Data privacy policy
Data Privacy Policy
Flexopus processes personal data on behalf of companies, based on the data processing agreement (DPA) signed between Flexopus and your organization.
Your organization acts as the data controller, while Flexopus operates as the data processor. As the data controller, your organization is responsible for ensuring a valid privacy policy is in place for users to understand how their data is processed. Flexopus processes data on behalf of your company, so it's up to your organization to provide the imprint and data policy texts, which users must acknowledge when using the application.
Here’s how to configure the data privacy policy in Flexopus:
- Navigate as an administrator to Dashboard > Settings > Data Privacy Settings.
- Upload or enter your organization's privacy policy and imprint.
- Ensure the documents are accurate and up-to-date, as they outline the framework for data processing.
These policies are presented to users when they interact with your Flexopus tenant.
Standard data privacy policy
Flexopus offers a standard imprint and standard data privacy policy, which can be easily configured by administrators. To set these up:
- Navigate to Dashboard > Settings > Data Privacy Settings > Privacy Policy.
- Customize and configure the privacy policy and imprint for your organization.
This ensures users can view the relevant data processing framework when using the application.
In Flexopus, you can configure the details of your data protection officer by navigating to:
- Dashboard > Settings > Data Privacy Settings > Privacy Policy.
Here, you can enter the following information:
- Company name
- Data protection officer's name (required)
- Address
- Phone number
While not all fields are mandatory, make sure to at least fill in the name of the data protection officer to ensure compliance with data protection requirements.
Flexopus keeps your data within the EU, you can see the sub-processors in the data processing agreement (DPA) in the attachment. Some integrations such as the Google Calendar or the Microsoft Exchange Online integration may also process data in the US. When configuring your data privacy policy, if you use integrations like Microsoft or Google for meeting room reservations, you may need to include a note that states:
The reservation of meeting rooms is shared with Microsoft/Google, and therefore, the data is processed globally, including in the US.
If this doesn't apply, you can simply use:
The data is not transmitted to a third country.
Next, you'll need to define the purpose of processing personal data. You can use the following descriptions:
- Workplace management application
- Coworking space management
- Visitor management
These clarify the reason for using the application to process personal data.
By configuring these few simple steps, your standard data privacy policy is configured and ready to go.
Custom data privacy policy
If you're not satisfied with the provided data privacy policy, you can upload your own document. To do this:
- Navigate to Dashboard > Settings > Data Privacy Settings > Privacy Policy.
- Select the option Use own privacy policy.
- Upload your PDF document.
When this option is enabled, Flexopus will display your custom document when users click on the data privacy policy links in your tenant.
Data consent confirmation
You can also activate the Confirm privacy policy option. When enabled, users must actively agree to the privacy policy upon their first login. The consent is then documented and stored with the date of agreement for compliance purposes.