Data Protection Concept

Preamble

absentify and the responsible company, BrainCore Solutions GmbH, aim to provide an easy and effective way to manage absences for third parties within Microsoft's SaaS workspace (MS 365).

This concept is intended to describe and document the basic requirements for data protection, as well as the company's general approach to meeting these requirements.

Compliance with data protection regulations is of the utmost priority, as the data being processed is generally sensitive in nature. The data includes employee and absence information from various other companies and institutions processed on their behalf. These data must be adequately protected to prevent misuse.

Scope

The principles outlined in this concept apply to BrainCore Solutions GmbH in the development, operation, and sales of the SaaS application "absentify." It affects internal and external employees, as well as the company's management. This concept also applies to external contractors, if used.

Customers benefit from this data protection concept, as it helps ensure compliance with data protection regulations and makes it easier to achieve.

Data Processing Agreement (AVV): Customers can download the current AVV to review our data protection agreements and policies. Please print the contract, sign it, and return it to us (as PDF scan to support@absentify.com). We will then sign it and send a copy back to you.

Data Protection Policy and Responsibilities within the Company

Although the company is based in Switzerland and is primarily subject to Swiss data protection law, compliance with the European GDPR is essential due to the company's EU-wide and global operations. The company is committed to meeting these requirements, which is facilitated by Switzerland's political and economic ties to the EU, which call for similar data protection standards.

The company's processing activities are in line with these regulations. Furthermore, the management's policy is to ensure minimal data collection, reliability, and user-friendly processing.

Thus, both the definitions of the GDPR (Article 4 GDPR) and the principles of data processing under the GDPR (Article 5 GDPR) must be considered.

The SaaS application Robin-Data serves as the underlying system for managing the data protection management system, with continuous improvements. Documentation also takes place in Robin-Data.

Responsible entity under the GDPR is:

BrainCore Solutions GmbH
Panoramaweg 1
8274 Tägerwilen
Switzerland

EU representative according to Article 27 GDPR is:

MPH-GL GmbH
Reichenaustrasse 11a
78467 Konstanz
Germany

Phone: +49251 9811573777
Email: support@absentify.com

We have also engaged an external data protection consultant to support our internal data protection organization.

Technical and Organizational Measures (TOM)

Documentation of the planned, implemented, and ongoing technical and organizational measures can be found in Robin-Data.

Data Protection Incidents

All data protection incidents, if not rectifiable, will be reported to the relevant supervisory authority within 72 hours. Our data protection consultant is involved in the decision-making process for the best course of action.

Data Subject Requests

Requests from data subjects are handled individually, following our internal guidelines for data subject requests, with the support of our data protection consultant.

Updated on: 27/04/2024