Privacy verklaring

Appical

Version date: 11-03-2019

Version: 3.0 1.

1. General

Appical values the protection of your personal information. Therefore we carefully handle the processing of personal information of our users.

Appical processes personal data only on behalf of the employer.

Appical advises you to read this privacy policy carefully and if you have any questions or comments please feel free to contact us at support@appical.net.

2. What is Personal Information?

Personal information is data that is directly or indirectly traceable to a (living)person. Examples of personal data are: name, address, date of birth, telephone number, location data, email address or an IP address.

3. Why does Appical process Personal Information?

Appical processes Personal Information with the aim of providing its services and allowing these services to function as good as possible, to improve the functioning of its services and to generate statistics. The data is shared with the employer.

In addition, data is processed for security purposes and to be able to communicate efficiently with users of its services.

4. Based on what grounds does Appical process personal data?

Except that Appical processes personal data with your explicit consent, it does so because it is necessary for the functioning of its services on the basis of the agreement with its customers (your employer) and on the grounds of its legitimate interest in the fulfillm ent of its business processes.

In order to be able to use the services of Appical (such as: prehiring, preboarding, onboarding, continuous learning and offboarding) it is therefore necessary that you provide personal information such as; first name, last name, email. Without this personal data, Appical is not be able to perform its services (completely) properly. Additional personal information can be processed when your employer asks for certain human resource related information. This information is not required to create an Appical account.

Indirectly from your employer

When your employer uses our services, your employer may provide your information to us on your behalf, for example when they register you as a user of our services or contact our support team for issues relating to your account. We may collect your name, email address, and employment related information. Where we receive personal information about you from your employer, we require that your employer has provided you with the information set out in this Privacy Policy, has collected and disclosed that information with your knowledge or consent and ensure you have not objected to our Processing of your personal information.

Sensitive information

We generally do not collect sensitive information about you, unless you provide it to us voluntarily. For example, you may provide sensitive information such as racial or ethnic origin, sexual orientation, health information or religious or philosophical beliefs in a workflow that your employer has created. You consent to us collecting sensitive information which you provide to us voluntarily. If we need to collect any sensitive information for a specific purpose, we will ask for your consent.

5. What kind of (categories) Personal Information does Appical process?

Appical processes the following personal information:

First name, Last name & Email address.

This information is required to create an account. Additional data can be entered by Employer or by You but this is optional.

e.g.

First name, Last name & Email address, Skype ID, Linkedin ID, Job title & department, phone number, profile picture, IP Address, or any information asked through HR Forms by your employer.

HR Forms

Our feature HR Forms allows your employer to directly collect certain information for human resource purposes.

As a user, when you respond to HR Forms hosted by Appical, we collect, on behalf and upon instructions of your employer, information relating to you and your use of our services from a variety of sources:

(i) Information we collect directly from the user: HR Forms responses

We collect and store the HR Forms responses from employees. Your employer is responsible for that data and manages it. The employer is usually the same person that invited the employees to take the HR Form and sometimes they have their own privacy policy. Appical has established and documented rules that control the access, authorization, and dissemination of information and restricting the access to company’s networks. The policy for access control is based on the principle of the least privilege. Core principles are need-to-know, need-to-use and access levels and privileges by role. Segregation of duties for requesting, authorizing, and reviewing access levels and privileges is implemented. Management of privileged access rights is implemented. A policy for secret authentication information of is defined and implemented.

During employment measures are implemented to ensure that all (permanent and short term) staff comply to the information security requirements. All staff will be instructed at employment and trained during employment as is required based on their role and access to information according to the information classification guidelines. During employment employees are made aware of rules and procedures concerning security.

A program for information security awareness, education and training is defined and implemented. Staff awareness on information security requirements is validated during employment on regular intervals.

Our customers own all textual and visual content within their courses. The customer specific content will remain property by our customers and will not be re-used for other purposes.

6. Sharing Personal Information with third parties and (categories of) recipients

Appical only shares personal information with third parties if this is necessary for its services, when there is a legal obligation, or when Appical is specifically requested by the customer (the employer). Appical does not pass on personal data to third parties other than; Digital Ocean, Intercom Mailchimp (Mandrill) and Amazon (Amazon Web Services). Sub-processors that comply with the EU-U.S. Privacy Shield might process data outside the EEC.

7. How long does Appical store Personal Information?

Appical does not store Personal Information any longer than necessary. Specifically, this means that the Personal Information is removed from our system when a user is deleted or 18 months after a user is deactivated (access to Appical is cancelled) by the employer.

8. Right to withdraw consent, access, rectification and erasure of Personal Information

At all times you are entitled to revoke your consent with regard to the processing of personal information by Appical, the right to inspect and correct the processed Personal Information and the erasure and transfer of the Personal Information processed / stored by Appical. You can also submit a complaint about the processing of Personal Information to the Dutch Data Protection Authority.

9. Source of Personal Information

Personal information that is not obtained from you directly is obtained from your employer.

10. Cookies

A cookie is a small file that is stored on your computer or telephone. Appical uses cookies to remember your preferences and to recognize its users on a subsequent visit. Cookies also enable Appical, among other things, to collect information about the use of our services and to improve and adapt these to the wishes of our users. [We ask permission to be allowed to place the cookies. If you agree, we can view your browsing habits and see what you have done on our website and in the app. If you do not agree with this, this may affect the operation of the site and app.]

We use the following types of cookies:

● Functional cookies

● Statistic cookies

● Marketing cookies

Disable cookie collection It is possible to set your browser so that you do not receive cookies. However, in that case it may be that you can not make use of certain services of Appical, or that our website and app work less well.

11. Security

Appical values the protection of your Personal Information. Therefore we apply the highest possible security standards, technical and organizational measures to protect your Personal Information against abuse.

Appical has an ISO27001:2013 certification for Information Security Management. ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to information security, and considers not only IT but all business operations.

The Web Application Firewall protects AppicalNow from the OWASP top 10 vulnerabilities by default (https://www.cloudflare.com/waf/). These OWASP rules are supplemented by 148 built-in WAF rules that are applied. The following OWASP Top 10 Vulnerabilities are monitored:

1. Injection

2. Broken authentication and session management

3. Cross-site scripting (XSS)

4. Insecure direct object references

5. Security misconfiguration

6. Sensitive data exposure

7. Missing function-level access control

8. Cross-Site Request Forgery (CSRF)

9. Using components with known vulnerabilities

10. Unvalidated redirects and forwards

 

Contact information for the Appical Privacy Officer is as followed:

Appical B.V.

TT. Vasumweg 58E

Amsterdam, The Netherlands

Attn: Privacy Officer support@appical.nl

Contact information for Appical’s Privacy Officer can be obtained by contacting Appical’s Privacy Officer at the address listed above.

 

Appical – T.T. Vasumweg 58E – 1033SC Amsterdam – KVK 54038502 – VAT NL851129158B01