Last updated on: 18th September 2022.
Our Commitment to Privacy
At Workway, respecting your data privacy isnโt just a legal checkbox โ itโs a core part of our culture. We only collect and process the minimum personal data needed to deliver our services and nothing more. As a privacy-first company, GDPR is not a challenge โ itโs an opportunity to raise the bar even further.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that gives individuals greater control over their personal data and sets strict requirements for businesses on how that data is handled.
GDPR applies to:
All businesses operating within the EU
Any global company (like Workway) handling EU residentsโ data
๐
GDPR has been in effect since May 25, 2018, and weโve treated it as a global standard for all users โ no matter where you’re located.
What is Personal Data?
Under GDPR, personal data includes any information that can identify a person, directly or indirectly. This includes: Name, email, phone number, IP address, physical address, Financial details, political views, Biometric, health, and genetic data
Even browser identifiers
How Workway Is GDPR-Ready
We’ve taken major steps to ensure full compliance and user control:
1. Privacy Awareness & Training
Our teams are trained to follow privacy-first design in every module
We run regular internal discussions and enforce high data protection standards
2. Product-Level GDPR Features
Weโve implemented user-friendly privacy features across all Workway modules
These tools help you manage your data and fulfill your own GDPR obligations
3. Information Asset Register
We maintain an internal Information Asset Register (IAR)
It documents what personal data we process, who accesses it, and why
4. Sub-Processor Contracts
Weโve vetted all third-party vendors and signed updated agreements to ensure they meet GDPR standards
5. Privacy Champions & DPO
Each team at Workway has a Privacy Champion
Weโve appointed a Data Protection Officer (DPO) to oversee compliance
6. Privacy by Design
Every product follows privacy by design principles
From access control to data retention, privacy is built in โ not added later
7. Data Processing Addendum (DPA)
Our DPA is GDPR-compliant and built on Model Contractual Clauses
If you’re an admin and want to sign a DPA, email us atย [email protected]
8. DPIA & Internal Audits
We conduct Data Protection Impact Assessments (DPIA)
Internal audits help us strengthen our governance, controls, and response processes
9. Data Encryption & Security
We encrypt data at rest and in transit based on sensitivity, Developed internal tools for data discovery and governance
10. Breach Notification Process
If a data breach occurs, we’ll notify affected users within 72 hours
General updates go through our official channels; user-specific alerts are emailed
11. Updated Privacy Policy
Our Privacy Policy reflects GDPR requirements, based on our data flows and processing practices
Legal Disclaimer
This page is not legal advice. We recommend you consult a legal advisor to understand your own GDPR obligations as a controller or processor.
Got Questions?
We’re here to help.
๐ง Email us at:ย [email protected]