GDPR & Privacy

Quinyx has always made information security and customer privacy a top priority. We comply with the new General Data Protection Regulation (GDPR) giving you control of your personal data.

About GDPR

1. What is GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD). It is a law on data protection and privacy for all individuals within the European Union (EU). The GDPR aims primarily to give control back to individuals over their personal data and to simplify the regulatory environment. Being a regulation, not a directive, it forces all countries within EU to implement GDPR by May 25, 2018.

The regulation builds on many of the requirements from the 1995 directive for data privacy and security, but includes new provisions to strengthen the rights of data subjects, the individuals whose personal data is processed, and it adds harsher penalties for companies and organizations that fail to comply with the regulation.

2. Read more

Quinyx has its main establishment in Sweden and our lead supervisory authority is Datainspektionen. (https://www.datainspektionen.se/)

You can learn more about the GDPR at EUs GDPR Portal.(https://www.eugdpr.org/)

Privacy Statement

1. Our commitment

Quinyx AB (“Quinyx”) has always made information security and customer privacy a top priority. On May 25, 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) replaces the 1995 EU Data Protection Directive (DPD) which significantly enhances the protection of the personal data of EU citizens and increases Quinyx’s obligations regarding lawful collection and processing of personal data.

 

We apply the principles of “Privacy by Design” and “Privacy by Default” and process just enough data to serve our customers, visitors to our website and individuals participating in our events in the best way possible. We process all personal data lawfully, fairly and in a transparent manner. All our employees receive education in how to handle data in order to comply with the GDPR and other regulations and applicable laws.

 

This Privacy Statement describes Quinyx’ information practices, data collection and usage practices with respect to personal data, in compliance with the GDPR and other regulations and applicable laws.

 

This Privacy Statement describes Quinyx in the role as a data controller of personal data. Quinyx role as a data processor is regulated by Quinyx’ Data Processing Agreement.

 

When Quinyx is the data controller, Quinyx decides the purpose and method of processing personal data. Quinyx is responsible for the data processed.

 

You can at any time opt in to receive information from us as well as opt out when you desire. The possibility to opt out is presented in every communication you receive from us.

 

This Privacy Statement applies to contact persons at companies who are our customers, visitors on our web site, individuals participating in our events, individuals who are in contact with us for any other reason, and individuals who are contact persons at companies that we have flagged as potential customers, i.e. for anyone whose personal information we are the data controller.

2. When do we process personal data?

We collect personal data about our customers, in particular designated contact persons at our customers, in order to deliver our services. The personal data include contact information such as name, phone number, and email address.

 

We also collect personal data when you request information about Quinyx' services, when you participate in events or sign up to receive newsletters, white papers and other material. We collect personal data such as name, phone number, email address, company name, title, country, and type of industry.

 

You may visit our web site without registering or actively submitting personal data to us. If you do not register, we only collect information that your computer or other devices send to us in connection with access requests and via cookies and other technologies that we use to analyze and enhance your use of our Site.

 

The type of personal data we collect by means of cookies and other technologies is described in Cookies Policy.

 

In chapter 3 you can see how we use the personal data.

3. Why do we process personal data and based on what legal grounds?

Below are the purposes for which we process personal data.

 

Fulfillment of service delivery

If you are a contact person for one of our customers, we process personal data to identify you  and to handle and deliver the service according to our agreement. For example, we process personal data to ensure a secure operation of the service and to be able to provide adequate support and incident management. Also, we process personal data in order to handle invoicing and payments.

Lawful basis for processing:

  • Legitimate interest, i.e. we process personal data since we assess that our interest in fulfilling our obligations in accordance with the agreement that we have entered into with our customers overrides your interest of protection of your privacy.

 

Communication about our service

We process personal data in order to send our customers information about disturbances in our service. We also process personal data when sending information about, for example, new releases, changes in functionality in our service or when releasing new functionality.

Lawful basis for processing:

  • Legitimate interest, i.e. we process personal data since we assess that our interest in fulfilling our obligations in accordance with the agreement that we have entered into with our customers and communicating with our customers about our service and any information that pertains to our customers overrides your interest of protection of your privacy, and/or
  • Consent, i.e. we process personal data as you have given and not withdrawn your consent or not chosen to opt-out to our processing.

 

Development of our service

We process personal data in order to further develop our service and operations. For this purpose we might aggregate statistics for analytic needs. All personal data is anonymized.

Lawful basis for processing:

  • Legitimate interest, i.e. we process personal data since we assess that our interest in fulfilling our obligations in accordance with the agreements we have entered into with our customers and developing our service and operations overrides your interest of protection of your privacy.

 

Marketing

Quinyx process personal data for marketing purposes. This might include processing of personal data for direct marketing purposes. This might entail that we have flagged your company as a potential 

customer that matches the target group of Quinyx. If you have a specific job role and can be considered a contact person for your company, we might store your contact information for a limited period of time that is further detailed below in chapter 5. Please note that you always have the right to opt-out of any marketing by way of email. If you have consented to such processing, for example at an event that is arranged by Quinyx or any third party with which we cooperate, we will not process your personal data if you have withdrawn your consent or chosen to opt-out.

 

Lawful basis for processing:

  • Consent, i.e. we process personal data as you have given and not withdrawn your consent or not chosen to opt-out to our processing, and
  • Legitimate interest, i.e. we process personal data since we assess that our interest in marketing our products and services to you overrides your interest of protection of your privacy.

 

Information security

We process data for the purpose of providing security for our service and systems. To detect or prevent different types of unlawful usage that violates our agreements. The data is also used to prevent abuse of the service and systems and to detect fraud, virus attacks etc.

Lawful basis for processing:

  • Legitimate interest, i.e. we process personal data since we assess that our interest of fulfilling our obligations in accordance with the agreements we have entered into with our customers and providing security for our service and systems overrides your interest of protection of your privacy.

 

Compliance with the law

We process personal data in order to comply with the law. We process your personal data to comply with our legal obligations under applicable law, e.g. when invoicing according to Swedish law, (Bokföringslagen).

Lawful basis for processing:

  • Fulfillment of legal obligation, i.e. we process personal data in order to comply with our legal obligations.

 

Cookies and other technologies

For more information please see our Cookies and other technologies Policy.

 

Safeguard our legal interests

We process your personal data in order to defend, establish or exercise any claims in case of a dispute regarding e.g. payment.

Lawful basis for processing:

  • Legitimate interest, i.e. we process personal data since we assess that our interest in safeguarding our legal interests overrides your interest in protection of your privacy.

4. For how long do we retain personal data?

Fulfilment of service delivery

If you are a contact person for one of our customers, we will retain your personal data during the entire contract period between us and your employer.

 

Communication about our service

If you are a contact person for one of our customers, we will retain your personal data during the entire contract period between us and your employer.

 

Development of our service

If you are a contact person for one of our customers, we will retain your personal data during the entire contract period between us and your employer and 12 months thereafter. We only use anonymized and aggregated data for service development.

 

Marketing

If you are a contact person for one of our customers, we will retain your personal data during the entire contract period between us and your employer. This is on the condition that you have not previously objected to direct marketing.

 

If you are a contact person for a company that has been flagged as a prospective customer and you have not given consent, we will retain your personal data for no longer than 24 months. This is on the condition that you have not previously objected to direct marketing.

 

If you have consented to us processing your personal data for marketing purposes when e.g. attending one of our events, we will retain your personal data for as long as you have not withdrawn your consent or objected to direct marketing.

 

Compliance with the law

We retain your personal data for as long as we are required in accordance with applicable law. In regards of e.g. invoicing we are required to retain personal data for seven years.

 

Cookies and other technologies

For more information please refer to Cookies and other technologies Policy.

 

Safeguard our legal interest

In case of a dispute regarding e.g. payment, we retain your personal data as long as necessary for us to defend, establish or exercise any claims.

Some data will be anonymized and used for service development. When you choose to opt out from any type of communication from us, your personal data will be erased.

5. How do we share your personal data?

We may share your personal data with: companies supplying technique, storage services, administrative tools, crm tools, financial services, authorities that request personal data, any third party with which we arrange an event or conference (provided that you have given consent to such sharing).

 

All recipients with whom we share personal data within the EU are companies which we cooperate with and have signed Data Processing Agreements (DPA) with. All recipients with whom we share personal data with outside of the EU are companies which we cooperate with and signed Data Processing Agreements with, and comply with the Privacy Shield Framework or any other such framework approved by the EU.

 

The personal data will be used in order to fulfill service delivery. We may process personal data and share it with recipients globally that help us deliver our service and run our business, subject to Data Processing Agreements (DPA). We may also share aggregated usage statistics.

 

In a reorganization or sale of our company or assets, your data may be transferred, subject to the acquirer accepting the commitments made in this Statement and compliance with applicable law.

6. How do we protect your personal data?

We take appropriate technical and organizational security measures, consistent with GDPR and industry standards to ensure that all personal data we treat is protected from unauthorized access. Access to personal data is provided only to those who need it to perform their duties.

 

We are constantly working to protect our customers’ integrity. Our security measures include protection of personal data, information, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Processing of data is logged and checked systematically. Encryption of equipment and data is done with generally recognized and secure methods.

 

You can read more about our Information Security in regards to our service.

7. Changes of this Privacy Statement

We may update this Privacy Statement periodically and without prior notice to you to reflect changes in our personal information practices. If we make material changes to this statement, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.

Your Rights

1. Your rights to personal data

Under the GDPR, you have certain rights related to the processing of your personal data. These are listed below.

 

Quinyx is in its capacity as data controller responsible for ensuring that your personal data is processed in accordance with applicable law and that your rights are taken into account when we process your personal data. If you want to use your rights, please contact us at dataprivacy@quinyx.com. You can also contact our DPO, which will be assigned as of 25th of May, at dpo@quinyx.com if you experience that Quinyx do not live up to your rights.

At Quinyx, we will take all reasonable and possible actions to notify any recipients of your personal data as set out in chapter 5 above regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you of which third parties we have shared your personal data with.

 

You have the right to request access to personal data

You have the right to request an abstract from our data record regarding our use of your personal data. You also have the right to request a copy of the personal information being processed at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of the personal data. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format.

 

Contact: dataprivacy@quinyx.com

 

You have the right to request rectification of your personal data

We will at your request, or at our own initiative, rectify, anonymise, erase or complement personal data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complement the personal data with additional data if relevant information is missing.

 

Contact: dataprivacy@quinyx.com

 

You have the right to request erasure of your personal data

You have the right to request that we erase your personal data if we do no longer have an acceptable reason for processing the data. Given this, erasure shall be made by us if:

  • the personal data is no longer necessary for the purposes for which it was collected,
  • you object to the processing of your personal data based on our legitimate interest and there is no overriding legitimate ground for the processing,
  • the personal data has not been lawfully processed,
  • we are required to erase the personal data due to a legal obligation, or
  • you are a child and we have collected the personal data in relation to the offer of information society services.

However, there might be requirements under applicable law, or other weighty reasons, which entail in us not being able to immediately erase your personal data.  In such case, we will stop using your personal data for any other reasons than to comply with the applicable law, or the relevant weighty reason.

 

Contact: dataprivacy@quinyx.com

 

You have the right to restrict processing

This means that we temporarily restrict the processing of your personal data. You have the right to request restriction of the processing when:

  • you have requested rectification of your personal data in accordance with the section “You have the right to request rectification of your personal data” above during the time period we are verifying the accuracy of the data,
  • the processing is unlawful and you do not want the personal data to be erased,
  • Quinyx, in its capacity as data controller, does no longer need the personal data for the purposes for which it was processed, but you require us to retain the information for the establishment, exercise or defence of legal claims, or
  • you have objected to our legitimate interest for the processing in accordance with the section “You have the right to object to the processing” below during the time period we determine whether the legitimate interest overrides your privacy rights.

 

Contact: dataprivacy@quinyx.com 

 

You have the right to object to the processing

You have the right to object to such processing of your personal data based upon our legitimate interest (please see chapter 4 above). If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interest, rights or freedoms, or unless continued processing is necessary for the establishment, exercise or defence of a legal claim.

 

Contact: dataprivacy@quinyx.com

2. Your right to lodge a complaint

You have the right to lodge a complaint with the data protection authority

You have the right to lodge any complaints regarding our processing of your personal data with the data protection authority. The supervisory authority for Quinyx is Datainspektionen, Sweden. https://datainspektionen.se

 

Should you experience that Quinyx and the DPO do not live up to GDPR and the data subject rights, read more about how to report to Datainspektionen. https://datainspektionen.se

Quinyx App

1. What personal data do we process?

We only process personal data that is required for Quinyx to fulfil its intended purposes as a workforce management system, which include:

  • Human resource management
  • Work time scheduling
  • Work task scheduling and execution
  • Work time reporting
  • Communication

 

By default, it is possible to store and process the following personal data in the system:

  • Name
  • Address
  • Telephone no.
  • Email address
  • Social security no. / civic registration no.
  • Next of kin’s name and contact info.
  • Organisational affiliation, such as home department and cost centre
  • Employment contract
  • Availability
  • Work shifts
  • Time punches
  • Absences
  • Qmail messages

Your employer is ultimately responsible for which personal data they choose to store and process in the system. Your employer may also choose to add customized personal data fields to store additional data that is required to simplify their workforce management process.

2. Why do we process your personal data?

Quinyx processes personal data so that your employer can fulfil your employment contract by allowing your manager and/or colleagues to:

  • Contact you
  • Contact your next of kin in case of emergency
  • Schedule your work time according to your
    • Employment contract
    • Collective/union agreement
    • Availability
  • Ensure that your work tasks are performed correctly and on time
  • Ensure that your working time is correctly reported
  • Pay your salary

3. Who do we share your personal data with?

We do not share your personal data with any parties other than your employer, and we conform to industry best practices regarding data security to ensure that your personal data is safe.

4. How long do we store your personal data?

Your personal data is stored as long as your employer chooses to keep it in the system. Typically, this is limited to your period of employment, however your employer may choose to keep some or all of your personal data in the system after your employment ends in order to comply with local legislation. After your personal data has been removed from the system, some or all of it may be kept in backups for a limited time in accordance with the terms of service that have been agreed upon between us and your employer.

5. How can I find out what personal data is stored on me?

Turn to your employer to get an exact summary of which personal data is stored on you.

6. How can I delete my personal data from the system?

You must turn to your employer to request a full deletion of your personal data from the system, as some or all of the data may be required to be kept for a certain period in order to comply with local legislation.

7. Why does the mobile app require location services?

The app uses a method called "geofencing" in order to determine if you are within the required range of your workplace for punching in and out, and also to provide a push notification reminding you to punch in or out when you reach or leave your workplace. With geofencing, an app tells the operating system to send it a signal if and when the phone is within X meters of coordinates Y and Z. It requires location data to be activated at all times. Geofencing has a few major advantages:

  1. It uses significantly less battery power than traditional geolocation as it only uses cell tower triangulation, i.e. no additional hardware is activated in order to determine your position. Therefore, Quinyx positioning does not consume any power. However, accuracy is increased if you already have Wi-Fi enabled.
  2. It does not require the app to save or transmit any location data to the app provider. Instead of the app/phone providing location data to Quinyx servers, Quinyx provides the workplace's coordinates to the phone, and the phone tells the app if it's within required range for punching in and out.

We do not store any information regarding your location or movements.

Cookies

1. What are cookies?

Quinyx uses cookies on www.quinyx.com. By browsing the website, you consent to the use of cookies.

 

Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows a website, service or a third ­party to recognize you and make your next visit easier and more useful to you.

 

Cookies can be "persistent" or "session" cookies.

2. How Quinyx ​uses cookies

When you use and access the website, we may place a number of cookies files in your web browser.

 

We use cookies for the following purposes:

  • to enable certain functions of the website
  • to provide analytics
  • to store your preferences
  • to enable advertisements delivery, including behavioral advertising.

 

We use both session and persistent cookies on www.quinyx.com.

3. Third­ party cookies

In addition to our own cookies, we may also use various third­ parties cookies to report usage statistics of the website and deliver advertisements.

4. What are your choices regarding cookies

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

 

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

5. Where can your find more information about cookies

You can learn more about cookies and the following third ­party websites:

Information Security

Data Processing Agreement

Download our Data Processing Agreement

Contact Information

Quinyx AB (556704-4580)

Vattugatan 17
111 52 Stockholm

Contact the data controller at: dpo@quinyx.com

 

Data Protection Officer (“DPO”)

Quinyx has assigned a DPO in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) to secure that Quinyx processes personal data in a lawful and correct manner.

Contact the DPO at: dpo@quinyx.com