TeamHaven is a product that is used by employers to manage the field activity of their employees. Our customer (the employer) will typically upload data about each of their employees and that data might contain personal information.
Although we have no control over what personal information our customers choose to upload, we understand that we must treat all personal information with the utmost respect.
To that end, this policy explains how we protect and use personal information.
"TeamHaven Ltd" and "We" refer to the company, TeamHaven Ltd.
"TeamHaven" refers to the Software as a Service product sold by TeamHaven Ltd.
"TeamHaven Mobile" refers to the TeamHaven Mobile application for iOS and Android.
"Customer" refers to a customer of TeamHaven Ltd.
"Customer Data" refers to data uploaded into TeamHaven by a Customer, including data collected using TeamHaven on behalf of a Customer.
"Individual" refers to a person employed by or affiliated with a Customer.
"Personal Information" refers to Customer Data that contains personal, private or confidential information about an Individual.
"Personal data" means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. the data processor is TeamHaven Ltd.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
TeamHaven Ltd collects Personal Information in the following ways:
The information provided when filling out the Contact Request form.
Customers may upload Personal Information about Individuals.
TeamHaven Mobile may collect your geographical location when starting and completing visits.
Lawfulness of Processing
TeamHaven Ltd is Processing the data under the authority of the controller.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Many Customers will upload Personal Information about their employees and other users. These individuals may have had no choice in the decision and may even be unaware about what has been shared. We must guard their Personal Information carefully and treat it as respectfully as if it were our own.
We have a duty of care to all the individuals whose information is entered into TeamHaven, and this duty supersedes our duty to the Customer. In all cases where an individual's Personal Information is involved, we must carefully consider whether what we are being asked to do with this information is both legal and ethical.
How we use Personal Information
Contact details for obtained from our Contact Request form will be used by TeamHaven Ltd solely for the purpose of contacting the individual regarding their request.
From time to time we may use Personal Information contained in Customer Data to obtain the email addresses of Individuals to inform them of TeamHaven-specific events such as downtime and system upgrades.
We may use your postal address to determine the geographical location of your home address.
We may use your the geographical location of your home address to facilitate accurate route planning and to determine your proximity to store locations.
In order to obtain the geographical location of your home address, we may send it to Google Maps for Business. If we do, then we will not include any information apart from your address (no name, phone number, email address etc.).
TeamHaven Mobile collects your geographical location so that we can determine whether you are/were close to a store location when you started and/or completed a store visit.
Usernames and passwords are assigned to TeamHaven users and this information is associated with other Personal Information.
We will treat every piece of data that the Customer gives us as if it were a vital trade secret. We will take care to ensure that we never disclose it to unauthorised individuals and we will guard against accidental loss to the best of our abilities.
Location: Netherlands (Azure West Europe Region)
TeamHaven server is using Microsoft Azure server and it its safeguard measure. For more details please visit: https://www.microsoft.com/en-us/trustcenter/privacy/default.aspx
For extended Security Documentation visit: https://docs.microsoft.com/en-us/azure/security/
From time to time, Customers may require TeamHaven Ltd employees to download information that includes Personal Information onto their Personal Computers. The security of these computers is controlled by TeamHaven's internal Data Storage Policy.
TeamHaven operates a telephone support desk for our clients. No Customer Data can be given out via the phone and this support is limited to technical and accounts support only.
Security of Personal Information
TeamHaven Ltd has no control over the data that our Customers choose to upload about Individuals, but all Customer Data (including Personal Information) stored within TeamHaven is subject to our Privacy and Data Security Policy. The Controller shall be responsible for, and be able to demonstrate compliance with the General Data Protection Regulation including the processing that is based on consent, the controller again shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
Rights of the data subjects
The controller shall take appropriate measures to provide any information about processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
TeamHaven Ltd is Processing the data under the authority of the controller.
Access to Personal data
the Controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
- Right to rectification
- Right to erasure
- Right to object
- Right to restriction of processing
- Right of access
- Right to data portability
Information to be provided
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
- the identity and the contact details of the controller and, where applicable, of the controller’s representative;
- the contact details of the data protection officer, where applicable;
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
- where the processing is based on controller, the legitimate interests pursued by the controller or by a third party;
- the recipients or categories of recipients of the personal data, if any;
- where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the the identity and the contact details of the controller and, where applicable, of the controller’s representative.
Notification of breach
- The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
- The processor shall notify the ICO without undue delay up to maximum of 72 hours delay after becoming aware of a personal data breach if is likely to result in a high risk to the rights and freedoms of natural persons or data subjects.
- describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.