Livvwork is made up of several legal entities which We use as infrastructure to provide Our Services. However, for data protection purposes the entities in control of all Personal Data processed in connection with Our Website and Services are:
• Livvwork B.V., a company registered in the Netherlands under number 81112882, VAT Number NL861936735B01, at Van der Takstraat 8, 3071LL, Rotterdam, the Netherlands.
We commit Ourselves to the highest standard for data protection and privacy. Due to Our global footprint, We are subject to several data protection regulations and as a guiding principle, We apply the strictest regulation to protect Your data and privacy globally. This results in a broad set of rights and choices made available to you.
The terms "Personal Data", "Data Processing", "Data Subject", "Data Controller and "Data Processor" have the same meaning as under Regulation (EU) 2016/679 - the General Data Protection Regulation (GDPR).
When and how We collect data
We may collect Your Personal Data through Our communication and Your usage of Our platform and services. Personal Data can be directly provided by You or indirectly collected by Us (i.e. from Your interactions, use, and experiences with Our Services).
Type of data we collect:
How we use your data:
What is "lawful basis"?
Under the GDPR, We need to have a lawful basis to legally process Your Personal Data. For the described Data Processing, We rely on the following legal grounds:
• Consent: (Art. 6(1)(a) GDPR) when We rely on this basis We only process Personal Data about you for the specific purposes you expressly authorise. You can withdraw Your consent whenever you wish.
• Performance of a contract: (Art. 6(1)(b) GDPR) when We rely on this basis the Data Processing is necessary for the performance of a contract with you or to take steps at Your request before entering into such a contract.
• Compliance with a legal obligation: (Art. 6(1)(c) GDPR) when We rely on this basis We are obliged to process the relevant Personal Data to comply with Our legal obligations.
• Legitimate interests: (Art. 6(1)(f) GDPR) when We rely on this basis We process Personal Data as necessary in pursuit of Our own, Our business partners', or Your legitimate interests. When We do this We must ensure that the interests We pursue do not override Your fundamental rights and freedoms.
• Substantial public interest: (Art. 9(2)(g) GDPR) when We rely on this basis We do it to prevent harm, fraud, money laundering, terrorist financing, child labor and to enable trust safety and compliance.
Although restricting access to certain data might affect Your experience, you can always make changes, such as:
• Disable cookies: You can block cookies in Your Web browser (check Your browser's Help page).
• Don't provide Personal Data: You can still navigate the Website and access all Our features that don't require Your personal information.
• You can withdraw Your consent for marketing communications: We will contact you directly if We receive Your explicit consent to send marketing communication, but if you don't wish to hear from us again, please click the unsubscribe button on the communication or use this form to let us know.
Data Subjects rights
You may exercise any rights related to the Personal Data We collect via the "Help” button if you are a registered user or email@example.com if you are not a registered user. We will then verify Your identity and respond to Your inquiry without undue delay within 15 days of receipt of the request.
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension, together with the reasons for the delay.
We note that where requests are manifestly unfounded or excessive, in particular because of their repetitive character, We may refuse to act on the request. In such cases We shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request. Find below a summary list of Your rights and how you can exercise them:
How We keep Your data secure
We comply with the EU's General Data Protection Regulation. Data protection is ensured by encryption and security measures throughout the lifecycle of Your data.
• Data encryption in transit
• Data encryption at rest
• Architecture network isolation through private networks
• Fully auditable access and changes
• AWS is Our trusted cloud provider and is compliant with the following industry standards:
o SOC I/II/III
o ISO 27001/27017/27018
• All systems are protected by a firewall with security threat detection and prevention mechanisms.
Internal best practices
• We follow the least privilege principle to limit systems' access to essential personnel only. • We practice continuous credentials auditing and management.
• We conduct internal security and privacy training.
• Infrastructure-as-code allows for quick rebuilding and portability.
• Our average response times are under 150ms.
• We practice continuous monitoring of applications and infrastructure.
• We create daily data backups.
• Users have control of their data.
• We do not keep any data other than data strictly necessary for business operations.
Personal Data Disclosures
In order to provide, maintain, improve, secure, and promote Our Services, We need to disclose Personal Data to third parties. All Personal Data in the scope of this Policy is hosted on Amazon Web Services. This section provides further details about the specific disclosures We make to other third parties.
Certain Personal Data may be disclosed to Our suppliers who help us run Our business. Our suppliers may process Personal Data on Our behalf solely in accordance with Our instructions and pursuant to a written agreement. For example, We use suppliers for Webhosting, secure cloud storage, video conferencing, analytics, email delivery, customer relationship management, Web fonts, and other services. We also use suppliers such as social media companies and search engines to promote Our Services.
• These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are either necessary for performing Our contract with you or for the purposes of Our legitimate interests (that are to provide, maintain, improve, secure, and promote Our Services). When none of these bases apply, We will seek Your permission (consent) to share Personal Data with a specific supplier.
• Our suppliers may change over time, but registered Website Users will regularly receive a list of key suppliers.
Certain Personal Data may be disclosed to other suppliers who also help us run Our business but act as controllers (Advisors). These suppliers process Personal Data in accordance with their own privacy policies, however, in any case, Our contracts with such suppliers require them to comply with applicable data protection laws when processing any Personal Data they receive from us. These suppliers include financial institutions, lawyers or notaries, licensed auditors assisting or supervising us in connection with Our compliance obligations, HR providers, identity verification service providers, and others.
• These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are either necessary for the purpose of performing Our contract with you; or necessary for the purposes of Our legitimate interests (that are to provide, maintain, improve, secure, and promote Our Services);
• These Advisors may change over time, depending on Our business needs.
Local authorities (controllers)
Various authorities such as regulators, tax authorities, law enforcement agencies, courts of law, and others may require us to produce information that may include Personal Data about you. What Personal Data is included depends on each request.
• These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are necessary for the purpose of us complying with Our legal obligations.
• These authorities vary depending on the jurisdictions where We and Our Customers operate and reside.
Our platform integrates with other SaaS products such as Human Resource Information Systems (HRIS), WorkTech, and Facility Management Systems (e.g. Desk Booking) through Our application programming interface (API). We partner with such SaaS providers to make it easier for their clients to access Our services and for Our clients to access their services.
When partner systems integrate with Our platform, they can pull personal data We store upon a customer's request. This means that when Customers integrate Our Platform with other SaaS systems they use, Our Platform will send Employee data to the requesting Customer via the partner SaaS system.
• These disclosures apply to Employees data only and are necessary for the purposes of Our Customers' legitimate interests (that is to make it easier for them to access Our services via a third-party system).
• The Personal Data involved depends on the data the Customer requests and on the configuration of the partner SaaS system.
If We sell or buy any assets or business, We may disclose Personal Data about you to the prospective seller or buyer of such business or assets. Conversely, if We are acquired by another business, Personal Data about Our customers will be transferred to the buyer.
• These disclosures apply to all categories of Data Subjects and types of Personal Data in the scope of this Policy. These disclosures are necessary for the purposes of Our legitimate interests (that are to properly run Our business and Our business' continued ability to provide Our Services.)
• These recipients depend on whom We engage within the context of any type of corporate restructuring.
We would be happy to address any specific queries you may have about the Personal Data We disclose to third parties. We have tried Our best to outline all relevant disclosures in this section, however, disclosures depend on many factors. If you need more specific information, please contact us using the contact details provided in this Policy.
International data transfers
We operate at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected.
When We transfer Your Personal Data to a third country, We will ensure that this transfer complies with applicable laws. We share Personal Data with countries located outside the EU and the EEA, on the basis of EU Standard Contractual Clauses. For transfers out of other jurisdictions operating transfer restriction regimes, We take additional steps to ensure compliance with local law.
In accordance with applicable data protection laws, We do not store Your Personal Data for longer than needed for the purposes of the respective processing activity. The relevant retention periods depend on the national legislation of the country you are based in.
If the Personal Data is no longer required for the performance or enforcement of contractual or legal obligations, We will delete it regularly, unless its further temporary storage is still necessary to:
• fulfill Our obligations pursuant to the agreement between Us and the Client;
• establish, exercise, and defend a legal claim;
• fulfill statutory obligations to which We are subject, such as continued storage pursuant to accounting legislation.
In case you have any additional questions regarding the retention periods of the Personal Data We process, please contact us via firstname.lastname@example.org.
Cookies cannot be used to run programs or deliver viruses to Your computer.
Cookies are uniquely assigned to you and can only be read by a Web server in the domain that issued the cookie to you.
Most Web browsers automatically accept cookies, but you can modify Your browser settings to disable cookies if you prefer (check Your browser's Help page).
If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.
To learn more about cookies and how to manage them, visit internetcookies.org.
Privacy Shield Frameworks
While Privacy Shield is no longer a valid mechanism for data transfers from the EU, it is still a valid commitment toward certain data privacy requirements for companies that participate in it. We participate in the Privacy Shield and are committed to comply with its principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recOurse for individuals.
We commit to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable.
We are responsible for the collection and processing of data it may receive under the Privacy Shield Framework, including subsequent transfers to third parties We engage that act on Our behalf. We comply with the Privacy Shield Principles of all transfers of data in the EU.
Privacy of minors
We do not knowingly collect any Personal Data from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Data through Our Website or Service.
If you have reasons to believe that a person under the age of 18 has provided Personal Information to us through Our Website or Service, please contact us via email@example.com.
Changes and amendments
We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. You can find the date of Our last update at the top of the document.
We have a Data Protection Officer (DPO) who monitors Our compliance with the General Data Protection Regulation (GDPR), other data protection regimes, and Our policies in relation to the protection of Personal Data and privacy.
For inquiries or requests about this Policy, please reach out to us via firstname.lastname@example.org.