What’s the tl;dr?
All of the data that you send to Human Made belongs to you. We know where it is and can track it through the organisation. If you want us to delete it, just email us at email@example.com
Great! What’s the long version?
We’re serious about protecting your data. In this note, you’ll find out:
- The personal data that we collect;
- Where we got your personal data from;
- Your personal data rights;
- Your right to object to our processing your personal data and withdrawing consent;
- How and when we use that personal data;
- Whether we share your personal data with anyone else;
- For how long will we keep your personal data;
- How you can access your personal data;
What data do you collect?
As an employee at Human Made we collect your full name, personal email, previous address, current address, job role, job start date, employment type, salary information, bank details, time off dates, sick days, IP address, Phone number, physical location, proxy access history, and SSH public key as it is necessary to perform your employment contract.
We collect your date of birth, nationality, ID and passport information so that we can comply with law.
We collect your next of kin, next of kin phone number, and health information to protect your vital interests.
We collect your profile image and data as it is necessary for our legitimate interests.
And we collect your Twitter handle and website information with your consent.
Okay, great. What are my rights?
You have the right to request access to your personal data, amendments to it, and for it to be deleted. Further information about those rights along with your right to withdraw any consent you’ve given or object to our processing your data can be found in our data protection policy by clicking ‘here’. That policy also includes who to speak with if you have any queries about our approach to processing your personal data.
But just what are you doing with that data?
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
- We will use it to carry out your employment contract, including communicating with you and paying your salary.
- We will use it in case of an emergency, during which we will contact your next of kin and information authorities of any relevant information.
- We will use it to give you access to Human Made’s tools, including Slack, Github, and our proxy.
- We will use it to generate your profile on our website.
Where is my data stored?
Where possible, we keep your data stored in the EEA. When it is not possible, the following safeguards are in place:
- We use Google Apps as our email platform and for documents so your data is stored on Google’s servers, which are based in all over the world. Data transfer to the US certified under Privacy Shield. Data transfers to other countries are covered by Google’s model contract clauses, which have been approved by the European Data Protection Authorities.
- We use Xero for managing payroll. Where your data is transferred outside the EEA, adequate protection is provided by entering into the EC’s Standard Contractual Clauses and Privacy Shield.
- We use Trello to manage HR so your data is transferred out of the EU and stored in the USA. This is covered by Atlassian’s Privacy Shield agreement.
- We use Slack for communication within our company, and will set up a channel for collaborating with you on your project. Where data is transferred to the US it is covered by Slack’s privacy shield. Transfers outside the USA and EEA, are covered by Slack’s EU Model Clauses.
- We use Github for managing projects. Github’s servers are in the USA. Data transferred there is covered by Github’s privacy shield certification.
- We use AWS to host our internal blog network, including Facts and Hub. Your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by AWS (Amazon Web Services).
Do you ever share my data?
As a remote company that is heavily reliant on cloud technologies, your data will be shared with some third-party companies. When we share your data with third-parties we conduct an impact assessment to ensure that your data remains protected. The instances when we transfer data to a third-party are:
- When we transfer it to our third-party tools, as listed above.
- Where we’re required to disclose it by law – to government bodies for example.
- Where you have given consent for us to share it with a third party.
How long do you keep my data for?
We keep your data for the duration of your employment contract + 6 years.
Can I get a copy of my data?
Sure! You can ask us for a copy of the personal data that we hold on you by emailing firstname.lastname@example.org. We’ll ask you for copies of two types of approved identity in order to process your request (such as a passport and driving licence). You can also ask us to make corrections to data you consider to be inaccurate by emailing email@example.com.