Commitment to GDPR

Maintaining the security, integrity, and confidentiality of your data is our top priority.


Frequently Asked Questions

What is GDPR?

GDPR is the General Data Protection Regulation. It came into effect on 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardise data protection laws for all EU citizens. These regulations apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly

Bizimply as the data controller vs Bizimply as the data processor

“Data controller” and “data processor” are important concepts in understanding a company’s responsibilities under the GDPR. Depending on the scenario, a company may be a data controller, data processor or both – and has specific responsibilities as a result:

Data controller

A company is a data controller when it has the responsibility of deciding why and how (the “purposes” and “means”) the personal data is processed.
  • Under the GDPR, data controllers have to adopt compliance measures to cover how data is collected, what it’s used for and how long it’s retained. They also need to make sure that people can access the data about them.
  • Data controllers must ensure that data processors meet their contractual commitments to process data safely and legally.
As a data controller, Bizimply sets the controls for handling its staff data.

Data processor

A company is a data processor when it processes personal data on behalf of a data controller. Under the GDPR, data processors have obligations to process data safely and legally.

Bizimply provides a Workforce Management system to our customers. Whilst supporting this system we are effectively a data processor to our customers who are the data controllers. When Bizimply processes data on the client’s behalf, the customers must have an appropriate legal basis for Bizimply to process this data.

How can you exercise your rights provided under the GDPR?

How can you exercise your rights provided under the GDPR?
Under the General Data Protection Regulation, you have the right to access, rectify, portability and remove consent to your data.

Right to access
In order to request access to the personal data the data subject must make a formal request with the data controller. The main admin user of the data controller must then forward the request to

Rights to rectify
In order to rectify inaccurate data, the data subject must make a formal request with the data controller. The main admin can then alter the data.

Right to data portability
The rights to data portability allow data subjects to obtain data that a data controller holds on them and to reuse it for their own purposes. In order to request access to the personal data the data subject must make a formal request with the data controller. The data controller will then notify Bizimply by sending a formal request to

Removing consent
As a controller you can change your mind wherever you have given us your consent, such as for direct marketing or processing your sensitive information. By contacting us at you can request that we no longer process data we require your consent for.

If you are a data subject this request must be made to the data controller. The data controller can then make a request to Bizimply by sending an e-mail to

What information do we collect?

This is the list of the information we could collect.

Personal Descriptors
First Name
Last Name
Home/Business address
E-mail address
Phone number
Date of Birth
Passport Expiry
Visa Expiry
Marital Status
Next of Kin (Emergency Contact)
PPS/NI Number
Bank Details

Subprocessors: What systems are used by Bizimply to process our customer data:

Used as our in-app messaging/communication platform for customers
Hubspot CRM
Used for communicating product updates/tip and tricks/marketing to managers and admins on the account
Amazon AWS
Used for transactional emails.

Data Protection Officer

Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at or by writing to them at Data Protection Officer, Bizimply, The Digital Depot, Thomas St, Dublin 8, D08TCV4.

Do you automatically delete data that your business no longer has any use for?

Bizimply’s data retention period is 12 months after a customer churns. When the data controller requests for personal data to be deleted for a data subject, the request will be completed within 30 days. Churned customer data is deleted 12 months after the churn date. A recurrent job will be run to identify churned customers and will destroy the data after 90 days (or whatever we define) of inactivity. Backups will store the churned customer data as well but they will be deleted after 25 days.

Security of processing

Bizimply has a team of trained IT support staff that ensure the safety of the data it processes. We achieve this by:
  • Encrypting the personal data in the database using Transparent Data Encryption (TDE) and in transit using TLS version 1.2.
  • Appropriate controls to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • Testing the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Have created a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
  • All the data is stored in the Bizimply Amazon data centre in Dublin.

Try Bizimply's All In One

Workforce Management Platform