Privacy Policy
GDPR Sub Processors
Getswish
Collaboration: Processing pay out to Employee
Company location: EU
Data processing: EU
- We store Employee SSN — Required in payout processing
- We store Employee Swish payee Alias (Phone number in a special format) — Simplifies continuous pay outs
Stripe
Collaboration: Processing payments from Employers
Company location: EU-US
Data processing: EU-US
- We store Employer e-mail — Required from payment processor to send receipts on performed payments
- We send Employer e-mail to Stripe
Sendinblue
Collaboration: Sending e-mail to Employers and Employees
Company location: EU-US
Data processing: EU-US
- We store Employee full name
- We store Employee and Employer e-mail
Apple
Collaboration: Authentication and account creation
Company location: EU-US
Data processing: EU-US
- We get public information from Apple: Employer photo, full name, e-mail
- We get public information from Apple: Employee photo, full name, e-mail
- We store photo, full name and e-mail information received from Apple
Collaboration: Authentication and account creation
Company location: EU-US
Data processing: EU-US
- We get public information from google: Employer photo, full name, e-mail
- We get public information from google: Employee photo, full name, e-mail
- We store photo, full name and e-mail information received from google
Collaboration: Authentication and account creation
Company location: EU-US
Data processing: EU-US
- We get public info from facebook: Employer photo, full name, e-mail
- We get public info from facebook: Employee photo, full name, e-mail
- We store photo, full name and e-mail information received from facebook
Azure
Collaboration: Cloud service provider (operations and storage)
Company location: EU-US
Data processing: EU-US
- Data storage:
- Employer:
- Full name
- Phone number
- Restaurant:
- Name of the restaurant
- Web site
- Address
- Phone
- Organization number
- Restaurant pictures
- Employee:
- Full name
- Phone number
- Birthday
- SSN Swish
- Swish payee alias
- Gender
- Address
- User picture
- Employer:
1. The data controller
Gigsly AB
Business ID: 556995-3432
VAT Nr: 556995343201SE
Address: ERIKSSON FÖRTROLIGHETEN 41
2. Data protection officer of Gigsly AB
Rebecca Gunnarsson Eriksson
rebecca@gigsly.se
3. The name of the data register
The user data base of Gigsly -service
4. The use and purpose of the personal data register
The service collects personal information from users so that users can be offered a staffing service or employment relationship between themselves. In order for the staffing or employment relationship to be carried out reliably and to meet the statutory obligations related to payroll, the service will collect the personal information from the users. The ground for processing your personal data is the data controller′s legitimate interest.
The service is an online service for companies and private individuals. The users must register to the service in order to use the service.
When registering the user is identified with their email, Apple ID, Google account or Facebook -user account and the logging in to the service is made using the Facebook -account, email, Google account or Apple ID.
The user is responsible for their passwords and must keep it as their personal knowledge. The user is also responsible for the use of Gigsly that has happened using their account.
Personal data is used in manners allowed by the personal data act and within the boundaries set by the said act.
The registered users are in the user register of Gigsly AB. The information stored in the data register is processed in accordance with the data protection legislation to deliver and improve the service, to contact users and handle feedback, to administer payments, for statistical purposes and for other purposes. Gigsly may use third parties to carry out the said Gigs.
5. The information in the data register
The personal data register contains the following personal data:
User′s contact information (name, address, email, and phone number)
Employee′s identity card (passport, indentity card, driving licence, national identification number)
Employee′s general information (gender, date of birth)
Photo of the employee
Employee′s permit documents
Employee′s tax card
Employee′s Swish payout information
Descriptions made by the employee
Reviews on the users given by other users
Messages sent between users (Chat-tool in service)
Event- and user analysis information
6. The usual sources of information
The users′ personal data is transferred from Facebook, i.e. from the data subject himself or herself:
Public profile which might be, depending on the settings, a user′s photo and name
Email address
The information provided by the users when registering or later on.
Comments and reviews of the user made by other users.
7. Regular transfers of data and data transfers outside the European Union or the European Economic Area
User data may be disclosed to partners, e-services or employers for functions that are essential for the service, such as storage of data, payroll obligations, payment of taxes, drafting of employment contracts, recording of work history or other work obligations.
The personal data (name and contact information) necessary for statutory obligations will automatically be disclosed to Employer who is responsible for taxes, pensions, notices and other obligations related to Gigs performed with the Employer.
In all cases, personal data shall only be transferred outside the European Union (the ″EU″) or the European Economic Area (the ″EEA″) on any of the following legitimate grounds:
- the EU Commission has decided that the recipient country in question ensures an adequate level of protection;
- appropriate safeguards have been established for the transfer of personal data by using the standard data protection clauses approved by the EU Commission. User shall then have the right to obtain a copy of such standard clauses by contacting us in the manner described in this privacy policy;
- the user has given her or his explicit consent for the transfer of her or his personal data; or
- another lawful basis for the transfer of personal data outside the EU or EEA exists.
Information on the current service providers and business partners in and outside the EU or EAA shall be provided on request.
8. The principles of the register′s data protection
The personal information stored in the register is kept confidential.
Only the employees of the service who need deal with personal information has access to the register with a personal username and password.
All partners who receive personal information are committed to comply with the General Data Protection Regulation. Data storage requires personal identification.
Personal information is deleted from the registers when the user requests his user account to be deleted as soon as this is possible.
9. Right of inspection
The user can check most of the information about himself or herself directly from the application of the service. The user can also contact the data protection officer of Gigsly if he or she wants more information on the processing of his or her personal data. The user also has the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the European Union member state of your habitual residence or place of work if he or she considers that his or her personal data has not been processed in accordance with applicable data protection legislation.
10. Correcting information and implementing data correction
The user can update their own data directly from the application, or contact the data protection officer of Gigsly.
11. Right to be forgotten
You have the right to claim all personal data about yourself to be removed for the service and our partners.
12. Right to limit processing
The user is always entitled to deny access to the data for direct marketing purposes.
The user can exercise his right to restrict processing of data when it is unclear whether personal data should be deleted or not.
The user can use their right when:
the accuracy of personal data is under dispute
object to the removal of personal data
information is no longer needed for the original purpose but can not be removed for legal reasons
you have objected to the processing of personal data, but no decision has yet been taken.
Restricting treatment means that we keep your personal data, but we can not use or disclose it without your consent, unless when used to finish statutory obligations.
13. Right to transfer data
The user has the right to transfer personal data from the register to another provided that the user has delivered the data controller such data himself or herself, and the data controller process such personal data based on an agreement, consent and the processing of your personal data is carried out by automated means. The data is delivered in generally file type.
14. Retention period of personal data
The user′s personal data shall be deleted after 12 months if the user has not entered into any agreements through the service and/or he or she has not logged in to the service for 12 months. In other cases, the user’s personal data shall be retained throughout the contractual relationship and for 7 years after its termination, if this is necessary, for example, to defend against legal claims
15. Cookies
The gigsly.app and the gigsly.se site uses cookies to develop a user experience.
A cookie is a text file that is stored on a user’s computer while on the web. It contains information and, among other things, is used to facilitate the use of the website. Cookies are used to collect information about the use of the pages. The user’s identity is not reflected in the cookies.
Cookies do not spread viruses or other malware because they are passive files. The site uses two different types of cookies: permanent cookies and temporary cookies:
Permanent cookies are text files that are sent and stored on your computer. Temporary cookie is only stored on your computer for the duration of a web page. To avoid cookies, you can configure your browser settings so that cookies are not downloaded to your computer. However, this may affect the functionality of the site.
16. Automated decision-making
An algorithm based recommendation may be used in the service, which may affect the decision making process of users. The data and algorithms processed are regularly reviewed to ensure that the decision-making process is working as intended and does not lead to, for example, discriminatory data processing for individuals. The final hiring decision is always made by a person.
For example, we could suggest to an employer seeking waiter users who are reviewed waiters in their proximity.