Simployer Trust Center › Other useful content › Agreements › Data processing agreement
Data processing agreement
Reference |
Module-description |
Description of the data processing, categories of personal data |
Special categories of data |
---|---|---|---|
A1 |
Personnel records – Information about employees, access control, message archive, and organizational charts. |
Name, contact information, address, employments and positions, bank account, user account information. |
None |
A2 |
Document archive – Documents relating to employees. |
Text (in documents) – both personal data and special categories may occur. |
May occur (depending on content in documents) |
A3 |
Vacation – Information about holiday for employees. |
Information about employees’ vacation applications and periods. |
None |
A4 |
Days off and leave – Information about days off and leave for employees. |
Information about employees leave applications and periods of leave. |
None |
A5 |
Sick leave – Information about sick leave for employees and statutory documentation for follow-up. |
Information of employees’ periods of sick leave, including mandatory documentation, like doctor declarations and information in follow up plans. |
Health information may occur |
A6 |
Travels and expenses – Travels and expenses with documentation and attestations for employees. |
Information about employees travel bills and expense sets, including documentation from vouchers. |
None |
A7 |
Competence – Information regarding the employees’ competence and skills. |
Information about employees formal and informal competences, skills, education and certifications. |
None |
B1 |
Processes (Onboarding, Offboarding, HSE) – Information about workflow and metadata related to defined processes in the company. |
Includes the same information as A1. The module may contain written summaries of conversations between superiors and employees related to onboarding or offboarding of employees. |
None |
B2 |
Employment agreements – Information related to employment agreements in the company. |
Information in employee labor contracts including personal data, information about position and terms. |
None |
C1 |
Digital handbooks – user-register with access control to the customers handbooks |
Contains name, email and roles for handbook users. |
None |
C2 |
Chatbot – Digital assistant which answers user questions related to Simployer Handbooks. |
Processes text entered by user, normally related to search in the handbooks. |
Normally none (if not entered into text by user) |
D1 |
Deviation – Information about deviations from approved routines in the company. This may involve personal data about employees. |
Information in registered deviations in the organization. Contains text fields normally used to describe and document the deviation. |
May occur (if the user enters special category data into text fields) |
E1 |
Hour registration – Information related to hours worked for employees. |
Information about logged hours from employees. |
None |
E2 |
Resource planning – roster for individuals. |
Information about employees’ time planning and accumulation across organization. |
None |
F1 |
Learning – Management of education, including enrolment and course history, as well as management of knowledge tests, e-learning programs. |
Information about employee’s registration and attendance in courses and trainings, including results from tests. The module allows for text fields which may include special categories. |
Normally none (if not entered into text by user) |
F2 |
Dialogue – Functionality for planning and conducting development dialogues or other structured dialogues. |
Identical information as in A1. The module may contain written summaries of conversations between superiors and employees related to development, onboarding or offboarding of employees. |
None |
F3 |
Competence management – Support for managing competence, individual competence mapping and profiling of individuals against required competence roles. |
Information about employees formal and informal competences, skills, education and certifications. |
None |
F4 |
Objectives – Managing goals and work objectives, with follow-up at individual level. |
Information about employees personal and professional development goals. |
None |
F5 |
Succession – Functionality to evaluate and plan work on successors, e.g., through the planning of replacements and rating of performance and risk. |
Identical information as in A1. The module may contain written summaries of conversations between superiors and employees related to offboarding of employees. |
None |
G1 |
Engagement – Functionality and system to measure engagement of the employees. Please see attachment B to the Data Processing Agreement for specific terms for this module. |
Information regarding the customers, including contact information, name, profile and information of the device. The answers from the employees are stored anonymously and cannot be related to the employee providing the answers. |
Under normal circumstances, no special categories are processed or stored (unless the user inputs this in the text-fields). Will in any case not be related to the user, since answers are anonymized. |
G2 |
Whisteblower – Functionality and system for whistleblowing Funksjonalitet og system for å varsle («whisteblowing») PS: See annex C of the DPA for separate conditions for this module. |
Depending on input from the whistleblower, the content is stored in text fields, and may contain personal data about the whistleblower and other affected parties. |
Normally none (if not entered into text by user) |
H1 |
Insights / integration endpoint (API) the allows select users access to, and options for transferring information from the customers data storage inte external data stores for further processing and analyses. PS: See annex A of the DPA for separate conditions for this module. |
The endpoints will potentially give access to all personal data stored in Simployer for the specific customer. See annex A of the DPA for detailed description and separate conditions for Insights. |
No separate, except statutory and registered health information (see A5) |
J1 |
Compensation – Module for registering and maintaing salaries and benefits for employees. The module also has simulation capabilities for salary adjustments within the organization. |
Information about salaries and benefits for employees. |
None (but contains personal information about compensation/salary) |
J2 |
Equal Pay – Module for payroll audits and analyses of salaries to be able to map differences in salaries. |
Information about salaries and benefits for employees. |
None (but contains personal information about compensation/salary) |
Name of subcontractor |
Description of processing |
Location (storage and access) |
Relevant for modules (see section 2. above) |
---|---|---|---|
Simployer AS (A company in the Simployer Group) |
Development and operation of modules |
Norway |
A, B, C, D, G, H, J |
Simployer Solutions AS (A company in the Simployer Group) |
Development and operation of modules |
Norway |
A, B, C, D, G, H, J |
Simployer AB (A company in the Simployer Group) |
Development and operation of modules |
EU |
A, B, C, F, G, H, J |
Simployer ApS (A company in the Simployer Group) |
Development and operation of modules | EU | A, B, C, F, G, H, J |
Simployer Tech Sp.z.o.o. (A company in the Simployer Group) |
Development and operation of modules |
EU |
A, B, C, D, F, G, H, J |
Simployer Consulting Sp. z.o.o. (A company in the Simployer Group) |
Development and operation of modules |
EU |
A, B, C, D, F, G, H, J |
Embriq AS |
Operation of servers, firewall, antivirus and backup |
Norway |
A, B, C, D, H |
Smart IT AS |
Operation of servers, firewall, antivirus and backup |
Norway |
E |
Microsoft Azure |
Operation of servers, firewall, antivirus and backup |
EU |
A, B, C, D, F, H, J |
Elasticsearch Inc |
Operation of Elastic search engine |
EU |
C1 |
Twilio Sendgrid Inc. |
Emailing |
USA – Transfer based on «Binding Corporate Rules» (BCR) and «Standard Contractual Clauses» (SCC) |
A, B, C, D, G, J |
Mailjet Inc. |
Emailing |
EU |
F, G |
Signicat AS |
Digital signature |
EU |
B |
Auth0 |
Authentication |
EU |
A, B, C, D, E, F, G, H, J |
Kindly AS |
Operations of platform for machine learning and language technology |
Norway – Kindly AS – processing and transfer of chat-data to subcontractors EU – hosting for temporary storage and processing of chat data |
C2 |
Quatrix |
Cloud based service for secure exchange of temporary files and data between the parties. |
EU |
Not connected to any particular module (used for secure transfer of data that cannot be sent through the Simployer system) |
Amazon Web Services Europe |
Operation of servers and infrastructure (PaaS) |
EU |
G |
OneSignal |
System for push-messages |
USA – transfers based on Standard Contractual Clauses (SCC) |
G |