Home     Data Protection and Privacy FAQ

Data Protection and Privacy FAQ

​WorkSmartly protect and safeguard your important information against compromise and loss.

WorkSmartly Group of Companies ('WorkSmartly') treats data confidentiality and the privacy its clients’ information and records very seriously and is committed to ensuring personal privacy is protected while meeting its obligations to relevant stakeholders such as Customers, approved statutory bodies and third parties. It complies with all relevant Data Privacy laws, regulations and/or policy when it collects, processes, uses and retains such personal information about any third party, which is necessary to use the Service provision.

WorkSmartly collects data regarding clients’ staff, programs and policies that comply with federal and state laws, regulations, and requirements. WorkSmartly’s Standard Operating Procedures provide a guideline for the data collected for processing and to be retained within the system, the frequency of collection, and the source of the mandate (state, or other requirement) that necessitates the data collection.
​WorkSmartly uses data to analyze, process and generate reports used by HR personnel and management for the effective and efficient human capital management. Such reports, evaluations, and studies are designed to ensure compliance with federal/state reporting requirements, and WorkSmartly’s teams to provide technical assistance and support, and ensure the effective and judicious use of the resources.
WorkSmartly uses one of the most secure connectivity options available, for its system cloud hosting service that is via the use of a VPN connection (IPSec and OpenVPN), Secure Sockets Layer (SSL) that sends information through cryptographic protocols that provide communications security between the server and WorkSmartly’s system. In order to ensure that the connection is more secure, penetration (for external system connections) and vulnerability tests are done by the Product team every six (6) months.

WorkSmartly is certified by ISO 27001:2013, a world class Information Security Certification as we acknowledge that protection of Client and WorkSmartly’s data and assets is vital to the success of our business. To this end, we have established an Information Security Management System that operates in all the processes required to identify the information we need to protect and how we must protect it.
​ 1. Data Ownership and Privacy:
  • IBM complies with the data privacy laws and IBM does not keep or store any of WorkSmartly’s data. More to this IBM does not require WorkSmartly to relinquish any of its rights to its data nor the insights derived from the data in order to benefit from IBM’s solutions and services.
2. Data Flows and Access:
  • IBM supports digital trade agreements that enable and facilitate the cross-border flow of data and that limit data localization requirements. In addition to this, IBM does not provide or give access to client’s data to any government agency. However, if a government agency requests for any of WorkSmartly’s data, IBM will take appropriate steps to challenge the request through judicial action or other means, unless, the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs) to be consented with WorkSmartly and other relevant parties to this data i.e. its clients.
  • IBM also maintains and follows Information Technology security policies and practices that are integral to IBM’s business and mandatory for all employees of IBM employees, including supplemental personnel. These policies are reviewed at least annually and amended as IBM deems reasonable to maintain protection of Cloud Services.
  • IBM will not disclose Client Personal Data to any third Party unless authorized by the Client or required by law. All IBM personnel authorized are required to commit themselves to confidentiality and not to use Client Personal Data for any other purposes except on instructions from Client or unless required by applicable law.
3. Data Security and Trust:
  • ​IBM opposes any effort to weaken or limit the effectiveness of commercial encryption technologies that are essential to modern business. IBM does not put ‘backdoors’ in its products for any government agency, nor does it provide source code or encryption keys to any government agency for the purpose of accessing client data. IBM support and complies with the use of internationally accepted encryption standards and algorithms, rather than those mandated by individual governments.
  • IBM implements and maintains technical and organizational measures applicable to ensure a level of security appropriate to the risk for IBM’s scope of responsibility. The measures implemented and maintained by IBM in the provision of the Cloud Service is in accordance to the requirements in the ISO 27001 standard and/or Statement on Standards for Attestation Engagements (SSAE) SOC 2.
4. IBM Data Processing:
  • ​Client is the sole controller of Client Personal Data and Client only authorizes IBM to process, maintain or use Clients’ Personal Data in ways only relevant for cloud hosting. IBM only processes Client Personal Data according to the Clients written instructions. The scope of Client’s instructions for the Processing of Personal Data is defined by the Cloud Hosting Agreement. IBM does not have access to the insights and details of Client’s Personal Data apart from those authorized and permitted by the Client.
​ WorkSmartly implements technical and security-related protections to ensure that confidential data are only accessible to authorized persons. For example:
  1. All the staff in WorkSmartly are bound by a Non-Disclosure Agreement (NDA) to ensure that no company information is leaked to outsiders and unauthorized persons.
  2. All clients provide consent for the use of data through agreeing to terms of the Service Agreement and acknowledgement of Privacy Policy which sets out the terms on which WorkSmartly processes any personal data collected from the client, or that the client has provided, which is necessary to manage and administer the Services provided.
  3. All confidential data are stored on secure servers behind stringent multi-level firewall protections and monitored by sophisticated intrusion detection software.
  4. Data are only accessible to persons with the requisite system service authorization approvals and access is limited to only those concerned with the processing of the data. This authorization is given to teams servicing a particular client, for instance, certain members from the Product team and Client Servicing team will be assigned to a particular client. Only they shall have access to this client account.
  5. WorkSmartly does not permit the use of the system outside working hours and office premises unless for the purposes related to the business.
  6. WorkSmartly has systems, policies and procedures set to ensure data protection, these policies and procedures are certified under ISO 27001:2013 as valid and verified Information Security Management Systems.
No. WorkSmartly does not provide any client information data to the government.
No. WorkSmartly uses, processes and retains the confidential data for the contractual period of service provision only. Upon completion of the contractual period, all data that is collected from the client or generated as a result of using the system will be returned to the client. Any other information relating to the client will be erased or destroyed accordingly.