our data protection management system, which is mandatory for all employees.
To ensure professional and secure handling of your personal data, we have decided to work together with an external data protection officer. This guarantees us professional advice in dealing with data and - through regular checks - a high data protection standard. It also provides us with reliable information about current changes in data protection law.
Unfortunately, there is no 100% security for personal data. In order to provide additional security in the event of a data breach, e.g. a hacker attack, we have decided to take out insurance.m In the event of an attack, we have the support of a professional service provider with extensive experience in dealing with an attack.
In principle, our application stores and processes as little data as possible. For our service to work, however, it is necessary to collect and process some data. What these are and how they are processed, follows here:
For the user of STAFFOMATIC the email address is required. It is used for logging in and communication.
When creating your STAFFOMATIC account we ask for further data, e.g. the company name. This data will later help you to use STAFFOMATIC. The company name is used to create an account URL (e.g.: mycompany.staffomaticapp.com).
Shift times are saved in order to be able to use shift planning and evaluation. These are assigned to the assigned user. (Example: When does employee X work)
First name and surname are not mandatory fields. STAFFOMATIC can also only be used with your email address. However, specifying names makes it much easier to use the application, since it is easier to assign names.
In order to be able to continue using STAFFOMATIC after the test phase, it is necessary to enter invoice data. Depending on the payment method, credit card data or account data for the SEPA direct debit mandate are stored here. This data is stored by our payment partners, who are of course all GDPR-compliant and store the data securely.
Each STAFFOMATIC user can manage the entry of additional profile data in his or her own profile. For example, address data and contact data can be added or when the user can be used for shifts. It is also possible to save files for users.
Of course we provide all customers with a GDPR-compliant contract for order processing. After creating a test account, the AV contract can be downloaded from the Settings menu.
The Basic Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive 95/46/EC. The new regulation creates a European-wide data protection law that ensures a homogeneous standard in all EU member states.
The aim of the Regulation is to create a safer environment for personal data. The 99 articles in eleven chapters limit the amount of data that can be collected, the way in which it is processed and how long it can be stored.
The GDPR regulates data protection for all EU citizens and people residing within the EU. This means that as soon as consumers in the EU communicate online or personal data of EU citizens are processed or stored, an American company is also affected.
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (data subject). ( §3 BDSG)
Personal data includes information that relates to a directly or indirectly identifiable person. In addition to names, addresses, photos, telephone numbers or bank details, e-mail and IP addresses are also included, as they provide clear information on individuals, especially in connection with each other. Information such as political opinions, ethnic origin, contributions from social platforms and much more also belong to the personal data defined by law.
As soon as a company commissions an external service provider to collect, process or use personal data in accordance with instructions, this is an order processing (originally order data processing) according to the GDPR. An DPA (Data Processing Agreement) contract is obligatory! While not much changes for the client (you) with the entry into force of the GDPR, the contractor (STAFFOMATIC) is taken more into the duty by the GDPR. In future, the contracting authority and the contractor will be jointly liable for the processing of data (Joint Control).
An order processing is often enclosed in:
After creating your test account, the contract is available for download from the Settings menu.
We at STAFFOMATIC take the security of your data very seriously. Our servers are hosted in a modern data center in Germany.
All transmissions are SSL-encrypted or take place in a private network.
No! The data collected and stored is used exclusively for the provision of the STAFFOMATIC software. Data will not be passed on to third parties. A sale or passing on to third parties is generally excluded by STAFFOMATIC and is not supported at any time.
There is as yet no official and recognised GDPR certification procedure. However, STAFFOMATIC takes all necessary steps to ensure maximum data security.
All user data will be deleted after 48 hours.
Account data such as invoice data and company data will continue to be stored after the legal retention periods.