Steps we take

Our measures for the security of your data

Hosting in Germany

The management of the servers (application servers and database servers) is also handled by a partner from Germany.

Trained employees

Our IT infrastructure is encrypted according to the latest standards, or runs in our own private networks. Access rights to IT systems for employees are assigned according to the principle of necessity.

GDPR-compliant partners

To ensure professional and secure handling of your personal data, we have decided to work together with an external data protection officer. This guarantees us professional advice in dealing with data and - through regular checks - a high data protection standard. It also provides us with reliable information about current changes in data protection law.

IT-Security

Our IT infrastructure is encrypted according to the latest standards, or runs in our own private networks. Access rights to IT systems for employees are assigned according to the principle of necessity.

Data Protection Management System (DPMS)

Our business processes are increasingly digitalized and networked, which creates certain risks for the confidentiality, integrity and earmarking of data. We would like to take this into account and provide adequate protection of the personal data processed by us against misuse and other risks. How we handle personal data internally at Staffomatic is regulated in our data protection management system, which is mandatory for all employees.

Data Protection Officer 
(DPO)

To ensure professional and secure handling of your personal data, we have decided to work together with an external data protection officer. This guarantees us professional advice in dealing with data and - through regular checks - a high data protection standard. It also provides us with reliable information about current changes in data protection law.

Insurance in case of data protection breakdown

Unfortunately, there is no 100% security for personal data. In order to provide additional security in the event of a data breach, e.g. a hacker attack, we have decided to take out insurance.m In the event of an attack, we have the support of a professional service provider with extensive experience in dealing with an attack.

Data processing

The following data is stored and processed at Staffomatic

In principle, our application stores and processes as little data as possible. For our service to work, however, it is necessary to collect and process some data. What these are and how they are processed, follows here:

Email address

For the user of Staffomatic the email address is required. It is used for logging in and communication.

Company data

When creating your Staffomatic account we ask for further data, e.g. the company name. This data will later help you to use Staffomatic. The company name is used to create an account URL (e.g.: mycompany.staffomatic.app).

Shift hours

Shift times are saved in order to be able to use shift planning and evaluation. These are assigned to the assigned user. (Example: When does employee X work)

First name and surname

The management of the servers (application servers and database servers) is also handled by a partner from Germany.

Invoice details

In order to be able to continue using Staffomatic after the test phase, it is necessary to enter invoice data. Depending on the payment method, credit card data or account data for the SEPA direct debit mandate are stored here. This data is stored by our payment partners, who are of course all GDPR-compliant and store the data securely.

Other profile data

Each Staffomatic user can manage the entry of additional profile data in his or her own profile. For example, address data and contact data can be added or when the user can be used for shifts. It is also possible to save files for users.

FAQ

Frequently asked questions about Data Privacy and Staffomatic

What is the GDPR?

The Basic Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive 95/46/EC. The new regulation creates a European-wide data protection law that ensures a homogeneous standard in all EU member states.

The aim of the Regulation is to create a safer environment for personal data. The 99 articles in eleven chapters limit the amount of data that can be collected, the way in which it is processed and how long it can be stored.

Who does the GDPR apply to?

The GDPR regulates data protection for all EU citizens and people residing within the EU. This means that as soon as consumers in the EU communicate online or personal data of EU citizens are processed or stored, an American company is also affected.

What are personal data?

Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (data subject). ( §3 BDSG)

Personal data includes information that relates to a directly or indirectly identifiable person. In addition to names, addresses, photos, telephone numbers or bank details, e-mail and IP addresses are also included, as they provide clear information on individuals, especially in connection with each other. Information such as political opinions, ethnic origin, contributions from social platforms and much more also belong to the personal data defined by law.


Where can I find the contract for order processing?

After creating your test account, the contract is available for download from the Settings menu.

Do I need a contract for order processing?

As soon as a company commissions an external service provider to collect, process or use personal data in accordance with instructions, this is an order processing (originally order data processing) according to the GDPR. An DPA (Data Processing Agreement) contract is obligatory! While not much changes for the client (you) with the entry into force of the GDPR, the contractor (Staffomatic) is taken more into the duty by the GDPR. In future, the contracting authority and the contractor will be jointly liable for the processing of data (Joint Control).

An order processing is often enclosed in:

- external payroll accounting
- Newsletter dispatched by provider
- Use of cloud services, e.g. for human ressource management
- file destruction
- tracking services
- Customer Help Desks
- Outsourced data centers
- Callcenter
- External backup security storage/archiving

Is my data secure?

We at Staffomatic take the security of your data very seriously. Our servers are hosted in a modern data center in Germany.

All transmissions are SSL-encrypted or take place in a private network.

Will the stored data be passed on to third parties?

No! The data collected and stored is used exclusively for the provision of the Staffomatic software. Data will not be passed on to third parties. A sale or passing on to third parties is generally excluded by Staffomatic and is not supported at any time.

Is there a certification according to GDPR? Is STAFFOMATIC certified according to GDPR?

There is as yet no official and recognised GDPR certification procedure. However, Staffomatic takes all necessary steps to ensure maximum data security.

What happens to my data if I cancel the contract with Staffomatic?
All user data will be deleted after 48 hours.

Account data such as invoice data and company data will continue to be stored after the legal retention periods.

Imprint

Legal information and imprint 

Staffomatic by EASYPEP is a product of  the company:

EASYPEP UG (haftungsbeschränkt) 
Sternstrasse 106
20357 DE - Hamburg
Phone: +49 (0)40 87407229

Email: datapolicy@staffomatic.com
Internet: www.staffomatic.com

Chief Executing Officers:
Sebastian Heindorff & Kalle Saas

City:
Hamburg

Court:
Amtsgericht Hamburg-Altona HRB 123216

VAT-ID: DE283142283

© 2012-2029 EASYPEP (haftungsbeschränkt) UG

Picture Rights: EASYPEP UG (haftungsbeschränkt)

Staffomatic by EASYPEP
Made with ♥︎ in Germany

 Staffomatic by easypep

FR - DE