Please note: This blog is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements. Organisations should take independent legal advice regarding their own provisions for data protection.
1. Data Minimisation
Personal data shall be limited to what is necessary in relation to the purposes for which they are processed.
Bizimply helps with data minimisation by allowing you to customise the fields available in the employee’s HR profile. We also do not require any more information other than first name to create a profile.
2. Right Of Access By The Data Subject & Right To Data Portability.
The data subject shall have the right to obtain access to their personal data.
…and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Should an employee request access to the information you have on file, our reports section allows you to export all employee details and payroll information from their profile. Issues, Documents, Notes and Time Off records can all be exported as PDF files directly from the employee profile.
3. Right To Rectification
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data.
Every employee profile can be given the “Employee” role. This will give the employee access to the MyZimply mobile app and the employee web portal. Here it’s easy to correct inaccurate contact information.
Other amendments to employee profiles can easily be made by system administrators. Bizimply can export an audit log report which will record actions taken in an employee HR profile.
4. Right To Be Forgotten & Right To Object
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her.
“The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.”
While it is up to the data controller to determine what their legal obligations are and what data can or should be removed from Bizimply, we allow controllers to request the deletion of employee information from their account. Simply contact firstname.lastname@example.org to request the deletion of an employee profile.
5. Data Retention
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
While an employee’s profile may be removed from Bizimply, their attendance, schedule and other information will be retained for historical purposes to allow for accurate information on labour hours worked, costs etc. This information will be anonymised upon deletion of the employee therefore not requiring any further processing by the controller.
6. Data Storage
Employee data must be stored securely
Bizimply’s role based access control is built to enhance the security around your employee data. Employee data will be stored in one, safe place which will be accessible only to those who have been given the correct permissions to view or edit it. Any edits to this data will be recorded and can be viewed by exporting an audit log report.
Is Bizimply Compliant?
Yes. As of May 25th, Bizimply is fully GDPR Compliant. Our current and ongoing commitment to GDPR is to:
- Process personal data only on documented instructions from the controller.
- Implement appropriate technical and organisational measures to ensure a level of security appropriate to risk.
- At the choice of the controller, delete or return all the personal data to the controller after the end of the provision of services relating to processing, and delete existing copies unless we are required by law to retain the personal data.
- Make available to the controller all information necessary to demonstrate compliance with the obligations.