TeamHaven is a product that is used by employers to manage the field activity of their employees. Our customer (the employer) will typically upload data about each of their employees and that data might contain personal information.
Although we have no control over what personal information our customers choose to upload, we understand that we must treat all personal information with the utmost respect.
To that end, this policy explains how we protect and use personal information.
"TeamHaven Ltd" and "We" refer to the company, TeamHaven Ltd.
"TeamHaven" refers to the Software as a Service product sold by TeamHaven Ltd.
"TeamHaven Mobile" refers to the TeamHaven Mobile application for iOS and Android.
"Customer" refers to a customer of TeamHaven Ltd.
"Customer Data" refers to data uploaded into TeamHaven by a Customer, including data collected using TeamHaven on behalf of a Customer.
"Individual" refers to a person employed by or affiliated with a Customer.
"Personal Information" refers to Customer Data that contains personal, private or confidential information about an Individual.
"Personal data" means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. the data processor is TeamHaven Ltd.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Account Admin" those who are assigned the role of Account Admin within TeamHaven.
"Project Manager" those who are assigned the role of Project Manager within TeamHaven.
"Call" is an activity or task that has been created within TeamHaven.
TeamHaven Ltd collects Personal Information in the following ways:
The information provided when filling out the Contact Request form. This information may include: first name, last name, email address, telephone number, company name and company type.
The information provided when corresponding with an employee of TeamHaven by email, phone and meeting. This information could include: email address, first name, last name, company name, company type and as well as any details discussed during contact.
Customers may upload Personal Information about Individuals. The Personal Information could include username, first name, last name, home address, telephone, email address and SMS information. However, as TeamHaven acts as the Processor, Customers have the ability to store additional information about Individuals.
TeamHaven Mobile may collect your geographical location when starting Calls as well as collecting the data on how far a away an Individual is from a call. TeamHaven employees will not be able to see the exact address of the individual and location information will only be tracked when users Start Day, End Day, Check-In or Check-out.
We collect the date and time an Individual last used the TeamHaven Mobile app, the version of the TeamHaven app being used, and the mobile platform used to log in.
Depending on how the Data Controller uses TeamHaven, TeamHaven will store data entered during a Call.
Lawfulness of Processing
TeamHaven Ltd is Processing the data under the authority of the controller.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Therefore, for any countries operating in the EU it is the Customer’s responsibility as the data controller to ensure that any data they are holding within TeamHaven is being collected, managed and deleted from TeamHaven in compliance with GDPR.
Many Customers will upload Personal Information about their employees and other users. These individuals may have had no choice in the decision and may even be unaware about what has been shared. We must guard their Personal Information carefully and treat it as respectfully as if it were our own.
We have a duty of care to all the individuals whose information is entered into TeamHaven, and this duty supersedes our duty to the Customer. In all cases where an individual's Personal Information is involved, we must carefully consider whether what we are being asked to do with this information is both legal and ethical.
How we use Personal Information
Contact details for obtained from our Contact Request form will be used by TeamHaven Ltd solely for the purpose of contacting the individual regarding their request.
From time to time we may use Personal Information contained in Customer Data to obtain users email addresses, first name, last name and organisation name. The information is used to inform Customers of TeamHaven-specific events such as downtime, system upgrades, news and pieces of TeamHaven specific content that we believe Customers would be interested in. We do not share this information with third parties.
We may use your postal address to determine the geographical location of your home address.
We may use your the geographical location of your home address to facilitate accurate route planning and to determine your proximity to store locations.
In order to obtain the geographical location of your home address, we may send it to Google Maps for Business. If we do, then we will not include any information apart from your address (no name, phone number, email address etc.).
TeamHaven Mobile collects your geographical location so that we can determine whether you are/were close to a store location when you started and/or completed a store visit.
Usernames and passwords are assigned to TeamHaven users and this information is associated with other Personal Information.
We collect the date and time a Customer or Individual last used the TeamHaven Mobile app, the version of the TeamHaven app and the mobile platform the Customer or Individual used to log in. This information is collected in order to help and support Customers and/or Individuals with any errors or issues regarding the TeamHaven Mobile App.
Depending on the Data Controller’s settings within TeamHaven, TeamHaven may store a success rating against an Individual’s Personal Information. This is used to help the Data Controller assign the right Individuals to the right Calls within TeamHaven.
We will treat every piece of data that the Customer gives us as if it were a vital trade secret. We will take care to ensure that we never disclose it to unauthorised individuals and we will guard against accidental loss to the best of our abilities.
Location: The Netherlands (Azure West Europe Region)
TeamHaven server is using Microsoft Azure server and it its safeguard measure. For more details please visit: https://www.microsoft.com/en-us/trustcenter/privacy/default.aspx
For extended Security Documentation visit: https://docs.microsoft.com/en-us/azure/security/
From time to time, Customers may require TeamHaven Ltd employees to download information that includes Personal Information onto their Personal Computers. The security of these computers is controlled by TeamHaven's internal Data Storage Policy.
TeamHaven operates a telephone support desk for our clients. No Customer Data can be given out via the phone and this support is limited to technical and accounts support only.
Security of Personal Information
TeamHaven Ltd has no control over the data that our Customers choose to upload about Individuals, but all Customer Data (including Personal Information) stored within TeamHaven is subject to our Privacy and Data Security Policy. The Controller shall be responsible for, and be able to demonstrate compliance with the General Data Protection Regulation including the processing that is based on consent, the controller again shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
Rights of the data subjects
The controller shall take appropriate measures to provide any information about processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
TeamHaven Ltd is Processing the data under the authority of the controller.
Access to Personal data
the Controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
Right to rectification- Personal information can be changed within the user’s profile in TeamHaven.
Right to erasure- Customers can delete users via the ‘User List’ menu in TeamHaven. Individuals should contact their employer (the Customer) if they wish for their information to be removed. Please note, some personal information is required in order to use TeamHaven Mobile. TeamHaven does store deleted information for a period of time after deletion. This is so that if need be, information can be recovered. For more information, please see TeamHaven’s Data Retention Policy.
Right to object
Marketing Emails- to object to these emails use the unsubscribe link within the email.
Direct Marketing- Email email@example.com or the sender to opt-out.
Information being stored in TeamHaven- In order for TeamHaven to function, certain personal information must be captured. Any additional data being stored is at the Customer’s discretion.
Cookies- In order for TeamHaven to function correctly, some cookies are necessary for the service. However, we do also collect cookies for the purpose of helping us to analyse site traffic and improve our website. To manage your cookies please read the Managing Cookies Policy.
Right to restriction of processing- The information that the Processor stores is necessary to TeamHaven to functio. In order to remove the necessary information, the Customer or Individual would have to be deleted from TeamHaven. For any additional data being stored within TeamHaven, it is the responsibility of the Data Controller.
Right of access- To see your personal information stored within TeamHaven, go into TeamHaven, click on your name in the right-hand corner, then select ‘My Profile’ from the Drop Down box. To find out if your information is being stored in the TeamHaven Ltd. mailing database please contact firstname.lastname@example.org.
Right to data portability- On request, TeamHaven will provide a Collector or Individual’s data in the format of an Excel spread sheet. To request this please contact email@example.com.
Information to be provided
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
- the identity and the contact details of the controller and, where applicable, of the controller’s representative;
- the contact details of the data protection officer, where applicable;
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
- where the processing is based on controller, the legitimate interests pursued by the controller or by a third party;
- the recipients or categories of recipients of the personal data, if any;
- where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the the identity and the contact details of the controller and, where applicable, of the controller’s representative.
Notification of breach
- The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
- The processor shall notify the ICO without undue delay up to maximum of 72 hours delay after becoming aware of a personal data breach if is likely to result in a high risk to the rights and freedoms of natural persons or data subjects.
- describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
Last updated 24th May 2018