Appical values the protection of your personal information. Therefore we carefully handle the processing of personal information of our users.
Appical processes personal data only on behalf of the employer.
2. What is Personal Information?
Personal information is data that is directly or indirectly traceable to a (living)person. Examples of personal data are: name, address, date of birth, telephone number, location data, email address or an IP address.
3. Why does Appical process Personal Information?
Appical processes Personal Information with the aim of providing its services and allowing these services to function as good as possible, to improve the functioning of its services and to generate statistics. The data is shared with the employer.
In addition, data is processed for security purposes and to be able to communicate efficiently with users of its services.
4. Based on what grounds does Appical process personal data?
Except that Appical processes personal data with your explicit consent, it does so because it is necessary for the functioning of its services on the basis of the agreement with its customers (your employer) and on the grounds of its legitimate interest in the fulfillm ent of its business processes.
In order to be able to use the services of Appical (such as: prehiring, preboarding, onboarding, continuous learning and offboarding) it is therefore necessary that you provide personal information such as; first name, last name, email. Without this personal data, Appical is not be able to perform its services (completely) properly. Additional personal information can be processed when your employer asks for certain human resource related information. This information is not required to create an Appical account.
Indirectly from your employer
We generally do not collect sensitive information about you, unless you provide it to us voluntarily. For example, you may provide sensitive information such as racial or ethnic origin, sexual orientation, health information or religious or philosophical beliefs in a workflow that your employer has created. You consent to us collecting sensitive information which you provide to us voluntarily. If we need to collect any sensitive information for a specific purpose, we will ask for your consent.
5. What kind of (categories) Personal Information does Appical process?
Appical processes the following personal information:
First name, Last name & Email address.
This information is required to create an account. Additional data can be entered by Employer or by You but this is optional.
First name, Last name & Email address, Skype ID, Linkedin ID, Job title & department, phone number, profile picture, IP Address, or any information asked through HR Forms by your employer.
Our feature HR Forms allows your employer to directly collect certain information for human resource purposes.
As a user, when you respond to HR Forms hosted by Appical, we collect, on behalf and upon instructions of your employer, information relating to you and your use of our services from a variety of sources:
(i) Information we collect directly from the user: HR Forms responses
During employment measures are implemented to ensure that all (permanent and short term) staff comply to the information security requirements. All staff will be instructed at employment and trained during employment as is required based on their role and access to information according to the information classification guidelines. During employment employees are made aware of rules and procedures concerning security.
A program for information security awareness, education and training is defined and implemented. Staff awareness on information security requirements is validated during employment on regular intervals.
Our customers own all textual and visual content within their courses. The customer specific content will remain property by our customers and will not be re-used for other purposes.
6. Sharing Personal Information with third parties and (categories of) recipients
Appical only shares personal information with third parties if this is necessary for its services, when there is a legal obligation, or when Appical is specifically requested by the customer (the employer). Appical does not pass on personal data to third parties other than; Digital Ocean, Intercom Mailchimp (Mandrill) and Amazon (Amazon Web Services). Sub-processors that comply with the EU-U.S. Privacy Shield might process data outside the EEC.
7. How long does Appical store Personal Information?
Appical does not store Personal Information any longer than necessary. Specifically, this means that the Personal Information is removed from our system when a user is deleted or 18 months after a user is deactivated (access to Appical is cancelled) by the employer.
8. Right to withdraw consent, access, rectification and erasure of Personal Information
At all times you are entitled to revoke your consent with regard to the processing of personal information by Appical, the right to inspect and correct the processed Personal Information and the erasure and transfer of the Personal Information processed / stored by Appical. You can also submit a complaint about the processing of Personal Information to the Dutch Data Protection Authority.
9. Source of Personal Information
Personal information that is not obtained from you directly is obtained from your employer.
We use the following types of cookies:
● Functional cookies
● Statistic cookies
● Marketing cookies
Disable cookie collection It is possible to set your browser so that you do not receive cookies. However, in that case it may be that you can not make use of certain services of Appical, or that our website and app work less well.
Appical values the protection of your Personal Information. Therefore we apply the highest possible security standards, technical and organizational measures to protect your Personal Information against abuse.
Appical has an ISO27001:2013 certification for Information Security Management. ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to information security, and considers not only IT but all business operations.
The Web Application Firewall protects AppicalNow from the OWASP top 10 vulnerabilities by default (https://www.cloudflare.com/waf/). These OWASP rules are supplemented by 148 built-in WAF rules that are applied. The following OWASP Top 10 Vulnerabilities are monitored:
2. Broken authentication and session management
3. Cross-site scripting (XSS)
4. Insecure direct object references
5. Security misconfiguration
6. Sensitive data exposure
7. Missing function-level access control
8. Cross-Site Request Forgery (CSRF)
9. Using components with known vulnerabilities
10. Unvalidated redirects and forwards
Contact information for the Appical Privacy Officer is as followed:
TT. Vasumweg 58E
Amsterdam, The Netherlands
Attn: Privacy Officer firstname.lastname@example.org
Contact information for Appical’s Privacy Officer can be obtained by contacting Appical’s Privacy Officer at the address listed above.