- Home
- Trust & Legal
- Privacy Policy
Privacy Policy
Learn how Workmax manages personal data across our websites and services.
Overview
Welcome to Workmax. We deeply value the trust you place in us when you provide us with your Personal Data. Rest assured, we are fully committed to protecting your data to the highest standards as we provide our products and services to you. This Privacy Policy, a testament to our dedication, was last updated on 9 April 2024.
Scope of Policy
This Privacy Policy not only describes how we process the Personal Data of our existing and prospective customers, end-users who use or request our Services, visitors to our websites, vendors, partners, and those who participate in our promotions or events but also emphasises your data protection rights. This includes your right to object to some of the processing activities we carry out, empowering you in your data privacy.
This policy applies to all Personal Data that we collect, use, or disclose when providing our websites, platforms, apps, products, and services owned or operated by us, including to the following:
- Workmax HR and Payroll Platform
- Workmax App
We treat your Personal Data with the utmost care and in compliance with the applicable data protection laws. We may also provide additional information when we collect Personal Data where we feel it would be helpful to provide relevant and timely information.
Types of Information
The Personal Data we collect and process will vary depending on your dealings with us and the Services we provide.
We may also collect and process Special Categories of Personal Data with your explicit consent when providing our Services to you. This includes Special Categories of Personal Data submitted by you or on your behalf through our Workmax.
Personal Data We Collect
- Account Information – Name, username, date of birth, age, gender, sex, marital status, profile photo and login credentials
- Contact Information – Residential/postal address, email address, telephone emergency contact information, and social media handles.
- Business Information – Administrator and account owner names, signatures, and information about the company’s employees.
- Employment Information – Occupation or job title, information relating to your current employer, information related to your previous employers, key dates relating to your current role, salary, pension details, payslips, payment summaries, citizenship, visa status and tax information.
- ID Verification – Passport, driving license.
- Location Information – You agree to provide us with specific information via GPS and information you might manually type.
- Billing Information – Payments details such as debit/credit card details
- Special Categories of Personal Data – Health, Disability information, Biometric information, immigration information, criminal history and background checks.
How we collect your information
We may collect Personal Data through our Services provided to you or through other means when we engage with you or third parties.
- Through the Services and sign-up process – we collect the information you provide to us when you request, sign up for, and use our Services, update your user profile, or voluntarily engage with us in other ways through the Services.
- General interactions with us – we collect information when you interact with us, such as when you use our communicate with us via email, telephone, SMS, video conference, social media or chatbots, make enquiries regarding demos, attend or participate in our events or promotions, or when we collect feedback from you on the Services we provide. The information we may collect in these circumstances include your name, business name, address, email, phone number, company/employer information, job function, team size, reason for contacting us, survey and research responses, social media information, and video and call recordings.
- Automatic collection – we automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes digital interactions data, i.e., how you use our digital properties (including our websites, third-party websites, social media sites, apps and electronic communications), metadata (collected on an anonymous basis), consumer analytic data (collected on an anonymous basis but which can be attributed to you based on other information we have about you), log file information, information about the type of device and operating system used by you, location information, computer IP addresses, and marketing and cookie preferences, including any consent you have given us.
- General collection from third parties – we may collect your Personal Data from third parties where you have provided consent or where such Personal Data is provided to us on a legal basis. This includes situations where an employer provides information about employees through our platforms or apps. This also includes situations where Personal Data is collected through third-party APIs or by third-party service providers, including providers who support automatic collection as mentioned above, social media sites who are permitted to disclose that information to us under a legal basis, or to support our delivery of Services or direct marketing activities. We may also collect Personal Data about you through our affiliates.
- Google APIs – we may receive Personal Data via Google APIs. Our use of Persona Data received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Google reCAPTCHA – we have implemented Google reCAPTCHA Enterprise on certain products and services to prevent malicious software from engaging in abusive activities on our Services. Your use of reCAPTCHA Enterprise is subject to Google’s Privacy Policy and Terms of Use.
- Google Analytics – we may use Google Analytics to obtain certain analytics information regarding your interactions with our Services. You may opt out of the Google Analytics service using your information by installing the Google Analytics Opt-out Browser tool.
Why do we process information?
We must have a legal basis to process your Personal Data, and we explain these legal bases below.
- Contractual performance – we have obligations under our contract with you. To fulfil those obligations, we will have to use your data.
- Consent – in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data and the purposes for which the data will be used.
- Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data based on a legitimate interest, then to the extent required by data protection law, we carry out a balancing test to document our interests, consider what the impact of the processing will be on individuals, and determine whether individuals’ interests outweigh our interests in the processing activity taking place.
- Legal obligation – as an organisation, we must comply with applicable legal and regulatory requirements. In certain cases, we must use your Personal Data to meet these obligations.
How We Share Your Data
We may share your Personal Data with our affiliates and with other third parties from time to time for the purposes and means described in this Privacy Policy. We may disclose your information to:
- Members and personnel of the Workmax group – we may share your information between our affiliates and business functions, including with our employees, contractors and representatives for the purposes of the delivery and operation of our Services, and fulfilling requests by you.
- Vendors who support the delivery of our Services – we may disclose your Personal Data (including via APIs) to specific third-party service providers who facilitate the delivery of our Services. These third parties are given access to your Personal Data only to perform these tasks on our behalf or for our benefit and are required not to use or disclose it for any other purpose.
- Third-party service providers – we may disclose your Personal Data to third parties who provide services, software, and content made available for use on or through our Services (including add-ons and integrated services);
- Web browser extensions providers – our sharing of your Personal Data with third parties may occur using verified web browser extensions. These web browser extensions will only be used by the business if it is developed by the third-party provider of the standard version of that product or service.
- Legal and regulatory authorities – we may share your information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
- Parties involved in a business sale – if we undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business.
- Event partners – we may share your data with event or promotion partners for the purpose of delivering such event or promotion.
- Business partners – we may share your data with our existing or potential agents, business partners, or joint venture entities to enable us to perform our business activities in relation to our services; and
- Your organisation— If you are an employee of one of our customers, we may share your information with your employer and other personnel in your organisation (where necessary and reasonable).
International Data Transfers
We do not process Personal Data outside the country
Third-party links
The Services may contain links to other websites operated by third parties. We make no representations or warranties regarding the privacy practices of any third-party website. Third-party websites are responsible for informing you about their privacy practices and policies, and you are encouraged to review the privacy notices.
Storage and Security of Personal Data
Our third-party storage provider will store and manage our personal data in secure data centres in London. Further details on our third-party storage provider’s location and security can be found here.
Please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee the absolute security of the Personal Data we have collected from you.
You can also play an important role in keeping your Personal Data secure by maintaining the confidentiality of any passwords and accounts used on the Services. Please notify us immediately if any other internet user unauthorisedly uses your account or if there is any other breach of security relating to your account via email at support@workmax.co.uk.
Data retention
We store data for as long as necessary to provide our services in accordance with our internal Data Retention Policy. This is a case-by-case determination that depends on the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. You can delete some Personal Data whenever you like; some data is deleted automatically, and some data we retain for longer periods.
For example:
- We keep account information for as long as your subscription or agreement continues or as long as necessary to deliver our Services.
- We will record that you have asked us not to send you direct marketing so that we can respect your request in the future. If you unsubscribe from receiving direct marketing, we will remove your details from our direct marketing mailing list.
- We will keep the usage information and analytics data relating to your use of the Services to understand how people use our Services. We will do this through cookies and tracking technologies to provide us with user analytics data to improve our Services and enhance your user experience. More information about the retention period of cookies can be found in our Cookie Policy.
Sometimes, business and legal requirements oblige us to retain certain information for specific purposes and an extended period. Reasons we might retain some data for longer periods include security, fraud prevention, financial record-keeping, complying with legal or regulatory requirements, ensuring the continuity of our Services, and when you have had direct communications with us.
Your rights and choices
You have the right to access your Personal Data or to correct, delete or restrict the processing of your Personal Data. You can also obtain the Personal Data you provide us on a contractual basis or with your consent, in a structured, machine-readable format.
You can also correct and delete some Personal Data through your account provided by our Services. Where your Personal Data has been provided to us by a third party acting as a data controller (such as your employer), you must ask that third party to correct or delete your Data on your behalf. This third party will request that we correct or delete the Personal Data from our systems.
In addition, you can object to the processing of your Personal Data in some circumstances, i.e., when we process your Personal Data based on our legitimate interests or where we are using the data for direct marketing.
These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
You can contact us using the details below to exercise any of these rights, including obtaining a copy of your legitimate interest balancing test. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.
For the provision of information marked as mandatory when you register to use our Service, if such information is not provided, you will not be able to use our services. All other provisions of your information are optional. If you do not provide such information, our provision of certain services to you may be detracted from.
Where we rely on your consent, such as in relation to direct marketing communications, you can always withdraw that consent at any time.
If you ask to withdraw your consent to our processing of your data, this will not affect any processing which has already taken place.
How to get in touch with us
If you have any questions or concerns about how we process your data, please email us at support@workmax.co.uk.