Howdy Is Processing Personal Data
Since our beginning we have been approved by the Danish Data Protection Agency to process personal data and our legal documents are updated so they live up to the requirements of GDPR – the new General Data Protection Regulation, which became effective on the 25th of May 2018.
On this page we have collected all our legal- and security documents, so you can easily orientate yourself within the many documents that support our entire data processing.
The Legal Set-Up
When a client (company, authority or similar) has entered into an agreement with Worklife Barometer their employees can be informed and offered to use the solution. To contact the employees – and later on to conduct reports on relevant organisational units for the client – we receive basic data from the client.
In this case the client is data responsible (in the role as employer) and Worklife Barometer is data processor of basic employee data. In the Data Processor Agreement Worklife Barometer is instructed by the Client (data responsible) to address the company’s employees with the purpose of offering to sign up to the Howdy solution.
The employees are informed that they – by giving their consent – sign up as a user to the Howdy solution, where Worklife Barometer is data responsible for collecting personal data and other processing taking place in the solution, including passing on information to the Response Team, anonymised reporting etc.
This setup ensures the “anonymisation consideration”: That the employer will not have insight to the personal data or any closer knowledge about who of the employees sign up to the solution and who do not.
The Client is still data responsible for the basic data, so we can receive relevant up to date information for instance about employees starting with or leaving the company. Receiving this kind of information is significant for us to be able to contact employees and users.
Information Security Policy
The purpose of the Security Policy is to indicate to all employees and extern business partners that the use of information and information systems is subject to standards and guidelines. Particularly to be noticed is that Worklife Barometer’s core product Howdy is subject to the strictest requirements from the Danish Data Protection Agency, as personal information is being processed.
Worklife Barometer’s Information Security Policy is described here.
Technical Fact Sheet
Our technical fact sheets address the most common security- and data protection questions as well as “compliance” standards, backup procedures and levels of access to data.
Worklife Barometer’s technical fact sheets can be found here.
The client (employer) is informed of the policy when ordering Howdy. It features as a legal commitment for us in the delivery agreement.
Furthermore, the user is informed of the policy when signing up to Howdy. This occurs when the user gives us his/her full consent as our information commitments according to GDPR are described in the policy.
Overall, the following is explained in the policy:
- That Worklife Barometer’s work complies with the current regulations for processing of personal data, including GDPR and the additional Danish Data Protection Act.
- That the Client entrusts Worklife Barometer with personal data on the employees, who are offered to sign up as users to the Howdy solution. In this relation with the Client, Worklife Barometer is data processor, as the Client is data responsible for transferring the personal data, which Worklife Barometer needs to be able to contact the employees. A Data Processor Agreement is enclosed as an appendix to the agreement with the client. This becomes effective with both parties signing the agreement. Any processing of personal data between the parties follows the terms of the Data Processor Agreement.
- Worklife Barometer is data responsible in relation to the employees, who after their consent uses Howdy and thereafter the processing of personal data. When the employee uses Howdy, personal data – such as the employee’s wellbeing and health information – is collected and processed.
- This also means that Worklife Barometer is data responsible for all personal data collected through Howdy, meaning that the employer cannot access it.
- Worklife Barometer shares statistical data on a non-personally-identifiable level with the client and possible business partners in the case that the client specifically selects this.
- The collected information can be passed on to and processed by our Response Team, when this is necessary to be able to offer the relevant treatment included in the client agreement. In this case the Response Team will act as data processor for Worklife Barometer unless the Response Team has obligations such as keeping a record on the information about the treated employees.
- The employee clearly gives consent to have his/her information processed for these purposes and by the technical tools that are established by Worklife Barometer. Therefore, the client does not have the right to gain access to the employees’ personal data with us.
- When an employee uses Howdy, personal data is collected and stored, hence the employee needs to sign or electronically accept the enclosed consent agreement and give his/her clear consent to Worklife Barometer’s processing of the employee’s data.