Employee Privacy Policy
Personal Data Regulation (GDPR) – for Airtame ApS and Airtame Inc (Airtame)
The Personal Data Regulation from the EU, which took effect from May 2018, has led to stricter requirements for personal data security. The regulation is called the General Data Protection Regulation and is abbreviated GDPR
Airtames employee Privacy Policy (“Privacy Policy”) explains what types of personal information we may collect about our employees and how it may be used.
Airtame is a global company with its headquarters in Denmark with a subsidiary in the US. This means that personal information may be used, processed, and transferred to the United States and other countries or territories and those countries or territories may not offer the same level of data protection as the country where you reside, including the European Economic Area. However, Airtame will ensure that appropriate or suitable safeguards are in place to protect your personal information and that transfer of your personal information complies with applicable data protection laws. Where required by applicable data protection laws, Airtame has ensured that service providers (including other Airtame affilidansates) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant Airtame data exporter (which typically will be your employer)
Data controller
In the sense of personal legislation, Airtame is data responsible. Any contact regarding employee data can be sent to the company’s HR / finance department. (peder.lissner@airtame.com)
Purpose
The HR / finance department collects personal data from each individual employee.
We collect and process personal information in order to perform our HR and administrative activities, including job placement, temporary services, payroll, recruitment and selection, personal development and employability, payroll administration and personnel management etc
Examples of personal information include but are not limited to:
- An individual’s name.
- Employee ID number.
- Employee’s tax identification number
- Employee’s bank information
- Home address.
- Home phone number.
- Personal email address.
- Names of family members.
- Marital status
- Date of birth.
Treatment and legal basis
Personal data in connection with personnel administration is processed in accordance with the Danish Data Protection Agency’s guidelines. Consent is not required for the processing of this information as long as the processing is necessary for the purpose. However, when using employee photos for external use, separate consent from the employee is required and this consent can be revoked at any time.
Recipients of personal information
Information may be transferred to external partners who process the information on our behalf. We use external partners for, among other things, receiving and storing applications and CVs, personnel and payroll administration as well as measuring employee satisfaction. These companies are data processors and under our instruction and process data for which we are the data controller. The data processors may not use the information for any purpose other than fulfilling the agreement with us, and are subject to confidentiality about this. We have entered into written data processor agreements with all data processors.
Storage of and access to data
Relevant data for documentation for public authorities are stored for 5 years. Except as otherwise permitted or required by applicable law or regulatory requirements, Airtame endeavors to retain your personal information only for as long as it believes is necessary to fulfill the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you.
- Financial records: NATIONAL LEGAL REQUIREMENTS (tax, salary/pay, working time)
- Application and Recruitment Records: 24 months.
- All Personnel Files and Records: 6 years from the end of employment.
- Maternity and Paternity: 6 years from the end of employment.
- Sickness Absence Records: 6 years from the end of employment.
- Redundancy Records: 6 years from the end of employment.
Security
Airtame will secure and protect your personal information against loss or illegal use. We do this on the basis of physical, administrative, organizational and technical security measures.
Airtame protects your personal information and has adopted internal rules on information security, which contain instructions and measures that protect your personal information against unauthorized publication and against unauthorized access or knowledge of it.
We have established procedures for allocating access rights to those of our employees who process personal data. We control their actual access through logging and monitoring of the systems where required.
In the event of a security breach that results in a high risk for you of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience, Airtame will notify you of the security breach as soon as possible.
Airtame’s safety procedures are continuously revised on the basis of the latest technological developments.
Right to insight and correction
Under the Data Protection Act, you have a number of rights.
The rights are as follows:
- You have the right to gain insight into what personal information the Airtame processes about you.
- You have the right to have the personal information that Airtame has registered about you corrected and updated.
- You have the right to have the personal information Airtame has registered about you deleted. If you wish to have your personal information deleted, Airtame will delete all information that Airtame is not required by law to store.
- You have the right to “data portability” and have your information delivered in a readable format
- If the processing of personal data is based on a consent from you, you have the right to withdraw the consent, which means that processing then ceases, unless Airtame is required by law to process the personal data.
By written request to Airtame, you can either receive a printout of your personal information, have your personal information updated, make objections or request that your personal information be deleted. It just requires you to be able to identify yourself.
The request must be signed by you and include your name, address, telephone number, e-mail address.
You can also contact Airtame if you believe that your personal data is being processed in violation of the law or other legal obligations.
The request is sent by e-mail to the VP of People for Airtame.
Airtame will within 1 month of receipt of your request for a printout forward this to your e-mail address. Once information has been provided, the employee can request similar information at the earliest after 6 months.
In the event of requests for corrections and / or deletion of your personal data, the Airtame will check whether the conditions have been met, and if so, implement changes or deletion as soon as possible.
Airtame may reject requests that are either unreasonably repetitive, require disproportionate technical intervention (for example, to develop a new system or change an existing practice significantly), affect the protection of others’ personal information, or in situations where the desired action must be considered extremely complicated (for example, requests for information that exist exclusively as backups).
California Consumer Privacy Act
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Please refer to our Additional California Privacy Disclosures below.
Changes
For various reasons, Airtame ApS may at any time choose to make changes or additions to this statement of personal information. The latest privacy statement can be read at any time in Notion.
This version was prepared in May 2022.
Additional California privacy disclosures
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described in under the CCPA).
This supplement provides additional privacy disclosures and informs you of your additional rights as a California resident, and should be read in conjunction with our Privacy Policy.
Personal information collected and processed
Section 5 of our Privacy Policy sets forth the categories of personal information that Linkfire collects and processes about you, a description of each category, and the sources from which we obtain each category.
Requests to exercise your rights
Right to know request
Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information./li>
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
Right to delete request
You also have a right to request that we delete personal information, subject to certain exceptions.
Right to say no to the sale of personal data
You have the right to request that we do not sell any of your personal data that may or not have been collected or submitted. Please submit a DO NOT SELL request using our DSAR form on the privacy portal.
How to request
In order to enable you to exercise these rights with ease and to record your preferences in relation to how Linkfire uses your personal data, we provide you with access to the following settings via the following:
- Privacy Settings – allows you to control some of the categories of data collection; and,
- Data Subject Access Request (DSAR) Form – allows you to access a copy of your data, exercise your right to rectify, restrict, erase, and or port your data to another service, including a “DO NOT SELL” option.
Disclosures of personal information for a business purpose
In the preceding 12 months, Linkfire may have disclosed certain data from the following categories of personal information to the categories of recipients listed in Section 6 of our Privacy Policy for one or more business purposes:
- User Data
- Usage Data
- Plan Verification Data
- Payment and Purchase Data
Sale of personal information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. We provide Usage Data to advertising partners, which enables us to provide you with interest-based advertising. If you prefer not to receive interest-based advertising, please opt out by going to your privacy settings and opt out toggle. For more information on interest-based advertising, please see our Privacy Policy and Cookie Policy. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.