What’s the tl;dr?
All of the data that you send to Human Made belongs to you. We know where it is and can track it through the organisation. If you want us to delete it, just email us at privacy@humanmade.com
Great! What’s the long version?
We’re serious about protecting your data. In this note, you’ll find out:
- The personal data that we collect;
- Where we got your personal data from;
- Your personal data rights;
- Your right to object to our processing your personal data and withdrawing consent;
- How and when we use that personal data;
- Whether we share your personal data with anyone else;
- For how long will we keep your personal data;
- How you can access your personal data;
- Information on our use of cookies
What data do you collect?
As an employee or permanent contractor at Human Made we collect the following data as it is necessary to perform your employment contract:
- Your full name
- Your personal email, phone number, and physical (working) location
- Your current and previous address(es)
- Your job role, job start date, and employment type
- Your salary information and bank details
- Your time off dates and sick days
- Your IP address and access history to HM servers
- Details of devices used to access work applications and services, including operating system versions, compliance with our security policy, and other details necessary to ensure security
We collect your date of birth, nationality, ID and passport information so that we can comply with law.
We collect your next of kin, next of kin phone number, and health information to protect your vital interests.
We collect your profile image and data as it is necessary for our legitimate interests.
And we collect your Twitter handle and website information with your consent.
Okay, great. What are my rights?
You have the right to request access to your personal data, amendments to it, and for it to be deleted. Further information about those rights along with your right to withdraw any consent you’ve given or object to our processing your data can be found in our data protection policy by clicking ‘here’. That policy also includes who to speak with if you have any queries about our approach to processing your personal data.
But just what are you doing with that data?
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
- We will use it to carry out your employment contract, including communicating with you and paying your salary.
- We will use it in case of an emergency, during which we will contact your next of kin and inform authorities of any relevant information.
- We will use it to give you access to Human Made’s tools, including Slack, Github, and other tools we use.
- We will use it to ensure security and privacy of data we handle, including data on other employees and data we process or control on behalf of customers.
- We will use it to generate your profile on our website.
Where is my data stored?
Where possible, we keep your data stored in the EEA. When it is not possible, the following safeguards are in place:
- We use Google Apps as our email platform and for documents so your data is stored on Google’s servers, which are based in all over the world. Data transfer to the US certified under Privacy Shield. Data transfers to other countries are covered by Google’s model contract clauses, which have been approved by the European Data Protection Authorities.
- We use Xero for managing payroll. Where your data is transferred outside the EEA, adequate protection is provided by entering into the EC’s Standard Contractual Clauses and Privacy Shield.
- We use Trello to manage HR so your data is transferred out of the EU and stored in the USA. This is covered by Atlassian’s Privacy Shield agreement.
- We use Apple Business Essentials to manage company-owned devices. Data use is covered by Apple’s Data Processing Addendum.
- We use Slack for communication within our company, and will set up a channel for collaborating with you on your project. Where data is transferred to the US it is covered by Slack’s privacy shield. Transfers outside the USA and EEA, are covered by Slack’s EU Model Clauses.
- We use Github for managing projects. Github’s servers are in the USA. Data transferred there is covered by Github’s privacy shield certification.
- We use AWS to host our internal blog network, including Facts and Hub. Your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by AWS (Amazon Web Services).
Do you ever share my data?
As a remote company that is heavily reliant on cloud technologies, your data will be shared with some third-party companies. When we share your data with third-parties we conduct an impact assessment to ensure that your data remains protected. The instances when we transfer data to a third-party are:
- When we transfer it to our third-party tools, as listed above.
- Where we’re required to disclose it by law – to government bodies for example.
- Where you have given consent for us to share it with a third party.
How long do you keep my data for?
We keep your data for the duration of your employment contract + 6 years.
Can I get a copy of my data?
Sure! You can ask us for a copy of the personal data that we hold on you by emailing privacy@humanmade.com. We’ll ask you for copies of two types of approved identity in order to process your request (such as a passport and driving licence). You can also ask us to make corrections to data you consider to be inaccurate by emailing privacy@humanmade.com.