Last updated May 2018

Officient Privacy Policy

Officient is committed to protecting the privacy of our visitors, customers and their employees. Privacy is hard. We aim for a good balance between privacy, security, business needs, usability and legal regulations like GDPR.
HR software such as Officient's has to process personal data for a number of reasons: we have to store a number of personal fields (what employee data is collected by Officient?) to support payroll calculations, we have to store contracts between employers and employees for a number of years and we have to keep personal calendars to make sure legal limits around time off can be respected.

Officient has the role of a data controller when talking about information related to our customers. For exampe, when you visit our marketing website and request a quote, we will collect some personal information about you (such as your name, email address) in order to help you. In other situations, Officient has the role of a data processor. When a customer uses Officient to store and process employee data, the customer is the data controller, and Officient is the processor. We outline the data that is collected in both situations in this document.
Third party services transparancy

Officient wouldn't be possible without relying on third party services. We'd like to give you an overview on which external services we use, how and why, in a readable format:
Cloud & data centers
Officient run on Amazon Web Services (AWS). This includes our marketing site (www.officient.io), our admin app (app.officient.io) and our employee self-service (selfservice.officient.io). Various AWS services are used (EC2, RDS, S3, Route53,..) in combination. All data is stored in Ireland, some backups are located in other AWS data centers throughout Europe.

Usage statistics, tracking & marketing
We are making use of Google Analytics and Google AdWords. We might use re-marketing from Google, as it is an effective way to stay on the radar of potential clients. We might also advertise on LinkedIn and Facebook.

Support service
The little chat bubble on the bottom right in the Officient app is powered by Intercom. Intercom collects some meta-data, like browser and Geolocation about you. We also share your name, company, e-mail and potentially additional meta-data. This really helps us giving you a personal and fast support.

Authentication
In order to authenticate administrators safely, we use a service called Auth0. Neither Officient nor Auth0 stores your passwords in an unhashed, plaintext format.

Newsletter subscription
We are using MailChimp to send HR administrators occasionall e-mail updates. These e-mails include relevant informations on service updates, new features and announcements on service changes. With MailChimp we share e-mail addresses and names (for personalization). New Officient Accounts get signed up for the newsletter automatically. Each newsletter includes a link to opt-out.

Weekly Digest
We send out a short, weekly email to employees who have previously onboarded via our self-service. This email includes information about company days off that week, about co-workers who will be out of office or might have an upcoming birthday. Each email includes a link to easily opt-out of receiving this weekly communication.
Data processing agreement

Each customer will also receive an additional Data Processing Agreement. This document lays out the relationship between Officient as a 'processor' and the customer as a 'controller' for the employee data.
Types of personal data collected by Officient as a controller
Officient has a role of data controller, when talking about data related to our customers. In this section we outline what is collected.

Officient can collect and process the following personal data:
  • E-mail address
  • Name
  • Surname
  • Address
  • Telephone number (landline/mobile phone)
  • ...
Officient also automatically collects anonymous information regarding your use of the Website and Officient its services via the Platform. As such, Officient shall, for example, automatically log which sections of the Website and Platform you visit, which web browser you use, which website you visited when you obtained access to the Website. We cannot identify you through these data, but it allows Officient to draw up statistics regarding the use of the Website and the Platform.

Methods of personal data collection
These personal data are collected in the context of:
  • Requesting a quote
  • Collaboration with Officient
  • Signing up for the account (free or paying)
  • Using the services via the Platform
  • Entering personal data into the Platform
  • ...

Use of personal data
Officient can use your personal data to:
  • Perform the services under the agreement (incl. the follow-up thereof)
  • Create an account (free or paying) and the confirmation thereof
  • Draw up a quote
  • Follow-up after a meeting
  • Provide the services via the Platform
  • Provide support
  • Send targeted marketing and advertising, updates and promotional offers based on your communication preferences and – where applicable – upon explicit consent
  • ...
Types of personal data collected by Officient as a processor
Officient has a role of data processor, when talking about employee data processed within the HR platform. We collected a list of information that is expected to be collected. You can read about it here: what employee data is collected by Officient?
Exercising your privacy rights

For employees that have access to the Officient HR self-service
The Officient self-service was designed with your privacy rights in mind.
  • You can use the service itself to gain access to every piece of information the company has collected about you.
  • You can also use the self-service to rectify any information about yourself
  • You can use the self-service to delete any information about yourself, as long as this information is not needed in the future (eg for payproll processing activities)
  • You can use the the self-service to disable the weekly digest email if you no longer wish to receive it

For Officient customers
If you wish to invoke your privacy rights, as defined below, please contact dpo@officient.io or complete the form for exercising your privacy rights and deliver it to Officient by email or post:
  • Right of access to personal data which Officient possibly has concerning you;
  • Right to rectification, completion or update of your personal data;
  • Right to delete your personal data ('right to be forgotten');
  • Right to limit the processing of your personal data;
  • Right to transferability of your personal data;
  • Right to object to/oppose the processing of your personal data;

In principle, you can exercise these rights free of charge via the above-mentioned form. In addition, you can always, via your personal account, update, modify and/or verify your personal data which you were required to submit when creating your account.

If you no longer wish to receive newsletters or information about our services, you can unsubscribe at any time by clicking the "unsubscribe" button underneath each of Officient its emails.


Storage of personal data
Unless a longer storage period is required or justified (i) by law or (ii) through compliance with another legal obligation, Officient shall only store your personal data for the period necessary to achieve and fulfil the purpose in question, as specified in the Privacy Declaration under 'Use of personal data'.
Disclosure of personal data to third parties
Officient shall not disclose any personal data to third parties, unless it is necessary in the context of providing the Officient services and optimising them (including but not limited to maintenance works, payment processing and database management). If it is necessary that Officient discloses your personal data to third parties in this context, the third party is required to use your personal data in accordance with the provisions of this Privacy Declaration.

Notwithstanding the foregoing, it is however possible that Officient discloses your personal data:
  • To the competent authorities (i) if Officient is obliged to do so under the law or under legal or future legal proceedings and (ii) to safeguard and defend our rights;
  • If Officient, or the majority of its assets, are taken over by a third party, in which case your personal data – which Officient has collected – shall be one of the transferred assets;

In all other cases, Officient will not sell, hire out or pass on your personal data to third parties, except when it (i) has obtained your permission to this end and (ii) has completed a data processing agreement with the third party in question, which contains the necessary guarantees regarding confidentiality and privacy compliance of your personal data.
Security of personal data
Officient undertakes to take reasonable, physical, technological and organisational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.

Officient shall store all personal data which it has collected in the cloud (with data centre(s) within the EU).

Notwithstanding the Officient security policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, Officient is, in this context, not in a position to guarantee absolute security.

Finally, the security of your account will also partly depend on the confidentiality and complexity of your password. Officient will never ask for your password, meaning that you will never be required to communicate it personally. If you have nonetheless communicated your password to a third party – for example because this third party has indicated that it wishes to offer additional services - this third party shall have access to your account and your personal data via your password. In such cases, you are liable for the transactions which occur as a result of the use made of your account. Officient therefore strongly advises you, if you observe that someone has accessed your account, to immediately change your password and contact us.
Cross-border processing of personal data
Any transfer of personal data outside the European Economic Area (EEA) to a recipient whose domicile or registered office is in a country which does not fall under the adequacy decision enacted by the European Commission, shall be governed by the provisions of a data transfer agreement, which shall contain (i) the standard contractual clauses, as referred to in the 'European Commission decision of 5 February 2010 (Decision 2010/87/EC)', or (ii) any other mechanism pursuant to privacy legislation, or any other regulations pertaining to the processing of personal data.
Update Privacy Declaration
Officient is entitled to update this Privacy Declaration by posting a new version on the Website. As such, it is strongly recommended to regularly consult the Website and the page explaining the Privacy Declaration, to make sure that you are aware of any changes. The Website will always show the date of the latest changes.
Other websites
The Website may potentially contain hyperlinks to other websites. In no event, Officient is responsible for the privacy policy or the privacy practices of any third party.
Contact Officient

If you have questions and/or remarks about this Privacy Declaration or the manner in which Officient collects, uses and/or processes your personal data, please contact us:
  • Via e-mail: dpo@officient.io
  • Via post: Officient, Kortrijksensteenweg 18, 9000 Ghent, Belgium

In case you are not satisfied with the way Officient handled your questions and/or remarks or have any complaints about the way Officient collects, uses and and/or processes your personal data, note that you have the right to lodge a complaint with the Privacy Commission.