General Data Protection Regulation (GDPR)

Last updated: January, 2024 and the GDPR: Our commitment to our customers’ privacy is committed to comply with and respect the General Data Protection Regulation (GDPR), which went into effect on the 25th of May 2018. This regulation represents some of the most significant changes to privacy legislation in recent times. Its intent is to give European citizens more control over their personally identifiable information (PII).

What is doing

  • Upfront and ongoing audits of our third parties and sub-contractors to assess what customer information they receive and ensure they do not compromise our compliance status
  • Development of internal policy relevant to breach notification for the various markets we operate within
  • Appointment of a privacy officer to ensure that these matters are given priority internally as well as provide our customers a point of contact for relevant issues
  • Engaged in an ongoing capacity with third party security auditors to continually invest in our technical measures to both preempt and prevent a breach of customer data
  • We’ve undertaken training led by privacy office to ensure all arms of our business across our various offices are aware of our obligations to you as a customer and how we might help you with any concerns you may have
  • Deployed and maintained a separate set of technical infrastructure in the European Economic Area

Security Measures

Below is a summary of security measures that Workforce uses to keep your data safe.

  • Infrastructure & Network Security - Workforce uses AWS hosting services to host the platform across our EU, US and APAC based data centers and comply with industry best practice for securing our application from external attacks
  • Application Security - Workforce runs both automatic and manual security reviews of the application source code which are checked for vulnerabilities and we employ a continuous penetration testing protocol to discover and fix vulnerabilities in the application.
  • Identify & Access Management - Workforce ensures access to the system is restricted to individuals with the correct level of access and implements a strong password policy as well as two factor authentication, both internally and externally to our clients.
  • Security Monitoring - Workforce has implemented a monitoring system that logs and reports suspicious activity on the platform. Suspected or reported incidents are investigated by security personnel and appropriate steps are taken to minimize damage or unauthorised disclosure.
  • Governance, Risk & Compliance - Workforce has implemented a governance process which includes periodic audits and risk assessments. We also maintain a SOC2 certification and comply with audit and governance procedures under that framework.

Subprocessor Information currently uses third-party Subprocessors to provide our service and support our customers. Before engaging any Subprocessor, evaluates their privacy, security, and confidentiality practices, and executes an agreement implementing it's applicable obligations.

This section contains information about the identity, role, and location of each Subprocessor.

Entity Name Subprocessing Activity Data Location
Amazon Web Services Hosting Services Germany or Australia
EPI Capital Pty Ltd (t/a Tanda) Software Development & Support Australia Inc Software Development & Support United States
Twilio SMS Gateway United States
Mandrill Email United States
Google Workspace File hosting Australia
Atlassian Project Management & Monitoring Australia
PG Analyze Database Performance Analysis United States
Mailtrap Email Testing United States
Github Version Control United States
Intercom Livechat, email, help site United States
HubSpot CRM Australia
Workplace Internal Messaging USA
Ask Nicely NPS software United States
Zapier Integration software United States
Logentries Product usage logging software United States
TalkDesk Call centre software United States
Gong Meeting recording software United States
Dekra Customer support services Croatia
Tanda Workforce Solutions Customer support services Philliphines
Chargebee Customer Billing United States
Go Cardless Limited Payment processing United States
Xero Accounting (Billing contacts only) Australia
Metabase Event analysis United States
Grafana System Analytics United States
Amplitude Product Usage Analytics United States
Rollworks Account Based Marketing (Marketing Website Only) United States
Elando Machine Learning United States
TaxStatus US Tax Record Service (US Payroll Customers only) United States
TaxBandits Tax Filing Solution (US Payroll Customers only) United States