General Data Protection Regulation (GDPR)

Workforce.com and the GDPR: Our commitment to our customers’ privacy

Workforce.com is committed to comply with and respect the General Data Protection Regulation (GDPR), which went into effect on the 25th of May 2018. This regulation represents some of the most significant changes to privacy legislation in recent times. Its intent is to give European citizens more control over their personally identifiable information (PII).

What Workforce.com is doing

• Upfront and ongoing audits of our third parties and sub-contractors to assess what customer information they receive and ensure they do not compromise our compliance status
• Development of internal policy relevant to breach notification for the various markets we operate within
• Appointment of a privacy officer to ensure that these matters are given priority internally as well as provide our customers a point of contact for relevant issues
• Engaged in an ongoing capacity with third party security auditors to continually invest in our technical measures to both preempt and prevent a breach of customer data
• We’ve undertaken training led by privacy office to ensure all arms of our business across our various offices are aware of our obligations to you as a customer and how we might help you with any concerns you may have
• Deployed and maintained a separate set of technical infrastructure in the European Economic Area

Security Measures

Below is a summary of security measures that Workforce uses to keep your data safe.

• Infrastructure & Network Security - Workforce uses AWS hosting services to host the platform across our EU, US and APAC based data centers and comply with industry best practice for securing our application from external attacks
• Application Security - Workforce runs both automatic and manual security reviews of the application source code which are checked for vulnerabilities and we employ a continuous penetration testing protocol to discover and fix vulnerabilities in the application.
• Identify & Access Management - Workforce ensures access to the system is restricted to individuals with the correct level of access and implements a strong password policy as well as two factor authentication, both internally and externally to our clients.
• Security Monitoring - Workforce has implemented a monitoring system that logs and reports suspicious activity on the platform. Suspected or reported incidents are investigated by security personnel and appropriate steps are taken to minimize damage or unauthorised disclosure.
• Governance, Risk & Compliance - Workforce has implemented a governance process which includes periodic audits and risk assessments. We also maintain a SOC2 certification and comply with audit and governance procedures under that framework.

Subprocessor Information

Workforce.com currently uses third-party Subprocessors to provide our service and support our customers. Before engaging any Subprocessor, Workforce.com evaluates their privacy, security, and confidentiality practices, and executes an agreement implementing it's applicable obligations.

This section contains information about the identity, role, and location of each Subprocessor.