Innomate - HR-system med suveræn workflow-styring
Phone: +45 7020 8343
dk gb

First slide image

Dataprotection - GDPR

6 Feb 2025
MajBritt

The following applies when using INNOMATE HR via cloud.

Data Processing Agreement

By accepting the Subscription Terms for the use of INNOMATE HR, you also agree to a Data Processing Agreement, 01.07.2024, in accordance with the provisions of the EU's General Data Protection Regulation and the corresponding Danish legislation. The Data Processing Agreement follows the Data Protection Authority's Standard Contractual Clauses.

INNOMATE's compliance with the Data Processing Agreement is subject to independent auditor review. The result of the most recent audit, which took place on 22.12.2023, can be found here: IT audit declaration, signed, IT audit declaration, original.

INNOMATE is working towards ISO 27001 certification.

IT security with us as your Data Processor

The management of INNOMATE is ultimately responsible for IT security and for continually establishing the necessary policies, procedures, and tools to support it.

The INNOMATE GDPR-group is operationally responsible for the ongoing updating, control, and documentation for compliance with IT security.

For example, IT security includes the following elements:

Instructions

All access to personal data occurs according to instructions from the data controller (section 9.3). We practice this as follows:

  1. The instruction is general concerning the performance of tasks agreed with each customer regarding the delivery and operation of the HR-solution, including what is described in the underlying subscription agreement, and thus also includes regular system maintenance, which ensures consistency and operational reliability.
  2. Resolution of ordered tasks. As a general rule, ordering must be made and/or confirmed by the data controller via support@innomate.com.
  3. Support of data controllers generally only occurs after inquiry via support@innomate.com.

Access and Logging

  1. Access to customer databases is only possible with a personal login, which only authorized personnel possess.
  2. A log is kept of all access to and processing of personal data.

Security

  1. All access to and transfer of personal data between the customer and INNOMATE takes place in a way that prevents unauthorized access to personal data. I.e., via a secure and encrypted connection.
  2. Data is physically secured on INNOMATE's servers and never on mobile devices.
  3. Personal data is routinely backed up.
  4. Access to the customer's personal data is limited to employees in INNOMATE who are approved by the management of INNOMATE A/S and who have signed a confidentiality agreement.

Sub-processors

According to section 7 of the Data Processing Agreement, INNOMATE is entitled to use sub-processors but is obligated to inform the data controller about the identity of these sub-processors.

INNOMATE A/S uses and has entered into data processing agreements with the following sub-processors:

Name CVR-number Address Processing
Scannet 29412006 Højvangen 4, 8660 Skanderborg, Denmark Hosting of databases m.m.

 
Microsoft, Azure IE8256796U Microsoft Ireland Operations Ltd, One Microsoft Place, South
County Business Park
Leopardstown Dublin 18, D18 P521 Ireland
 		 Hosting of files (including attachments from Recruitment and employee file archives)
Jobnet 34616939 Værkmestergade, 5, 8000 Aarhus, Denmark
 		 Job postings
KMD/Charlie Tango ‎21029807 Rosenvængets Allé 11, 2100 København, Denmark
 		 E-boks
Lunaweb Ltd., Germany branch UVAT ID: DE316913979 Nördliche Münchner Str. 14A, 82031 Grünwald, Germany
 		 Conversion of documents to PDF format.
Twoday A/S 29973334 Gærtorvet 1, 1799 København V, Denmark
 		 Addo Sign - Digital Signature
Google LLC
(from 01/07/2024)		 EU372000041 Gordon House, Barrow Street Dublin 4 Ireland
 		 Google's reCAPTCHA service is used to distinguish between humans and bots.

Amazon Web Services EMEA SARL
(from 01/07/2024)
 

 LU26888617 38 Avenue John F. Kennedy, L-1855, Luxembourg

 		 Email sending
Datadog Inc.
(from 15.03.2025)
 		 EIN 27-2825503 620 8th Ave 45th Floor, New York, NY 10018, USA Monitoring of use and operation of the system.
Functional Software, Inc. (Sentry.io)
(from 15.03.2025)		 EIN 47-4554430 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA Monitoring of use and operation of the system.

According to INNOMATE's Data Processing Agreement, sub-processors are subject to the same data protection obligations and contractual conditions as INNOMATE, including that personal data is stored within the EU/EEA.

Security at the Customer as Data Controller

INNOMATE HR is designed to support the EU's General Data Protection Regulation. The solution meets the requirement for data protection by design and by default, which means that access to personal data is protected so that only those who need it are granted rights to access specific data.

Access to Personal Data

Access to personal data is controlled by so-called permission rules, which follow the relations between users. Access can be defined down to the field level. The permissions are set up according to the customer's instructions.

Transparency

It is a fundamental principle in the EU's General Data Protection Regulation that it must be clear, for example, to an employee, what data a company stores about the individual. INNOMATE HR is designed so employees can access all data about themselves.

Deletion of Data

As soon as personal data are no longer relevant to the company, such data must be deleted. INNOMATE HR ensures through automated workflows when data is deleted. For example,

  • all information on an applicant is deleted no later than half a year after the receipt of the application,
  • parts of an employee's data are deleted when the individual has left the company - and the rest after 5 years.

The rules for deletion are set up according to the data controller's instructions.

Contact Us

For questions, please feel free to contact us at privacy@innomate.com.

Important links

About Support
Security and agreements
INNOMATE Systemguide til version 2
Operating Status
Dataprotection - GDPR
This page is about:

About INNOMATE

With a strong combination of HR and software development skills, we provide HR solutions that help companies optimize and professionalize their HR processes in brand new ways.

INNOMATE is part of the company Done.ai

The latest articles on Support

Follow Innomate


INNOMATE Personal Data Policy

INNOMATE A/S
Hindegade 6
DK-1303 København K
Phone +45 7020 8343

info@innomate.com

2017 Innomate