Workist GmbH (hereinafter: “Workist”) offers its customers web-based access to its AI-supported process automation platform (“Platform”) as part of a software-as-a-service solution. Workist attaches great importance to the protection of privacy and observes the legal data protection regulations. In the following, we explain how we handle your personal data.
The responsible party in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is
Workist GmbH
Linienstraße 126
10115 Berlin
Deutschland
E-mail: info@workist.com
Represented by the managing directors: Alexander Müller, Tim Wegner & Dr. Fabian Brosig
Our appointed data protection officer is:
Kertos GmbH
Briennerstraße 41
80333 Munich
Germany
E-mail: dsb@kertos.io
Nature and purpose of the processing
When you access our platform, your device automatically transmits data for technical reasons. Beim Zugriff auf unsere Plattform übermittelt Ihr Endgerät aus technischen Gründen automatisch Daten. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, the date and time of access and similar.
The data is processed in particular for the following purposes:
We do not use your data to draw conclusions about you personally. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use. Furthermore, we evaluate them statistically in anonymized form, if necessary, in order to optimize our platform and the technology behind it.
Legal basis and legitimate interest
The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our platform and ensuring system security and abuse detection.
Recipients
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our platform.
Third country transfer
The data collected will not be transferred to countries outside the European Economic Area (“EEA”).
Storage period
Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 90 days; unless a security-relevant event occurs (e.g. a DDoS attack).
Provision mandatory or required
The provision of the aforementioned personal data is not required by law or contract. However, without the provision of the data, the service and functionality of our platform cannot be guaranteed. In addition, individual services may not be available or may only be available to a limited extent.
Nature and purpose of the processing
In order to be able to use all the functions of our platform, you must register, regardless of the form in which the contract is concluded. To do so, you must provide the following information:
Your registration data is required to set up and manage an account for you and to enable you to use our platform.
Legal basis and legitimate interest
Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the fulfillment of contractual obligations, i.e. the provision of platform access.
If a customer of Workist (“Customer”) creates a user account for other persons, e.g. employees, or enables them to register, the legal basis for the processing of the registration data by Workist is Art. 28 para. 1 GDPR. In this case, the Customer is responsible under data protection law.
Recipients
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our platform.
Third country transfer
The data collected will not be transferred to countries outside the EEA.
Storage period
The data is stored for the duration of the contractual relationship. Workist stores the data in accordance with the contractual provisions for a period of four weeks beyond the termination of the contractual relationship in order to protect the customer from accidental data loss.
Provision mandatory or required
The provision of the aforementioned personal data is not required by law or contract. However, we can only create a user account for the platform if you provide us with the necessary data.
Nature and purpose of the processing
As part of the use of the platform operated by Workist, personal data may be contained in customer content. This personal data is processed exclusively for the purpose and in the context of the fulfillment of the contract.
Legal basis and legitimate interest
Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the fulfillment of contractual obligations, i.e. the provision and use of the platform.
Recipients
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our platform.
Third country transfer
The data collected will not be transferred to countries outside the EEA.
Storage period
The data is stored for the duration of the contractual relationship. Workist stores the data in accordance with the contractual provisions for a period of four weeks beyond the termination of the contractual relationship in order to protect the customer from accidental data loss.
Provision mandatory or required
The provision of the aforementioned personal data is not required by law or contract. Without the provision of the data, however, the contractual service cannot be provided.
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
You may revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
In addition, you have the right to lodge a complaint with the competent data protection supervisory authority, e.g. the supervisory authority of your place of residence or the authority that supervises us. A list of the supervisory authorities with the respective addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.