Privacy Policy

April 23rd 2020 (version: v5)

At Stepifi, we care about your privacy. Stepifi AS is the company behind the service STEPIFI which can be found on mobile devices, Tablets, and www.stepifi.com. Let’s call it the Service from now on. This privacy policy will explain to you our policies regarding the data we collect, use, and the disclosure. Also, the choices you have associated with that data. To avoid any misunderstandings - “Personal data” means any information relating to you as a person – such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1.      What information we collect

Personal Data

In order to use our service, there are certain types of personal data we need in order to provide you with the service. Currently, we are storing :

  • Email address

  • First name and last name

  • Mobile phone number

  • Profile Picture

  • Skill Set or qualifications

  • Information about valid certificate of good conduct

  • In addition, organizations can ask for specific personal data, what data they ask is up to each organization. The collection of this data can be combined with the usage of Stepifi's RecTool. You will always have control and access to your data in your account inside of Stepifi (web or app).

Usage Data

The entire purpose of Stepifi is to ensure smart and quick booking of supply staff when needed. With that in mind, we also collect information about which requests from employers you accept or decline. This is essential for the employer to maintain a history of when employees have worked, when and where. This allows for proper reimbursement to you as an employee.

When you access the Service by or through a mobile device, we track what type of Mobile Phone/Mobile OS and web browser you are using. We collect this information to improve our service from a compatibility perspective. e.g. if the majority of our users use iOS, we will prioritize this in the development cycle.

 

Application Access to your phone or tablet

When using the Mobile Application for the first time, you are asked to give the application access to the pictures and the calendars on the phone. The reason for this is to be able to send any appointments to your on-phone calendar and to upload a profile picture to the Stepifi service. We do not use the access for anything else. This access can always be revoked in “settings” on your phone. 

2.      How we use your information

Stepifi uses the collected data for the following purposes:

 

Purpose

Type of data:

Send 6-digit confirmation code to ensure security when you are creating a Stepifi account

Mobile Phone Number, Email

Send requests from the employer

Name, Profile picture

Allow you to log into the application

Phone number

To notify you about changes and updates in the application

Email, name

To provide you customer support

 

Email, Phone number

To create analytical insight dashboards for the employer.

 

Behavior data, aka. your work history.

To monitor the usage of our Service 

Work history.

To detect, prevent and address technical issues you might have with your application.

 

Email, phone number, name,

To generate a list of your assignments that allow you to get reimbursed for your work

 

Name

To be able to receive a notification from the employer about potential work assignments

Email, phone number, name,

To allow chat between you and the request-sender

Name, profile picture

To give the employer the ability to find employees based on qualifications or skills

Skills/qualification

Allow for the employer to be compliant with the law requiring employees to have a valid certificate of good conduct. We do not store the certificate in itself, but only record whether or not you have shown the certificate to your employer.

The validity of your certificate of good conduct

Each organization can create their custom recruitment process, with the RecTool, where they can ask for data important for their process. When doing this the organization is required to set up their own Terms & Conditions inside Stepifi disclaiming all the data they will use and how they will use it.

Specific to each process. But in general, it would be data normally found in a CV. Name, work experience etc.

 

3.1 We Never Sell Personal Information

We will never sell your Personal Information to any third party. 

3.2 We share your worklist with your employer

For the employer to correctly reimburse you for your work, they will have access to your work history. Your profile will also be available for different organizational units within your employer. Please ask your employer if you want more insight into which units have access to your data.

3.2 Retention of Data

Stepifi AS will retain your Personal Data only for as long as is necessary for the purposes mentioned above. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Stepifi AS will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service. This data will be pseudonymized if this happens after the contract has ended or you have asked us to delete your data.

3.3 Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Our Service runs on a cloud infrastructure located inside the EU/EEA. However, some of our sub-processors do process their data in the United States. See the list below.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

3.4 Disclosure Of Data

Legal Requirements

Stepifi AS may disclose your Personal Data when necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of Stepifi AS

  • To prevent or investigate possible wrongdoing in connection with the Service

  • To protect the personal safety of user s of the Service or the public

  • To protect against legal liability

4.      Security of Data

The security of your data is important to us. We work hard to ensure that your data is secure and that no unauthorized people get access. If you discover anything that might be perceived as a risk, please let us know immediately.

Stepifi uses HTTPS encryption available on every one of its login interfaces and on every site hosted by Stepifi. Stepifi’s HTTPS implementation uses industry-standard algorithms and certificates.

When creating a user, we also use two-factor authentication to authenticate you. This means that no other users can create profiles with your phone number. It is also impossible for anyone to create a profile without being invited by an employer or the Stepifi employee.

All user login information is stored at AWS Cognito user Authentication Service. This is an industry-leading provider of cloud services and follows industry standard practices for security. 

5.      Your Rights

Stepifi AS aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

If you wish to be informed of what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Data we hold about you

  • To rectify any Personal Data held about you that is inaccurate

  • To request the deletion of Personal Data held about you

You also have the right to data portability for the information you provide to Stepifi AS. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.

To claim any of the rights above, please contact your Employer. If you have done so without any luck, do not hesitate to contact us at privacy@stepifi.com. Please note that we may ask you to verify your identity before responding to such requests. 

6.      Sub-processors

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Stepifi AS has a data processing agreement with all sub-processors in addition to a non-disclosure agreement.

We use third-party Service Providers to run, monitor and analyze the use of our Service:

  • Amazon Web Services, Inc.

Processing takes place in the EU / EEA.             

  • Google, Inc.

Processing takes place in the EU / EEA 

  • Microsoft Corporation

Processing takes place in the EU / EEA.

  • Intercom Inc.

Processing takes place in the US. The legal basis for this transfer is privacy shield, under which the sub-processor is certified.

  • Aktsiaselts Helmes

Processing takes place in the EU / EEA.

 

You can always find the updated version of our sub-processors at http://legal.stepifi.com 

7.      Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

8.      Cookies

We use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for the Subscription Service, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the customized features.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Service or websites you visit. Stepifi keeps track of the websites and pages you visit within Stepifi, in order to determine what portion of the Stepifi Website or Subscription Service is the most popular or most used. This data is used to deliver customized content and promotions within the Stepifi Website and Subscription Service to customers whose behaviour indicates that they are interested in a particular subject area.

Cookie policy of our sub-processors:

https://www.intercom.com/terms-and-policies#cookie-policy

https://policies.google.com/technologies/cookies

9.      Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. 

10. Local data protection agency

Stepifi AS is based in Norway. If you have any questions regarding GDPR or any complaints regarding Stepifi AS, you are encouraged to use the Norwegian Data Protection Authority as a point of contact.

E-post: postkasse@datatilsynet.no

Telefon: +47 22 39 69 00

Postadresse: Postboks 8177 Dep., 0034 Oslo

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: privacy@stepifi.com

  • By visiting this page on our website: http://www.stepifi.com

  • By visiting us at Grensen 17, 0159 Oslo