Simployer Trust CenterGDPR and privacy › Processing activities in Simployer

Processing activities in Simployer

Purpose of Simployer

Simployer HRM makes internal routines and processes between employees, managers and HR in the business more effective and professional.

The system is adapted to current legislation and is based on the customer's and our best practices. Simployer HRM enables the customer to fulfill its duties as an employer in a competent and secure manner.

Simployer's processing activities in the system

Simployer acts as a data processor for the customer who is the controller. Simployer performs processing on behalf of the customer by providing standardized systems that enable the customer to perform the processing that the system offers. Simployer makes basic database management on their own initiative for the purpose of ensuring secure data storage, availability for the customer and confidential data processing. Backup of data to a remote location is part of the service.

In connection with the establishment of the system, selected and agreed upon employees of Simployer will assist the customer with populating the system with the correct basic data. After systems are established and handed over to the customer, Simployer employees will not have direct access to the customer's data unless the customer gives access in connection with support, or this is required to ensure that data is not lost or to comply with the law.

The customer's processing activities in the system

Simployer provide for the Customer to be able to perform data processing using the system. The activities that appear in the system are specific by modules. See sub texts below regarding the processing by the specific modules.

Employee's consent

The basic condition for processing personal data is laid down in the General Data Protection Regulation, "GDPR", article 5 and 6. 

The term "sensitive personal information" is a common term for particularly sensitive personal data that has a special protection. In GDPR art. 4 15. it is states that "health information" is personal data regarding a physical persons physical or psychological health [..]" Initially, information about sick absence and other health conditions will therefore be sensitive personal information. Data limited to informing about shorter absence (eg absence due to cold etc) may be assumed to be non-sensitive information. However, information about eg. prolonged sick leave is probably sensitive personally identifiable information. This distinction between sensitive and non-sensitive personal data related to sick absence has been confirmed by telephone by the Norwegian Data Protection Authority by a senior adviser at Simployer.

Thus, it is not possible to provide a clear, general answer to the extent of which the boundary between sensitive and non-sensitive personal data goes as far as absence information is concerned. Our recommendation is therefore that employers treat all personal information in accordance with the terms that apply to sensitive personal information.

The GDPR mandates that processing of sensitive personal data requires, firstly, that one of the conditions in the legislation is fulfulled. Article 6 states that the conditions for processing is that the processing is subject to one of six different alternative conditions set forth in Article 6, 1. a. through f. In our opinion, points a) and b) are the most relevant in this case.

The relevant legal basis for our assessment on this, is article 6. 1. b. An employer has a number of different legal obligations to his employees, such as the duty to pay sickness benefits, systematic follow-up of HSE and other labor law obligations. Common to these obligations is that they arise from a contract of employment which commits employers to, for instance, to pay sickness benefits. The employer's registration of absence date, and whether the absence is due to own sickness or the absence is due to children's sickness, is necessary to fulfill the employment agreement and safeguard the interests of employees.

In our opinion,, GDPR art. b. and f. are adequate legal basis for the employer's storage of sickness data without the employee's consent. The employer therefore does not need to obtain consent from the employee for such sickness data to be registered.

Data transparency

Simployer allows for registration of various roles in a hierarchy, and all employees are assigned to an immediate superior, which in turn is allocated to their immediate superior. In the following we will discuss the issue of employers being obliged to impose restrictions on how far up the hierarchy such an approach may be, for example, if employee personnel data may only be available to the immediate superior and thus not available to the immediate superior's head.

The Personal Information Act or the Working Environment Act does not explicitly regulate the extent to which the organization's personal data may be available. However, in our opinion, the legitimate access to the information will depend on the official need for such access. Access must not be open to all the managers of an employer, but only those who will use the information in the performance of their duties. This will usually include the employee's immediate superior as well as the Human Resources Department and the Payroll Department.

How far up in the hierarchy there will be a formal need for access to the employee's sickness data may thus vary. This means that  it is up to the employer to decide on the question, and the employer must himself draw the limit for who has a formal need for access to employee data . However, in order to facilitate such a delimitation, Simployer must enable each company to block access for persons who do not have a decent need.

Physical storage of data

There are no specific rules on how data that can be traced to people is stored, other than that it is to be stored in a safe way where access and availability are limited. The Norwegian Data Protection Authority has made general guidelines for how the applicable legislation is to be interpreted:  http://www.datatilsynet.no

Read more about data storage in Simployer.

 

Processing activities per module

The references are related to the Data processing Agreement and which hosting partners are involved with the different modules.

Reference

Module description and processing

Types of personal data

Special categories

A1

Personnel Register

The purpose of the module is to keep updated personal data about people in the business.

The module allows the client to process all relevant personal data about employees and employee's spouse / partner and child. The module allows employees at the right level in the organization to read parts of the information about other colleagues (typical phone / mailing list). Employees can add, change, and delete data about themselves. The nearest manager can add, change, and delete the data about their employees.

The module offers role management so that selected persons can add, change, and delete data about other employees.

Name, contact information, addresses, employment, positions, bank accounts, user account

None

A2

Document Archive

The purpose of the module is to keep documents and protect documents against unauthorized deletion.

The document archive is a protected storage for all types of documents related to the employee. By default, the employee has the opportunity to add, edit, and delete documents about himself. The nearest manager can add, change, and delete documents about their employees. Documents that are protected from deletion can not be deleted by anyone other than the person who initiated the protection, or by persons with extended role access.

The module offers role management so that selected persons can add, change, and delete documents about other employees. The nearest manager or selected person at the customer can choose to make documents hidden or visible for the employee.

The content of the documents is solely the responsibility of the controller.

Binary data (documents), metadata on documents.

May occur, depending on content in documents

A3

Vacation

The purpose of the module is to keep track of vacations in a business.

The module stores applications for vacation and data on approved / denied vacation periods. By default, the employee has the opportunity to add, modify, and delete vacation applications for himself. The nearest manager can add, change, and delete vacation applications for their employees, as well as approve or reject applications for their employees.

The module offers role management so that selected persons can add, change, and delete vacation applications for other employees, as well as approve or decline vacation applications.

Vacation periods are accumulated from individuals into vacation plans at levels in the organization. Approved vacation periods are optionally readable for all users of the system.

Information about vacation applications and vacation periods for employees.

None

A4

Leave & Absence

The purpose of the module is to keep track of leave and absence, as well as the timeflex balance for employees.

The module stores applications for leave / absence and data on approved / rejected periods. By default, the employee has the opportunity to add, modify, and delete applications for himself. The nearest manager can add, change, and delete applications for their employees, as well as approve or reject applications for their employees.

The module offers role management so that selected persons can add, change, and delete applications for other employees, as well as approve or decline applications.

Periods of leave / absence are accumulated from individuals into absence reports at levels in the organization. Approved periods, without details, are optionally readable by other users of the system.

It is the customer who defines the absence types in the system, and fills in meta data on the absence types.

Information about leave and absence periods for employees.

None

A5

Sick Absence

The purpose of the module is to administer sick leave, statutory follow-up of sick-leave, electronic self-declaration and sick leave statistics.

The module stores data about sick absence for employees and statutory documentation for follow-up of sick leave. Periods of sick leave are accumulated into absence reports for the organization, and used to calculate sick-absence statistics. Notes from sick leave follow-up are used to compile follow-up plans, which may also be exposed to public authorities and doctors. The module monitors electronic reporting of follow-up plans to NAV.

By default, the employee has the opportunity to view data about his or her sick absence, as well as statistics about his or her own absence. The employee delivers electronic self-declaration through the system when returning to work (in whole or in part). The nearest manager can add, change and delete sick absence on their employees, as well as verify self-declarations and view sick absence statistics for their employees and accumulated for their area of responsibility.

The module offers role management so that selected persons can add, change, and delete sick absence on other employees, as well as verify self-declarations and see sick leave statistics.

Information about sick leave for employees, including statutory documentation and doctor's declarations. Documentation about follow-up of sick leave.

Health information may occur in documentation and text fields, even if the module clearly advices users against entering such information.

A6

Travel and Expenses
The purpose of the modules is to administer travels and expenses.

The module stores data on travels that the employee has been on and data about expenses, with vouchers, that the employee has had. By default, the employee has the opportunity to add, change, and delete travel and expenses for himself. The nearest manager can add, change, and delete travel and expense on their employees, as well as approve or decline travel bills and expences for their employees.

The module offers role management so that selected persons can add, change, and delete travels and expenses for other employees, as well as approve or decline travel bills and expenses. Selected persons can export raw data related to travel and expenses to different formats intended for import to payroll systems.

It is the customer who defines its export variants in the system. The system can import credit card transactions from credit cards that the employee possesses from the company so that credit card transactions can be used to make expenses and / or travel bills.

Information about travel bills and expences, including documentation for employees. Credit card transactions (option).

None

A7

Competence
The purpose of the module is to manage competences in a business.

The module stores data on employee competences. Competences are accumulated from individuals into organization's competence register, and can be used to generate CVs for employees.

By default, the employee has the opportunity to add, modify, and delete data about his or her own competence. The nearest manager can add, change, and delete competence for his employees, as well as define competence requirements for his area of responsibility.

The module offers role management so that selected persons can add, change, and delete competences on other employees, as well as define competence requirements and compile competence lists.

It is the customer who defines his / her competence types in the system and completes metadata about the competence types.

Information about formal and informal competence, education, certifications and competence requirements for employees, including supporting documentation.

None

B1

Processes
The purpose of the module is to provide workflow on personnel processes carried out in the business.

The module stores workflow data for defined processes in the business. Individual workflows accumulate and merge into organizational charts, and are used to generate alerts to people who have tasks in a workflow. Notes from tasks are used to document the processes.

By default, the employee has the ability to add, edit, and delete data about his / her own tasks in a workflow, as well as to see progress in the workflow. Process owners can add, change, and delete data on their workflows.

The module offers role management so that selected persons can add, change, and delete processes and tasks for other employees.

It is the customer who defines the workflows.

Same information as in A1. The module may contain written reports from dialogues between employee and nearest manager regarding on or offboarding activities.

None

B2

Employment contracts
The purpose of the module is to generate employment contracts and electronically sign them.

The module stores data on employment contracts. Work agreements are aggregated from templates that the company maintains. The employee and the relevant person in the business sign the employment agreement electronically.

By default, the employee has the opportunity to read the employment contract and sign electronically. The nearest manager can add, change, and delete work contracts on his employees, as well as sign electronically.

The module offers role management so that selected persons can add, change, and delete employment contracts, and facilitate electronic signature.

It is the customer who defines the contents of his work contracts and the templates in the system from which the employment contracts are generated.

Information about employment contracts for employees, including terms for the position.

None

C1

Handbooks

The purpose of the module is to host and publish organizational conten in the form of employee manuals, leader manuals and HES manuals.

The module stores authorization data about user accounts to provide access control to content.

The module offers role management so that selected persons can add, change, and delete content, users and access to content for users.

Name, email, organizational content.

None

C2

Chatbot

The purpose of the module is to provide a digital assistent within a handbook that is able to answer questions based on AI and indexes from content in handbooks.

Questions entered in text fields related to company content in handbooks.

Normly none.

Users may enter any text in text fields.

D1

Deviation
The purpose of the module is to report deviations, handle reported deviations and provide statistics on deviations.

The module stores data about reported deviations in the organization. Reported deviations are used to generate statistics. By default, the employee has the opportunity to report deviations.

The module offers role management so that selected persons can delegate cases and handle reported deviations.

It is the customer who defines the deviations and what data is required in reports.

Text and documents about deviations.

May occur if the reporter enters such information in text fields or in attachments.

E1

Hours
The purpose of the module is to log hours, manage hours, keep track of flextime and generate data for salaries.

The module stores data on hour logs for the employee. Logs are used to accumulate balances for the employee. By default, the employee has the opportunity to add, change, and delete hours for himself, as well as create hour logs based on their own hours. The nearest manager can add, change, and delete hours on their employees, as well as approve or decline hour logs for their employees.

The module offers role management so that selected persons can add, change, and delete hour logs for other employees, as well as approve or decline hour logs. Selected persons can export raw data related to hour logs to different formats intended for import to payroll systems.

It is the customer who defines his hour types and export variants in the system.

Same information as in A1, A3, A4 and A5.

Hour logs.

None

E2

Resource planning

The purpose of the module is to create rosters for individuals and organizations to fulfill needs for staffing.

The module stores data about rosters for the employee. Rosters are accumulated into plans for individuals and organization. 

The module offers role management so that selected persons can add, change, and delete rosters. 

It is the customer who defines his hour types and export variants in the system.

Same information as E1.

Rosters.

None

F1

Learning
The purpose of the module is to manage courses, including enrolment and course history, as well as management of knowledge tests, e-learning programs.

Information about employees registrations and attendance on courses and the results of course exams.

Normally, none, but special categories may occur if entered into text fields or documents by the customer.

F2

Dialogue

The purpose of the module is to provide functionality for planning and conducting development dialogues or other structured dialogues between employees and managers.

Same information as in A1.

The module may contain written reports from dialogues between employee and nearest manager.

None

F3

Competence management

The purpose of the module is to provide support for managing competence, individual competence mapping and profiling of individuals against required competence roles.

Same information as in A1.

Information about employees personal and professional development goals.

None

F4

Goals

The purpose of the module is to provide support for managing goals and work objectives for employees, with follow-up at individual level.

Same information as in A1.

Information about employees personal and professional development goals.

None

F5

Succession

The purpose of the module is to provide functionality to evaluate and plan work on successors, e.g., through the planning of replacements and rating of performance and risk.

Same information as in A1.

The module may contain written summaries of conversations between superiors and employees related to offboarding of employees.

Ingen

G1

Engagement

The purpose of the module is to provide functionality and system to measure engagement of the employees.

Please see attachment 6B to the Data Processing Agreement for specific terms for this module.

Contact information, name, profile and information about mobile devices.

Answers from employees on pulses (questionnaires) are stored anonymously and cannot be related to the employee providing the answers.

Under normal circumstances, no special categories are processed or stored (unless the user inputs this in the text-fields). Will in any case not be related to the user, since answers are anonymized.

G2

Whisteblower

The purpose of the module is to provide functionality and system for whistleblowing.

 

Depending on input from the whistleblower, the content is stored in text fields, and may contain personal data about the whistleblower and other affected parties.

Normally none (if not entered into text by user)

H1

Insights

The purpose of the module is to provide integration endpoints (API) the allows select users access to, and options for transferring information from the customers data storage to external data stores for further processing and analyses. PS: See annex 6A of the DPA for separate conditions for this module.

 

The endpoints will potentially give access to all personal data stored in Simployer for the specific customer.

See annex 6A of the DPA for detailed description and separate conditions for Insights.

No separate, except statutory and registered health information (see A5)

J1

Compensation

The purpose of the module is to provide functionality for registering and maintaining salaries and benefits for employees. The module also has simulation capabilities for salary adjustments within the organization.

Information about salaries and benefits for employees.

None

J2

Pay-analytics

The purpose of the module is to provide functionality for payroll audits and analyses of salaries to be able to map differences in salaries within the organization.

Information about salaries and benefits for employees.

 

None