Processing of personal data
GAIS is an employee engagement platform that, based on individuals’ responses, provides reports to individuals, teams, and companies about their job satisfaction. Therefore, we will also need to process personal data.
GAIS will process your personal data as a data controller when you use the platform as an individual, interact with our marketing, or access our website. We process your personal data as a data processor for your company or organization when you participate in a team or company assessment.
We only collect and store personal data when it is relevant and necessary. We place high demands on both the security of our IT systems and our employees’ handling of personal data to ensure that data is always protected to the best extent possible.
In the following, you can read more about the various areas of our privacy policy. You can learn, among other things, when we collect information about you, what information we collect, how we use the information, how long we keep your information, and your rights to your data.
If there is anything specific you should be aware of when using specific services, we will inform you about it.
We are the data controller – how can you contact us?
In most cases we will process data about you for your employer – in such cases we will be the data processor, and therefore, you will need to exercise your rights in relation to your company and not in relation to us.
If your objections or questions regarding data processing relate to GAIS in general, our website, or an individual GAIS-survey, the data controller for the data processing is:
GAIS A/S
Klokhøjen 4
8200 Aarhus N
Cvr. no.: 10062519
If you have any other questions regarding the way we processes your personal data, please do not hesitate to contact our Head of Operations Henrik Steuer Carlsen via:
Mail: henrik@gais.dk
Telephone: +45 4140 6371
As GAIS is a part of the Krifa-Group you can also contact Krifa’s data protection officer (DPO) Hans Ullemose Pedersen in the following ways:
Mail: dpo@krifa.dk
Telephone: +45 2544 4009
By letter: Krifa, attn.: HUP, Klokhøjen 4, DK-8200 Aarhus N.
Why do we process your personal data?
We only process your personal information if we have a valid reason to do so. The valid reason underlying the processing depends on the situation but always arises from your or your organization’s interaction with gais.dk, the GAIS platform, our advertising, or other interactions with GAIS.
Fundamentally, there are four overarching scenarios:
- When you create a user on the GAIS platform in order to be able to save your surveys and secure access to them;
- When you accept cookies on gais.dk or give us your data in response to our advertisements, in order for us to provide you with personalised and tailored communication and marketing;
- When your employer creates a GAIS survey that includes you, to give you an insight into job satisfaction at the workplace;
- When you ask us to do it in order for us to be able to contact you.
Our processing of your personal data requires a legal basis (legal authority), which corresponds to the basis described above.
The following constitutes our legal authority for processing the specific data:
- Most often our authority will be based on the agreement concluded (with you or your company) when you use the platform (Article 6 (1) (b) of the GDPR).
- We will obtain your consent if the processing goes beyond the required functionality of the platform, for example if you use gais.dk to ask us to send you newsletters, use non-required cookies or contact you (Article 6 (1) (a) and Article 9, (2) (a) of the GDPR).
- We may be under an obligation to store some data as a result of current legislation (e.g. accounting information) (Article 6 (1) (c) of the GDPR).
- In certain instances, processing may be based on a concrete assessment of interests, e.g. our use of necessary functional cookies. (Article 6 (1) (f) of the GDPR).
Which personal data do we process?
We only process personal data which is relevant for the purpose and legal authority for processing. As a consequence, data processing will depend on the way in which you interact with us.
On gais.dk, it will typically be the IP address, but if you request us to contact you or subscribe to our newsletter, you will be asked to provide an email address and/or a telephone number.
On the GAIS-platform, we will always process your name and (work) email address. Depending on the survey you are a part of, we may process information such as:
- Name
- Age group (e.g., 30-39 years)
- Gender (Other, Female, and Male)
- Information about your affiliation with your employer
- IP address
- Information you voluntarily provide to us in comments
Basically, we do not process personal data unless you give us such information on your own initiative via the comments field on the platform.
As the platform measures job enthusiasm for you specifically and, among other things, includes your experience of balance in your working life and your relationship with your manager, we consider your answers to contain confidential personal data. Therefore, you, as the only one, have access to your personally identifiable responses on the platform, and they are not shared with others unless you initiate it yourself.
One exception is our temporary access to the responses in connection with support cases – this access is limited to specific employees at GAIS, its usage is logged, you will be informed about it, and the capability is only utilized when specific support cases necessitate it.
How do we collect your personal data?
We mainly receive the personal data we process from you or your employer – depending on the way in which you interact with us.
We receive data from you when you interact with the GAIS platform, our website or our advertisements.
We receive data from your employer when they create a GAIS survey of the company – your employer is responsible for such data, but we process it for your employer.
With whom do we share your personal data?
In general, we will never pass on your data if we are not entitled to do so based on a legal obligation, your consent or if passing on is legitimate as a consequence of balancing of interests.
In practice, the data will only be passed on to suppliers who perform data processing for us according to our instructions (data processors). As a consequence, your data will not be shared with anyone who can use your data unless you ask us to do so. Therefore, your data will not be shared with the rest of the Krifa Group unless you ask us to do so.
If we receive your information in connection with a GAIS-survey, your information will only be accessible to data processors where necessary to make results available to you and possibly your employer. This may include hosting the platform, data exchange between the database and interface, and similar tasks.
If we receive your information in connection with marketing activities, the information may be shared with our marketing providers to provide you with more relevant marketing or to prevent you from receiving marketing from us.
Are any recipients of your personal data based in third countries, incl. international organisations?
All our data processing takes place in Europe, including the processing of the most confidential information. Our data processor on the platform is located in Denmark but uses several sub-processors.
However, some of our data processors are owned by American corporations, which are therefore based in a third country. We have implemented several additional measures and restrictions to ensure that:
- As little data as possible is processed by these sub-processors,
- Data does not leave the European servers where it is located,
- Employees outside the EU do not have access to the data,
- Data is inaccessible to requests from U.S. authorities.
If data exchange does occur, it will be based on the EU’s standard contractual clauses (SCC) from June 2021 or better, which are implemented in all data processing agreements with sub-processors. Additionally, we conduct ongoing risk assessments of our (sub)processors to ensure that data exchange with processors in the USA only occurs where the risk is acceptable.
For how long will we keep your personal data?
We will keep your personal data for as long as it is necessary in order to safeguard your rights, our contractual obligations towards you or your employer and our obligations under current legislation.
Data, which can identify the data subject, will be deleted from the GAIS platform upon request from the company or the data subject himself/herself. Replies on the platform will subsequently be kept in a completely anonymous form, ensuring that the anonymised data can form part of the future underlying data.
Your right to withdraw or limit your consent
Right to see your data (access)
You have a right to gain access to the data we process about you. If you wish to make use of this right, you may contact us on info@gais.dk
If we process data for your employer, however, you will need to contact you employer instead to gain access.
Right to have data corrected (rectification)
Right to erasure
You have a right to have your personal data erased or made anonymous if it is no longer necessary for us to keep or process your data. In some cases, however, we cannot erase or make your personal data anonymous – for example if we are under an obligation to keep it due to legislation.
If we process data for your employer, however, you will need to ask them to erase the data.
GAIS is also under an obligation, independently and proactively, to erase data about you which we no longer have a reason to process.
Right to restriction of processing
In certain instances, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we will only be entitled to store the data in future. If we are to process it in another way, this will either require your consent or that legal requirements can be established/exercised/defended, or in order to protect a person or important public interests.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
Right to object (objection)
In certain cases you have the right to object against our otherwise legal processing of your personal data. You may also object against the processing of your data for direct marketing.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
Right to pass on data (data portability)
In certain cases you have the right to receive your personal data in a structured, commonly used and machine-readable format and possibly have the right to have this data transmitted from one data controller to another without hindrance.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
You can read more about your rights in the Danish Data Protection Agency’s guidelines about the rights of data subjects. This information can be found here www.datatilsynet.dk
To whom can you complain?
Use of data
The GAIS Platform has been designed to focus on securing data that can be attributed to persons as well as possible. GAIS may use respondents’ anonymised data for all purposes as GAIS sees fit while GAIS will always comply with the General Data Protection Regulation and the protection of the respondents as defined here. Examples of use include, but are not limited to:
- Academic research
- Analysis of anonymised data
- Publication of articles and reports based on data
- Benchmarks
This use of anonymised data cannot identify persons, but is based on the user’s anonymised test results.
Contact
Cookies
This Cookie Policy was last updated on 6. September 2023 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.
1. Introduction
Our website, https://gais.io (hereinafter: "the website") uses cookies and other related technologies (for convenience all technologies are referred to as "cookies"). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website.
2. What are cookies?
A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
3. What are scripts?
A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.
4. What is a web beacon?
A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.
5. Cookies
5.1 Technical or functional cookies
Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.
5.2 Statistics cookies
We use statistics cookies to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. We ask your permission to place statistics cookies.
5.3 Marketing/Tracking cookies
Marketing/Tracking cookies are cookies or any other form of local storage, used to create user profiles to display advertising or to track the user on this website or across several websites for similar marketing purposes.
5.4 Social media
On our website, we have included content from LinkedIn to promote web pages (e.g. “like”, “pin”) or share (e.g. “tweet”) on social networks like LinkedIn. This content is embedded with code derived from LinkedIn and places cookies. This content might store and process certain information for personalized advertising.
Please read the privacy statement of these social networks (which can change regularly) to read what they do with your (personal) data which they process using these cookies. The data that is retrieved is anonymized as much as possible. LinkedIn is located in the United States.
6. Placed cookies
7. Consent
When you visit our website for the first time, we will show you a pop-up with an explanation about cookies. As soon as you click on "Save preferences", you consent to us using the categories of cookies and plug-ins you selected in the pop-up, as described in this Cookie Policy. You can disable the use of cookies via your browser, but please note that our website may no longer work properly.
7.1 Manage your consent settings
8. Enabling/disabling and deleting cookies
You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.
Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our website again.
9. Your rights with respect to personal data
You have the following rights with respect to your personal data:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
To exercise these rights, please contact us. Please refer to the contact details at the bottom of this Cookie Policy. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the Data Protection Authority).
10. Contact details
For questions and/or comments about our Cookie Policy and this statement, please contact us by using the following contact details:
GAIS A/S
Klokhøjen 4
8200 Aarhus N
Denmark
Website: https://gais.io
Email: kd.siag@ofni
Phone number: +45 41406371
This Cookie Policy was synchronized with cookiedatabase.org on 2. March 2023.