Data protection concept
absentify and the responsible company, BrainCore Solutions GmbH, have set out to develop and provide a simple and effective option for absence planning for third parties in the SaaS Workspace from Microsoft (MS 365).
This concept is intended to describe and document the basic data protection requirements as well as the company's general handling of these requirements, and therefore its compliance with the aforementioned.
In this context, compliance with data protection regulations has an extremely high priority, as the intended processing is fundamentally sensitive in nature. This includes but is not limited to; the employees and absence data of varying companies and institutions are processed on behalf of the company. These must be adequately protected to avoid misuse of this data.
Scope of application
The principles of this concept apply to the company BrainCore Solutions GmbH in the area of development, operation and sales of the SaaS application "absentify".
This primarily affects the internal and external employees of BrainCore Solutions GmbH as well as management. These are limited to a small group of employees of approximately 2 lead developers and the managing director. If used, this concept must also be observed by external contractors.
Customers, however, only benefit from the data protection concept, as it enables and facilitates compliance with data protection regulations.
Data protection policy and responsibilities within the company
Even though the company, which is based in Switzerland, is primarily bound by Swiss data protection law, compliance with the European GDPR is decisive due to the company's activities, which are global, but mainly EU-wide. Accordingly, the company has set itself the goal of taking those requirements into account and complying with them. This is facilitated by the fact that Switzerland requires the same standards in the area of data protection as the EU due to various political and economic interdependencies with the EU.
Consequently, the company's processing activities are guided by these standards. In addition, it is the management's own policy to ensure that processing is as data-saving, reliable and user-friendly as possible.
As a result, both the definitions of the GDPR (Art. 4 GDPR) and the principles of data processing under the GDPR (Art. 5 GDPR) must be taken into account.
The SaaS application Robin-Data is to serve as the underlying system, via which the data protection management system is managed and continuously improved. The documentation is also carried out in Robin-Data.
The body responsible within the means of the GDPR is:.
BrainCore Solutions GmbH
EU representative according to Art. 27 DSGVO is:
Phone: +49 251 9811573777
In addition, we have engaged an external data protection consultant to support our internal data protection organisation.
Existing technical and organisational measures (TOMs)
The documentation of the planned, introduced and implemented TOMs can be found in the Robin Data.
Data protection incidents
All data protection incidents that cannot be remedied are reported to the responsible supervisory authority within 72 hours. We immediately involve our data protection advisor in the decision-making process for the best possible course of action.
Data subject inquiries
Data subject enquiries are processed individually with the support of our data protection advisor in accordance with the internal guidelines for data subject enquiries.
Updated on: 05/03/2023