Privacy Policy

Learn more about terms and conditions of the usage

list

The basis of effective data protection is comprehensive information about the collection, processing and use of your data (“data processing”). Therefore, we would like to inform you,

  • when or during which actions we process data
  • what data we process and for what reasons
  • who receives data
  • what rights you have because of data processing by us.

This privacy policy only governs the use of personal data on our website www.workmotion.com including sub-pages as well as our platforms https://platform.workmotion.com and https://workflex.workmotion.com. If you leave our website via a link or visit our presence on a social media platform, you also leave the scope of this privacy policy.

The transmission of information to or from this website is secured with TLS encryption.

You can access, print or download this privacy policy permanently and at any time at https://workmotion.com/privacy-policy/.

list

1. Contact information

The person responsible for data processing within the framework of this website within the meaning of the General Data Protection Regulation (GDPR) is:

WorkMotion Software GmbH

Richard-Ermisch-Str. 7, 10247 Berlin Legal representative: Carsten Lebtig hello@workmotion.com

We have also appointed a data protection officer. You can reach him at:

jacobsen@comtection.de, Dr. Jonas Jacobsen

list

2. General information

2.1. Scope of the processing of personal data

The provision of the website and WorkMotion platforms requires the processing of various information. In addition, the extent of data processing depends on your use of the functionalities.

You are not obliged to provide us with personal data. However, insofar as the provision of this data is technically mandatory for accessing certain functionalities, a refusal will result in you not being able to having access to certain functionalities or not enter and use our website and/or the plattforms. 

As a visitor to our websites, you are not subject to automated decision-making within the meaning of Art. 22 GDPR.

2.2. Legal basis for the processing of personal data

The legal bases for the processing of personal data are presented below.

Fulfilment of contract or implementation of pre-contractual measures (Art. 6 para. 1 b) GDPR)

Processing is only carried out to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us will only take place to this extent.

Legitimate interest (Art. 6 para. 1 f) GDPR)

Processing takes place insofar as we have a legitimate interest and no conflicting overriding interests of the data subject are apparent. The specific interest is explained in this data protection declaration as part of the processing description.

Consent (Art. 6 para. 1 a) GDPR)

Processing takes place if you have expressly consented to the type and scope of data processing. You can revoke your consent at any time with effect for the future. However, the processing that has taken place up to this point will not be affected by this.

Legal obligation (Art. 6 para. 1 c) GDPR)

Processing takes place insofar as this is necessary for the fulfilment of German or European legal obligations.

2.3. Data deletion and storage period

We delete your personal data as soon as the legal basis for its processing ceases to apply. In some cases, however, legal bases can also exist in parallel or a new legal basis can take effect when a legal basis ceases to exist, such as the obligation to store certain data in order to comply with a statutory retention obligation. 

2.4. Data subjects' rights

If personal data relating to you is processed, you are a data subject within the meaning of Art. 4 (1) GDPR. As a data subject, you are entitled to the following rights with regard to your personal data. To exercise these rights, you can contact us using the contact details provided above. 

Right to information according to Art. 15 GDPR

You have a right of access to your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right of rectification according to Art. 16 GDPR

You have the right to request the immediate correction of incorrect personal data and the completion of incorrect personal data.

Right to deletion according to Art. 17 GDPR

You have the right to request the erasure of your personal data if one of the reasons listed in Art. 17 of the GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data if one of the reasons listed in Art. 18 of the GDPR applies, in particular at your request instead of deletion of the data.

Right to data portability according to Art. 20 GDPR

In accordance with the provisions of Article 20 of the GDPR, you have the right to request the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to complain to the competent supervisory authority, Art. 77 GDPR

You have the right to lodge a complaint with the supervisory authority responsible for you in accordance with Art. 77 GDPR.

2.5. Possibility of objection and removal

Insofar as the data processing is based on your consent or our legitimate interest, you have the right to object to the processing at any time or to revoke the consent you have given. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. To exercise your right of objection or revocation, you can contact privacy@workmotion.com at any time. If you object to processing on the basis of our legitimate interest, we may nevertheless continue processing if we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms.

2.6. Recipients of data

The processing of your personal data within the framework of the website is also carried out in part by order processors, in particular the hosting of the website and the plattform and the use of analysis tools. These are involved exclusively on the basis of a commissioning agreement in accordance with Art. 28 (3) GDPR. 

2.7. Data transfer to third countries

The personal data we collect from you through the website will not generally be transferred to third countries outside the European Economic Area. 

Should a transfer to a third country occur in individual cases, we use the current standard data protection clauses (SCC) of the EU Commission to secure the transfer.

2.8. General Information Security Policy

Protect WorkMotion’s informational and IT assets (including but not limited to all computers, mobile devices, networking equipment, software and sensitive data) against all internal, external, deliberate or accidental threats and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of these systems;

Ensure information will be protected against any unauthorized access. Users shall only have access to resources that they have been specifically authorized to access. The allocation of privileges shall be strictly controlled and reviewed regularly.

Protect CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties;

Ensure INTEGRITY of information. Integrity of information refers to protecting information from being modified by unauthorized parties;

Maintain AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorized parties can access the information when needed.

Comply with and, wherever possible, exceed, national legislative and regulatory requirements, standards and best practices;

Develop, Maintain and Test business continuity plans to ensure we stay on course despite all obstacles that we may come across. It is about “keeping calm and carrying on!”;

Raise awareness of information security by making information security training available for all Employees. Security awareness and targeted training shall be conducted consistently, security responsibilities reflected in job descriptions, and compliance with security requirements shall be expected and accepted as a part of our culture;

Ensure that no action will be taken against any employee who discloses an information security concern through reporting or in direct contact with Information Security Management Leader, unless such disclosure indicates, beyond any reasonable doubt, an illegal act, gross negligence, or a repetitive deliberate or willful disregard for regulations or procedures;

Report all actual or suspected information security breaches to security@workmotion.com.

2.8.1. Enforcement, Exceptions and Complaints

Non-conformance to policy and standard statements in this Policy could result in disciplinary action including, but not limited to, informal or formal warnings, up to termination of contract. Any exceptions to what is governed will require written authorization by email from the Information Security Management Leader. Exceptions granted will be issued a policy waiver for a defined period of time. All target users of this Policy can submit complaints to its contents to the Information Security Management Leader at any point. All complaints will be filed and processed accordingly where the Information Security Management Leader will respond within 14 days of initial submission. Requests for exceptions to this policy as well as complaint submissions will be addressed to the Information Security Management Leader at security@workmotion.com.

list

3. Website

In order for us to be able to show you the website, it is necessary to process certain information. This already takes place when you call up our website. In addition, we offer various functionalities on our website that make further data processing necessary.

3.1. Log Files

When you call up our website, your browser sends various information, so-called server log files, to our server. We need these to establish and maintain the connection. Among the data is your IP address, which we treat as personal data. In addition, the following data is collected:

  • Date and time of visit 
  • Requested data volume
  • Request successful/ not successful
  • Referer (previous page)
  • Subsequent website
  • Browser and version
  • Operating system and version

This data is not merged with other data about you. The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted after 30 days at the latest, unless longer storage is necessary, for example, to prevent or clarify an attack on our website.

3.2. Cookies

Our Website also uses Cookies. To find out which Cookies are used and why, please see our Cookieguideline in section 6.

list

4. WorkDirect, WorkGlobal

With regard to our services WorkGlobal, WorkDirect, and WorkFlex as described in our terms and conditions, you may be prompted to create a user account to be able to use the services. For the creation of a user account and the use of the services via the platforms, the following data may be collected and processed depending on the service:

  • Name
  • Date and place of birth
  • Contact data (e.g. email, phone number)
  • Content data (e.g. texts, photographs, videos)
  • Payment data (e.g. bank account, payment history)
  • Usage data (e.g. access times, log files)
  • Employee master data (e. g. names, addresses, date and place of birth, gender, nationality, work permit, salary group, tax classification)
  • Application data (e. g. names, contact data, qualifications, application relevant data)
  • Personal data revealing religious or philosophical beliefs;
  • Data concerning health
  • Requests sent to your organization and their responses

4.1. Provision of Equipment for Talents

We offer our clients the option of making work equipment (e.g. laptops or mobile phones) available to their employees (talents) via a third-party provider. If a client makes use of this option, the data of the respective employee who is to receive the device (name, address and telephone number) is passed on to the third-party provider so that the provider can deliver the hardware and, if necessary, arrange a delivery date by telephone.

Unless otherwise specified in individual cases, the hardware is supplied by Hofy Ltd, Company No. 12507645, 5 New Street Square, London, EC4A 3TW, UK

list

5. WorkFlex

To offer you the functionalities of the WorkFlex-Plattform we will ask you for the following information:

  • Name
  • Contact data (e.g. email)
  • If you have spent time abroad in the last 12 months
  • If you have a bank account in a specific country
  • Tax related information

All the information we ask for is needed to offer you our services. The specific questions may change on our platform in the future.

list

6. Cookies

We use cookies on our website and platform for various purposes. A cookie is a small text file containing information that is transmitted by your browser and stored on your computer. These cookies do not contain any personal data. You can also control the use of cookies in your browser and delete cookies yourself at any time. If the cookies listed below have their own option for deleting or blocking them, this is shown in the respective description. Cookies may be necessary to establish a connection or to improve the use of the website. 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website and/or the plattform.

The use of technically necessary cookies and the associated data processing is based on our legitimate interest in providing our website. Technically necessary cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The storage period of persistent cookies is determined by the provider and can be viewed by you in your browser, for example.

6.1. Technical cookies

Technical cookies are used to enable additional functionalities or a more comfortable use of the website, e.g. by saving your country or language settings. Technical cookies are usually deleted automatically when you close your browser (session cookies), but in other cases they are only deleted after a longer period of time (persistent cookies). The storage period can be viewed in your browser. 

6.1.1. Google Tag Manager

The Google Tag Manager allows marketers to manage website tags via an interface. However, the Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The Tag Manager merely triggers other tags, which in turn may collect data. For these respective third-party providers, corresponding explanations can be found in this privacy policy. However, the Google Tag Manager does not use this data. If you have set or otherwise made a deactivation of cookies, this will be observed for all tracking tags that were used with the Google Tag Manager, i.e. the tool will not change your cookie settings. Google may ask your permission to share some product data (e.g. your account information) with other Google products to enable certain features, such as making it easier to add new conversion tracking tags for AdWords. Google’s developers also review product usage information from time to time in order to further optimise the product. However, Google will never share this type of data with other Google products without your consent. For more information, please see Google’s usage policy (https://www.google.com/intl/de/tagmanager/use-policy.html) and Google’s privacy policy (https://www.alphabet.com/de-de/datenschutzrechtlicher-hinweis) for this product.

6.1.2. JSDELIVR

We use the JSDELIVR, Królewska 65a Kraków, 33-332, Poland, content delivery network (https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net) to improve the functionality and performance of our website. These content delivery networks receive your IP address in order to evaluate your location and let you download website content and design assets from the nearest server.

Contact:dak@prospectone.io

6.1.3. Google Fonts

This website uses so-called web fonts from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to display fonts. When you call up a page, your browser loads the required web fonts into your browser in order to display texts and fonts correctly. To do this, your browser establishes a connection with Google, which tells Google that our web pages have been accessed via your IP address.  Google Fonts are used in the interest of a uniform and appealing presentation of our websites. If your browser does not support Google Fonts or Web Fonts, your terminal will use a standard font.

You can find more information about Google Fonts and Google’s data protection policy at the following Internet addresses: 

https://fonts.google.com/

http://www.google.de/policies/privacy

6.2. Cookies for usage analysis

Analysis and tracking cookies are used to record and evaluate your usage behaviour when using our services or visiting our website. In doing so, we learn, for example, how often certain functionalities are used or content is read or whether you came to us via an advertisement placed by us. We use this data to further improve the usability of this website and the attractiveness of the services.

The legal basis for data processing is your cookie consent, § 25 (1) TTDSG in conjunction with Art. 6 para. 1 a) GDPR. You can prevent the storage of cookies. In addition to the option of preventing them in the settings of your browser software, the individual cookies usually offer their own option to block or deactivate them. This is then shown below in each case.

6.2.1. Google Analytics 4

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google collects information about your use of this website (including your IP address) in the USA via a cookie and stores the information. Google analyses the information collected and sends us reports on the usage activities on our website. and provides further services to us for this purpose. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

In addition to blocking all cookies through your browser, you can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Google Analytics deactivate [Here opt-out cookie must be activated in JavaScript].  For more information on Google Analytics, please see Google’s privacy policy:

support.google.com/analytics/answer/6004245?hl=en.

6.2.2. SalesViewer

On this website, data is collected and stored with the SalesViewer technology of SalesViewer GmbH for marketing, market research and optimization purposes. A javascript-based code is used for this purpose, which serves to collect company-related data and the corresponding use. The data collected with this technology is encrypted using a non-recalculable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.The data stored within the framework of Salesviewer will be deleted as soon as they are no longer required for their intended purpose and no legal storage obligations stand in the way of deletion.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link to prevent the collection by SalesViewer within this website in the future. An opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again. https://www.salesviewer.com/opt-out

6.2.3. Appvizer

More information about privacy about Appvizer can be found here: https://www.appvizer.com/about/privacy-policy

Contact Email Address: contact@appvizer.com 

Headquarter Location: Rond Point Benjamin Franklin CS 39521-Montpellier, 34960,France

6.2.4. UserFlow

We use UserFlow, Userflow, Inc., 548 Market St PMB 69598, San Francisco, CA 94104-5401, USA, to provide information to our users and collect information from them through prompts on the platform. For example to collect customer satisfaction scores, as wwell a to educate users about a particular item,  button or feature on the platform. More information about privacy at UserFlow can be found here: https://userflow.com/policies/privacy

Contact Email Address: privacy@userflow.com

6.2.5. Kissmetrics

We use Metrics Enterprises code, software and/or services by Metrics Enterprises, 145 Corte Madera Town Ctr #445, Corte Madera, CA 94925, USA to obtain information regarding the activities that users engage in while visiting our website. When a user visits our website, the code contained on the website contacts Metrics Enterprises servers and enables Metrics Enterprises to collect Client User Data. This helps us to evaluate and understand how users are interacting with our website and to modify our website in order to make them more valuable or useful for their users. More information about privacy can be found here: https://www.kissmetrics.io/privacy/ 

contact Email Address:  privacy@kissmetrics.io and support@kissmetrics.io 

6.2.6. Linkedin insight

Our websites also use tracking functions of the LinkedIn network. LinkedIn uses cookies when you visit our websites. Your IP address will be transmitted to LinkedIn in the USA together with information about your use of our websites and the devices used. Your use of our websites and other websites that you visit may be analysed and used as the basis for advertising. If you have a LinkedIn user account and are logged in, LinkedIn may associate your visit to our website with your account. We have no knowledge of the exact data flows between your browser and LinkedIn. Please refer to LinkedIn’s privacy policy and cookie policy for more information:

6.2.7. Facebook pixel

We use the remarketing function “Custom Audiences via your website” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Facebook). For this purpose, the so-called “Facebook pixel” is integrated on our website. When you visit our website, the Facebook pixel establishes a connection between your browser and the Facebook server and sets a cookie. Facebook thereby receives the information that our website has been visited from your IP address. If you are a Facebook member, Facebook can link this information to your Facebook profile and use it for the targeted display of Facebook Ads. You can object to this linking and display in the privacy settings of your Facebook profile. For detailed information on the collection and use of your data by Facebook and your rights and options in this regard, please refer to Facebook’s privacy policy at the URL https://www.facebook.com/about/privacy/. If you do not want Facebook to link the collected information with your Facebook profile, you can deactivate this function at any time at the URL https://www.facebook.com/ads/website_custom_audiences/. If you are not a Facebook member, you can also deactivate the data transfer to Facebook at the URL http://www.youronlinechoices.com/.

Contact the Data Protection officer  https://www.facebook.com/help/contact/540977946302970 

6.2.8. HotJar

This website uses the analysis tool Hotjar from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta (“Hotjar”). When visiting the site, in addition to technical master data and cookies, the user’s mouse movements in particular are examined to create so-called “heat maps”. This information enables us to make the website even faster and more customer-friendly. Personal data is completely hidden in this process and is therefore not collected.

If you do not agree with Hotjar’s approach, you can adjust the cookie settings of your browser accordingly or deactivate the functions under this link: https://www.hotjar.com/policies/do-not-track/.

You can find more information on data protection at Hotjar here: https://www.hotjar.com/legal/policies/privacy

Contact Email Address: dpo@hotjar.com and support@hotjar.com

6.2.9. DoubleClick

This website uses the service DoubleClick by Google, from the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). DoubleClick by Google uses cookies to present you with advertisements that are relevant to you. When you visit our website, a pseudonymous identification number (ID) is assigned to your browser, in the form of cookies, in order to check which advertisements were displayed in your browser and which advertisements were called up. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. (So-called retargeting) The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place on the basis of legal regulations or within the framework of commissioned data processing. Under no circumstances will Google combine your data with other data collected by Google.

You can obtain further information about Google’s data protection policy at the following Internet addresses: http://www.google.de/policies/privacy/ 

Contact Email Address:  account-withdrawal@google.com

6.2.10. Cloudflare

We use the Cloudflare, [101 Townsend Street San Francisco, CA 94107 United States ], content delivery network (https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net) to improve the functionality and performance of our website. These content delivery networks receive your IP address in order to evaluate your location and let you download website content and design assets from the nearest server.

Data protection contact email address: privacyquestions@cloudflare.com.

6.2.11. Typeform

We use Typeform, TYPEFORM SL, c/ Pallars 108 (Aticco – Typeform), 08018 – Barcelona (Spain), to send out surveys and collect information. For example to collect feedback about features, information about users who want to be in our talent pool. It only registers your information if you opt to fill the survey/smartform. 

Here’s a link to their privacy policy: 

https://www.typeform.com/help/a/security-privacy-standards-at-typeform-9350912237844/

Here is the contact to their Data Protection Officer: dpo@typeform.com

6.2.12. Sentry

Sentry, Functional Software, Inc. d/b/a Sentry. Our address is Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, allows us to find errors on our platform and helps us to correct these errors.

Privacy Policy

compliance@sentry.io

6.2.13. Valuecase

We use the sales enablement software Valuecase provided by Valuecase GmbH, Axel-Springer-Platz 3, 20355 Hamburg, Germany (“Valuecase”).

We may use Valuecase services in the context of our sales, onboarding and customer success processes to provide you with a personalised digital platform on which you find all relevant materials and information in one central place. For this purpose, we process the personal data that you and/or a third party authorized by you provided to us and that is necessary for the technical provision (e.g., IP address, email address). We may also utilize Valuecase to collect data for analytics purposes when you visit the personalised digital platform we granted you access to. As a data processor acting on our behalf, Valuecase analyzes your use of our personalised digital platform by way of cookies and similar technologies so that we can improve our service to you. Valuecase is contractually obliged by us to exercise the same care in processing personal data as we do ourselves. For more, read Valuecase’s privacy policy.

6.2.14. iDenfy UAB

If you are a Client or potential Client we will use iDenfy (iDenfy, Barsausko Street 59, 51423 Kaunas, Lithuania ) to send you an inquiry asking you for general information about your company, e.g. your companies exact registration and your UBOs (ultimate beneficial owners), as well as some of their personal information, like name and date of birth, etc.  This is for the purpose of our regulatory due diligence regarding your deposit payment, including anti-money-laundering and sanction checks as well as checks for politically exposed persons.

Once you are registered with the WorkMotion platform, we will invite you to submit information using iDenfy. You will receive an email from iDenfy on behalf of WorkMotion. The data you then submit will be delivered to WorkMotion in order to enable WorkMotion to complete the above mentioned regulatory due diligence,

Here is the link to their Privacy Policy https://www.idenfy.com/privacy-policy/

Here is the contact information to their Data Protection Officer dpo@idenfy.com

Status: August 2023