We appreciate your interest in our company, our products and our services. As the data protection officers, we want you to feel comfortable in your interaction with us and our employees regarding the protection of your personal data.  We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. As a result, the protection of your personal data has top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail. First of all some information.

All absence.io servers are located in Germany. This means that we have to comply with the data protection regulations of the European Union (EU).

The data protection regulations in the European Union are among the strictest in the world. In addition, Germany itself has one of the strictest legal standards in this area: the Federal Data Protection Act. This law protects users of Internet services. End users are responsible for deciding how their personal data is used: Companies are not allowed to collect personal data (e.g. name, birthday, IP address) without the explicit permission (The so-called commissioned data processing) of the end user. There is no law in Germany that could force us to submit to a gag order or implement a backdoor.

At absence.io, we work hard to ensure that our products and processes comply with the GDPR guidelines. We believe that despite the serious topic, we can also have a bit of fun with it - after all, data security is in everyone's best interest.

For more info and updates, feel free to visit our Help Center (https://absenceio.zendesk.com/hc/de/articles/360004902153-Data-Security-General-Data-Protection-Regulation-GDPR-).

 

1. Name and contact details of the responsible person 

Responsible for the processing of your personal data within the framework of the present contact is:

 

absence.io GmbH

Ridlerstraße 31 

80339 Germany

Phone: +49 (0)89 416143314

E-Mail: hello@absence.io

Website: https://www.absence.io/

 

2. Contact details of the data protection officer 

The designated data protection officer is:

 

DataCo GmbH 

Dachauer Str. 65 

80335 Munich 

Phone: +49 (0) 89 7400 458 40

E-Mail: datenschutz@dataguard.de 

Website: www.dataguard.de

 

 

3. Processing of your personal data  

a. Your personal data that we process   

 

Within the framework of the customer relationship, we process the following personal data:  

• Address 
• Bank details 
• Customer number 
• Last name 
• First name 
• E-mail address 
• Mobile number 
• Landline number  

 

Completed within the framework of the contractually agreed service and data processing agreement with the client. This data enables you and the employer to plan your working hours and standardized processes, such as efficient planning of your holidays. Depending on the functions used by the company, all or only parts of the data specified here may be processed for users of the application. The following types/categories of data are the subject of the processing of personal data:

 

Access and general profile data

• First name, last name
• E-mail address
• If applicable, activity, department, (mobile) phone number
• Affiliation to teams, departments, and locations
• Number of users added

 

Absence management

• Absence days (including holidays, parental leave, leave days, transfer periods)
• Expected working days
• Remaining days of leave
• Additional days of leave (e.g., for length of service, special leave)
• Sick days
• Categorization of sick days (with/without certificate of incapacity to work, child in need of care)
• Working days
• Number and type of absences requested
• Absence requests

 

Personnel file

• Employees master data
• Birthdays
• Staff questionnaire
• Payroll
• Bank details
• Contact person for emergencies
• Premium and salary
• Allowances
• Working hours

 

Time recording

• Working and break times
• Shift planning & allocation (full-time, part-time)
• Overtime balance & compensation

 

Expense management

• Name, email, telephone, SSN, etc.
• Transaction data: receipts, invoices, location, date/time
• Participant details
• Browser/application data: Required cookies, IP, geolocation

 

b. Purposes of the data processing   

  

Within the framework of an existing customer relationship, your personal data will be processed for the following purposes:  

• To process your enquiry as an interested party. For this purpose, we use your contact details to be able to answer your enquiry. 
• To prepare and conduct pre-contractual measures - this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contractual conditions with the aim of concluding a contract. 
• To add your contact details to our customer database. 
• To check your creditworthiness. 
• To fulfil our contractual obligations arising from the contract with you. For this purpose, we pass on your personal data to shipping companies, among others, to ensure the smooth delivery of the goods. 
• To inform you about our products and services in the best feasible way. This also includes the sending of (direct) advertising by e-mail or by post.... 
• To ensure smooth billing for the services provided. For this purpose, your personal data is processed in order to be able to issue invoices. In addition, our external service provider Stripe processes your payment data to enable access to our products and invoicing. 
• To comply with our legal obligations. This includes, for example, the transfer of your personal data to the tax office. 
• To provide you, our customer, with the best possible service. This includes communicating with you via email, mobile phone, landline number and our ticket system Zendesk. 
• For the purpose of sending the newsletter, as far as you have registered for our newsletter. 
• To fulfil post-contractual measures. 
• For the assertion, exercise, or defense of legal claims. 
• To offer and submit suitable offers of Softgarden GmbH to them. Softgarden GmbH is the sole owner of absence.io GmbH.
• To fulfil our digital service (time recording, absence management, personnel file, terminals).

 

c. Legal basis for data processing  

 

Legal basis for the processing of data within the scope of [purposes of b.] we process on the basis of Art. 6 (1) (1) (a – f) GDPR.

 

Processing your personal data based on consent  

As far as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with Art. 5, 7 GDPR. and Art. 5, 7 GDPR. 

 

Processing for the purpose of performing the contract with you

As far as we process your personal data for the purpose of fulfilling a contract, Article 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures. 

 

Processing for compliance with a legal obligation

As far as the processing of your personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (1) ( c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations under tax law and/or commercial law. 

 

Processing based on legitimate interest 

The legal basis for direct marketing purposes may be Art. 6 (1) (1) (f) GDPR if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us here - in addition to the purposes listed under b. - include:

• To be able to inform you optimally about our products, offers and services by means of direct marketing;
• In communication with you, in particular to be able to answer your enquiries by e-mail and/or telephone;
• To be able to conduct due diligence with our potential business partners

 

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.

 

d. Sources from which your personal data originates 

 

Personal data that we process which has not been collected directly from you:

• Name
• First name
• E-mail address
• Credit score
• Profitability score 

 

Personal data we process that we have not collected directly from you comes from the following sources:

• Capterra, Trustpilot and eKomi in the context of customer reviews
• Credit rating company
• Credit agencies such as sanctions lists and VIES for validation of the company tax ID
• Internet / public sources
• LinkedIn in Sales
• Contact lists of service providers

 

4. Recipients or categories of recipients of the personal data 

While processing your personal data, we may disclose your personal data to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular: 

• External employees / freelancers
• Potential business partners in the context of a (future) due diligence review
• Third
• Authorities e.g., tax offices, courts, trade supervisory office
• Settlement partner 
• Collection agency 
• Credit institutions 
• Logistics company 
• Parcel service provider 
• Mail 
• (External) quality control bodies such as sanctions lists
• Tax consultant

 

Processors within the EU:

• User Lane
• eKomi
• Softgarden GmbH

 

Subcontractors can be found in the subcontractor list in our commissioned data processing and are available online [https://www.absence.io/subcontractorlist/]. 

  

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:  

• Amazon Web Services (Only for storing uploaded documents in the Personal File & User Profile product)
• Slack
• Google LLC
• Atlassian
• Productboard
• Zendesk
• Sentry
• New Relic
• Stripe
• Calendly
• Microsoft (Microsoft 365, Azure)

 

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed as far as this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.

 

Use of Google Analytics

 

Google Analytics & Opt Out

Google Analytics is the standard solution for website tracking. For operational reasons in marketing and sales, it is difficult for us to part with this tool. Even though, as a German company that pays close attention to data protection and data security, this is a matter close to our hearts. We always look at options and evaluate them according to data protection aspects and use them instead of Google Analytics as soon as possible.

For the time being, we would at least like to inform you about the purpose and extent to which we use Google Analytics. We would also like to point out an opt-out option that prevents us from collecting data from our website and product users via Google Analytics. We would also like to point out that we use google anonymisation to keep us data minimised (https://support.google.com/analytics/answer/2763052?hl=de).

 

Purpose: Tracking website usage. Such as the duration of the session in the browser and on the subpages to completion by specifying the means of payment in the product.

 

Data collected: Pseudonymised IP address. Creating an anonymous user ID for tracking. Duration of session on a page. Completion of certain events in the pages on settings for payment methods as well as prices and product offers.

 

Opt Out: Google offers a browser plugin that blocks all traffic to Google Analytics. This can be found here (https://support.google.com/analytics/answer/181881?hl=en) and installed here (https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en).

You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the Do Not Track function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.

You can find more information on how to object to and remove Google at: policies.google.com/privacy.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

You can deactivate the use of your personal data by Google using the following link: adssettings.google.de.

 

Deletion requests: According to DSGVO Art. 17, we are obliged to delete all personal data collected and processed on our behalf by processors upon request. Please write a request to our support (support@absence.io) and we will take care of it.

 

1. scope of the processing of personal data

We use Google Analytics (Universal Analytics), Google Analytics Remarketing, Google Ads, Google Tag Manager and Google Shopping (Google Merchant Center), all web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).

Google Analytics (Universal Analytics) examines, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus allowing better monitoring of the success of advertising campaigns. Google sets a cookie on your computer. This allows personal data to be stored and analysed, including: - The user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and data from advertising partners (in particular pseudonymised user IDs).

We use Google Analytics (Universal Analytics) to analyse your use of our online presence, to compile reports on your activities and to provide other services related to the use of our online presence and the internet.

services associated with the use of our online presence and internet usage.

In addition, we use Google Analytics Remarketing, whereby the data collected and evaluated about you is used to play targeted advertising to you. To use this service from Google, we also merge the data with our Google Ads or Display & Video 360 accounts. Google Ads and Display & Video 360 are also provided by Google.

We have requested the anonymisation of IP addresses, which means that Google shortens your IP address as promptly as technically possible. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there.

Your personal data will also be transmitted to the servers of Google LLC based in the USA.

For more information on the processing of data by Google, please click here:

policies.google.com/privacy

 

2. purpose of data processing

The use of Google Analytics (Universal Analytics) including Google Analytics Remarketing serves us to evaluate the use of our online presence as well as the targeted playout of advertising, to the people who have already expressed an initial interest through their page visit.

 

Legal basis for the processing of personal data

The legal basis for the processing of the users' personal data is, in principle, the user's consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO.

The legal basis for the transfer of the users' personal data to a third country is the user's consent in accordance with Art. 49 para. 1 lit. a DSGVO.

 

4 Duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law e.g. for tax and accounting purposes. Advertising data in server logs will be anonymised by Google deleting parts of the IP address and cookie information after 9 and 18 months respectively.

 

5. revocation, objection and removal options

You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the Do Not Track function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.

You can find more information on how to object to and remove Google at: policies.google.com/privacy.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

You can deactivate the use of your personal data by Google using the following link: adssettings.google.de

 

5. Transmission of personal data to a third country 

In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Because the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data will be transferred to the third country USA within the meaning of Art.15 (2) GDPR. In order to ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c ) GDPR.

 

6. Duration of storage of personal data 

Your data will be deleted 90 days after the communication has been completed. 

 

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data is destroyed or deleted from our systems as soon as it is no longer needed. We will take reasonable steps to ensure that your personal data is only processed under the following conditions:

1. For the duration that the data is used to provide you with a service
2. As required by applicable law, contract or in view of our legal obligations
3. Only for as long as is necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

 

A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfilment of legal retention periods of up to ten years (e.g., from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation. 

 

7. Data subjects' rights

You have the following rights under the General Data Protection Regulation:

• If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).
• If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
• If the legal requirements are met, you can request the deletion or restriction of processing (Art. 17 and 18 GDPR).
• If you have consented to the data processing or if there is a contract for data processing and the data processing is conducted with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
•  If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling as far as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
• If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
• The objection shall be addressed to:

 

absence.io GmbH

Ridlerstraße 31 

80339 Germany

Phone: +49 (0)89 416143314

E-Mail: hello@absence.io

Website: https://www.absence.io/

• Furthermore, there is a right of appeal to a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA). You can reach this authority under

 

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach

Postal address: P.O. Box 1349, 91504 Ansbach

Phone: 0981/ 180093-0

Fax: 0981/ 180093-800

E-mail: poststelle@lda.bayern.de

Web: www.lda.bayern.de

If the legal requirements are met, you may object at any time to the processing of personal data relating to you which is conducted on the basis of Article 6 (1)(e) or (f) of the GDPR on grounds relating to your particular situation (Article 21 GDPR).

8. Right to revoke consent  

If you have consented to the processing by the data controller by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.

 

9. Obligation to provide the data 

Within the scope of the business relationship, you only must provide those personal data that are necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "3. c. (...)").

Without this data, we will usually have to refuse to conclude the contract or conduct the order or will no longer be able to conduct an existing contract and may have to terminate it.

 

10. Automated decision making including profiling  

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the responsible person,
2. is authorized by legislation of the Union or the Member States to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
3. is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (b) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

Regarding the cases referred to in a. and c., the controller shall act appropriately to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to 

This includes the right of the person responsible to intervene, to express his or her point of view and to contest the decision.

Decision-making is automated in the Prospects section to deliver relevant content to the customer in the trial month. The following logic is applied:

• Activities within the product categorize interested parties into groups
• These groups receive adapted content which facilitates the introduction to the product (so-called "nurturing").
• Based on the groups, customer care tasks are created for absence.io staff.

 

These privacy informations were created with the support of DataGuard.

 

*For reasons of better readability, the generic masculine is used for personal designations and personal expressions. All personal designations apply equally to all gender identities in the sense of equal treatment.  The shortened language form does not include any evaluation.