GDPR Compliance

Our commitment to protecting your data rights under EU regulations

Our Commitment to GDPR

Qontrolshift is fully committed to complying with the General Data Protection Regulation (GDPR). We respect your privacy rights and have implemented comprehensive measures to ensure the protection of your personal data. This page outlines how we comply with GDPR requirements and how you can exercise your rights.

Data Controller and Processor

Under GDPR, the roles are defined as follows:

Your Organization acts as the Data Controller, determining the purposes and means of processing employee attendance data
Qontrolshift acts as the Data Processor, processing data on behalf of your organization according to their instructions

We have Data Processing Agreements (DPAs) in place with all our clients to ensure proper handling of personal data.

Legal Basis for Processing

We process personal data based on the following legal grounds:

Contract Performance: Processing necessary for the employment contract between employees and their organization
Legitimate Interests: Processing for business purposes such as workforce management and payroll
Legal Obligations: Processing required to comply with labor laws and regulations
Consent: Where applicable, for optional features like location tracking

Your Rights Under GDPR

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

If you believe any information we hold about you is incorrect or incomplete, you have the right to request correction of this data.

Right to Erasure

Also known as the 'right to be forgotten', you can request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You can request that we limit the processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data in certain circumstances, including processing for direct marketing.

Data Security Measures

We implement state-of-the-art security measures to protect your data:

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Regular penetration testing and security audits
Secure cloud-hosted infrastructure
Intrusion detection and prevention systems
Regular employee security training

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for new processing activities that are likely to result in high risk to individuals. This includes assessments for new features, changes to data processing operations, and adoption of new technologies.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Contact your employer's HR department (as the Data Controller)
Email our Data Protection Team directly

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, but we will inform you of any extension within the first 30 days.

Contact Our Team

For any GDPR-related inquiries or to exercise your rights:

Email: [email protected]