Data Security & General Data Protection Regulation (GDPR)

Security & Integrity 

All absence.io servers are located in Germany. This means we have to adhere to the data privacy regulations of the European Union (EU), namely and lately the General Data Protection Regulation ie. GDPR or "DSGVO".

Data privacy regulations in the European Union are among the strictest in the world, and among all European member states, Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz). This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies are not allowed to collect any personal information (e.g. name, date of birth, IP address) without express permission from an individual.

There is no law in Germany that could force us to submit to a gag order or to implement a backdoor.

Important Customer Documents 

For customers, the most relevant documents to consider when starting to work with absence.io can be found here:

• Terms and Conditions
• Data Privacy on the Website
• Data Processing Agreement (DPA)
  • digital signature & timestamp in the absence.io settings
  • Or attached to this article for Download
• Subcontractor list 
• Technical and organisational measures (TOMs)

The data protection officer of the controller is: 
DataCo GmbH
Nymphenburger Str. 86
80636 München
+49 (0)89 7400 4584
www.dataguard.de datenschutz@dataguard.de

Here you can find the DPA in absence.io: 

Our Security Explained by example: 

We strongly believe that data security & integrity should be a given in any software. Frankly, we do not need regulations like GDPR, Privacy Shield and others to remind us. absence.io has always maintained a Information & Security Management System (in Short "ISMS) which describes controls that ensure we are sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.

At absence.io we working hard to ensure our app and processes are GDPR compliant. We fully believe that just because the GDPR is serious business, doesn’t mean that we can’t make it a little fun and exciting—after all data security is in the best interest of everyone.

So, what’s the GDPR all about? Firstly, GDPR stands for General Data Protection Regulation and will replace and build on the Data Protection Directive (DPD) of 1995. Previously, DPD depended on regulation changes on state level; however, with GDPR, the laws will go in effect EU-wide without the need for state members to introduce laws themselves.

Secondly, the GDPR doesn’t only apply to EU-based businesses, but also to businesses that monitor and process the data of EU citizens. This means that whether you’re in the North Pole or down under, as long as you handle the data of EU citizens, you too will have to be GDPR compliant.

With the introduction of the GDPR on 25 May 2018, as a ‘data processor’, absence.io will have to ensure that not only do we take certain security measures to protect the personal data of EU citizens, but that we also set up transparent and secure ways of handling personal data.

Therefore, our team is fully dedicated to meeting all the GDPR mandates to ensure that absence.io is not only compliant, but that we also provide more quality experiences for those who trust us with their personal data.

Example Case

Meet Alan, the CEO of Deer Ltd., a company in Spain, an EU member state. Deer Ltd. and its employees are all users of absence.io.

Therefore, we at absence.io are ‘data processors’ since we handle the personal data of data subjects (e.g. employees at Deer Ltd.) on behalf of the customer, also referred to as the "data controller" (e.g. Deer Ltd.).

In this instance, Deer Ltd., is responsible for the personal data of their data subjects (i.e. their employees). However absence.io, as the data processor, has to make sure to only process the subjects data necessary to fulfil our contract with the data controller. This is all a complicated way to make sure that:

1. absence.io is only processing data needed to deliver our services (absence management, time tracking & personell management) to Deer Ltd.
2. absence.io evaluates regularly why, by whom and where Deer Ltd. Employee data is being processed.
3. Deer Ltd. is aware of the data being processed & by whom. We inform Deer Ltd. about any data processing changes.
4. absence.io always has a reason to process data, rooted in the service contract with each customer.
5. Deer Ltd. may contact absence.io Data Privacy Officers at any time to inquire GDPR rights or other legal information on personal data & security.
6. Since we use third-party services to handle some user data, we’ll also have to consider the procedures related to ‘data (sub)processors’ if they process data from Deer Ltd. employees. If we use any third party software to fulfil the service contract with the customer, Deer Ltd. has to know which data is being processed & why (see 3. above).

Below you’ll find a detailed list of what we’ve changed or added to be GDPR compliant.

GDPR Rights - Empowering the Customer

More on cookies here. 

• EN_2024_Data protection information_absence.io.pdf
  200 KB Download
• DE_2024_Datenschutz-Informationen_absence.io.pdf
  300 KB Download
• EN_2024_DPA Data Processing Agreement_absence.io.pdf
  500 KB Download
• DE_2024_DPA Vereinbarung zur Auftragsdatenverarbeitung_absence.io.pdf
  500 KB Download