Information on data protection & DSGVO

How we secure your data, manage cookies, and everything you need to know about our Terms of Use.

Steps we take

What does Staffomatic do to ensure compliance with the GDPR?

Data processing

Data we collect & process for you to get the best user experience

Data Protection

Our data privacy policy for our website

Terms of use

The general terms and conditions


Frequently asked questions

Steps we take

Our measures for the security of your data

Hosting in Germany

The management of the servers (application server and database server) is also handled by a partner from Germany.

Trained employees

Our employees are familiar with the requirements of data protection and our data protection guidelines. They receive regular training in data protection from our partner and undertake to handle personal data confidentially.

GDPR-compliant partners

For efficient and smooth business operations, we use third-party software. Compliance with the GDPR is a mandatory selection criterion for us. In this way, we can ensure that all data stored by us is secure, even when processed by third-party providers.

IT Security

Unsere IT-Infrastruktur ist nach den neuesten Standards verschlüsselt, bzw. Läuft in eigenen, privaten Netzwerken. Zugriffsrechte auf IT-Systeme für Mitarbeiter werden nach dem Prinzip der Erforderlichkeit vergeben.

Diese Richtlinien und die Dokumentation unserer IT-Sicherheit stellen wir im Nutzerkonto unter Einstellungen bereit.

Data Protection Management System (DPMS)

Our business processes are increasingly digitized and networked, which creates certain risks for the confidentiality, integrity and purpose limitation of data. We would like to take this into account and create appropriate protection for the personal data we process against misuse and other risks. We have regulated how we handle personal data internally at EASYPEP in our data protection management system, which is mandatory for all employees.

Data Protection Officer (DPO)

To ensure professional and secure handling of your personal data, we have decided to work with an external data protection officer. This guarantees us professional advice in handling data and - through regular audits - a high data protection standard. In addition, we are reliably informed about current changes in data protection law.

Insurance in the event of a data protection breach

Unfortunately, there is no 100% security for personal data. In order to provide additional protection in the event of a data breach, e.g. due to a hacker attack, we have decided to take out an insurance policy. In the event of an attack, we are assured of the support of a professional service provider who has extensive experience in dealing with an attack.

Data processing

The following data is stored and processed at Staffomatic

In principle, our application stores and processes as little data as possible. However, in order for our service to function, it is necessary to collect and process some data. You can find out what this is and how it is processed here:

E-mail address

The e-mail address is necessary for the operation of Staffomatic. It is used for logging in and communication.

Company data

When creating your Staffomatic account we ask for additional data, such as the company name. This data will help you later on when using Staffomatic by EASYPEP. The company name is used to create an account URL (e.g.:

Shift times

In order to be able to use shift planning and evaluation, shift times are stored. These are assigned to the assigned user. (Ex.: When does employee X work)

First name and last name

First name and last name are not required fields. Staffomatic by EASYPEP can also be used only with the specification of the e-mail address. However, specifying names makes the use of the application much more pleasant, as assignment can take place more easily.

Invoice data

In order to continue using Staffomatic after the trial period, billing information is required. Depending on the payment method, credit card data or account data for the SEPA direct debit mandate will be stored here. The storage of this data takes place at our payment partners, who are of course all DSGVO compliant and store the data securely.

More profile data

Each user of Staffomatic by EASYPEP can manage the input of additional profile data in his profile. For example, address data and contact details can be added - or it can be defined when the user can be used for shifts. There is also the possibility to save files for users.


Frequently asked questions about data protection and Staffomatic

What is the GDPR?

The General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive 95/46/EC. The new regulation creates an overarching European data protection law that ensures a homogeneous standard in all EU member states.

The aim of the regulation is to create a more secure environment for personal data. The 99 articles in eleven chapters limit the amount of data that can be collected, how it is processed and how long it can be stored.
To whom does the GDPR apply?

The GDPR regulates data protection for all EU citizens and people who reside within the EU. This means that as soon as online communication takes place with consumers in the EU, or personal data of EU citizens is processed or stored, an American company is also affected.
What is personal data?

Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject). (§3 BDSG)

Personal data includes information that relates to a directly or indirectly identifiable person. In addition to names, addresses, photos, telephone numbers or bank details, this also includes e-mail and IP addresses, as these - especially when linked - allow clear conclusions to be drawn about individuals. Incidentally, information such as political opinions, ethnic origin, posts from social platforms and much more also belong to the personal data defined by law.

Where can I find the contract for order processing?

After you have created your test account, the contract can be downloaded via the Settings menu.

Do I need a contract for order processing (ADV)?

According to the GDPR, as soon as a company commissions an external service provider to collect, process or use personal data in accordance with instructions, this constitutes commissioned processing (originally commissioned data processing). An ADV contract is mandatory! While not much changes for the client (you) with the entry into force of the DSGVO, the contractor (Easypep) will be held more accountable by the DSGVO. In the future, the client and contractor will be jointly liable for the processing of data (Joint Control - jointly responsible for processing).

Commissioned processing often exists in the case of:

  • external payroll or salary accounting
  • Newsletter dispatch by providers
  • Use of cloud services, e.g. for personnel management
  • File destruction
  • Tracking services
  • Customer help desks
  • Outsourced data centers
  • Call centers
  • External back-up security storage/ archiving
Is my data secure?

We at Staffomatic by Easypep take the security of your data very seriously. Our servers are hosted in a modern data center in Germany.

All transmissions are SSL encrypted or take place in a private network.

Will the stored data be passed on to third parties?

No! The data that is collected and stored is only used to provide the Staffomatic software. Data will not be passed on to third parties. A sale or transfer to third parties is generally excluded by EASYPEP and is not supported at any time.
Is there a certification according to DSGVO? Is Easypep certified according to DSGVO?

There is no official and recognized DSGVO certification procedure yet. However, Easypep takes all necessary steps to ensure maximum data security.

What happens to my data if I cancel my contract with Easypep?

All user data will be deleted after 48 hours.

Account data, such as billing data and company data, will continue to be stored according to the legal retention periods.


Legal information and disclaimer

Staffomatic by EASYPEP is a service of:

EASYPEP UG (haftungsbeschränkt)
Sternstrasse 106
20357 DE - Hamburg
Phone: +49 (0)40 87407229

Managing directors authorized to represent the company:
Sebastian Heindorff & Kalle Saas

Registered office of the company:

Registry Court:
Local Court Hamburg-Altona HRB 123216

VAT-IdNr: DE283142283

© 2012-2029 EASYPEP (limited liability) UG

Photo rights: EASYPEP UG (haftungsbeschränkt)