PRIVACY POLICY
Overview
This Privacy Policy (Policy) describes how We at Livvwork collect, protect, and use the Personal Data you (User, Customer, You or Your) may provide on the livv.work Website and within any of Our products or services (collectively, Website or Services).
Livvwork is made up of a number of legal entities which We use as infrastructure to provide Our Services. However, for data protection purposes the entities in control of all Personal Data processed in connection with Our Website and Services are:
Livvwork, a company registered in the Netherlands under number 81112882, VAT Number NL NL861936735B01 at Van der Takstraat 7, 3071LL, Rotterdam, The Netherlands
collectively referred to as We, Us, or Our.
This Privacy Policy applies to the following Data Subjects: Users of the Website, including Customers, Partners, Contractors, and Employees, and also all visitors of li with whom We do not have a contractual relationship. Depending on Data Subject category and country of residence this Policy may from time to time be supplemented by additional policies issued by us and other parties which will be notified to you separately.
We commit Ourselves to the highest standard for data protection and privacy. Due to Our global footprint, We are subject to several data protection regulations and as a guiding principle, We apply the strictest regulation to protect Your data and privacy globally. This results in a broad set of rights and choices made available to you.
The terms "Personal Data", "Data Processing", "Data Subject", "Data Controller and "Data Processor" have the same meaning as under Regulation (EU) 2016/679 - the General Data Protection Regulation (GDPR).
When and how We collect data
We may collect Your Personal Data through Our communication and Your usage of Our products and services. Personal Data can be directly provided by You or indirectly collected by Us (i.e. from Your interactions, use, and experiences with Our products).
When and how We collect data
| DATA YOU GIVE | DATA WE COLLECT | WHEN |
|---|---|---|
| X | You browse pages of Our Website | |
| X | You receive an email from us | |
| X | You request information from us | |
| X | X | You engage in a meeting with Our team |
| X | X | You create an account in Our platform |
| X | You allow Our partners to share Your data | |
| X | Employer allows Our partners to share Employers data |
Types of data We collect
| CATEGORY | DESCRIPTION | DATA TYPE |
|---|---|---|
| Contact | Information that facilitates communication | Email and physical address, telephone number |
| Location | Information about an individual's location | Country, IP address |
| Identifying | Information that can identify a specific individual | Depending on the Data Subject - Name, profile picture |
| Professional | Information about educational or professional career | Role |
| Communication | Information communicated to or from an individual | Email conversations and the personal data that you might freely share with us in the communications. |
| Planning | Calendar information from calendars you or your organisation shared with us | Calendar event data (title, description, attendees, etc) |
| Hybrid work preferences | Information that displays your preferences on hybrid working | Work day schedule and preferences related to work location. |
How We use Your data
| WHAT WE DO | LAWFUL BASIS FOR PROCESSING | DATA SUBJECTS | PERSONAL DATA |
|---|---|---|---|
| Generate location week planning | Performance of a contract | Employees | Planning, Hybrid work preferences, professional, |
| Act as a digital personal assistant | Performance of a contract | Employees | Planning, Hybrid work preferences, professional, Location |
| Notify about events within our system | Performance of a contract | Employees | Contact |
| Identify you and help you solve issues related to the usage of Our services | Performance of a contract | Employees | Contact, Planning, Hybrid work preferences, professional, Location |
| Notify you of any changes to Our services | Performance of a contract | Employees | Contact, Communication |
| Contact you to improve Our services and customer experience | Legitimate interest (service improvement) | Employees | Contact, Communication |
| Aggregating pseudonymised personal data for the purpose of insights in office occupancy | Performance of a contract | Employees | Planning, Hybrid work preferences, professional, |
| Disclosing Personal Data to third parties | See 'Personal Data Disclosures' below | See 'Personal Data Disclosures' below | See 'Personal Data Disclosures' below |
What is "lawful basis"?
Under the GDPR, We need to have a lawful basis to legally process Your Personal Data. For the described Data Processing, We rely on the following legal grounds:
-
Consent: (Art. 6(1)(a) GDPR) when We rely on this basis We only process Personal Data about you for the specific purposes you expressly authorise. You can withdraw Your consent whenever you wish.
Performance of a contract: (Art. 6(1)(b) GDPR) when We rely on this basis the Data Processing is necessary for the performance of a contract with you or to take steps at Your request before entering into such a contract.
Compliance with a legal obligation: (Art. 6(1)(c) GDPR) when We rely on this basis We are obliged to process the relevant Personal Data to comply with Our legal obligations.
Legitimate interests: (Art. 6(1)(f) GDPR) when We rely on this basis We process Personal Data as necessary in pursuit of Our own, Our business partners', or Your legitimate interests. When We do this We must ensure that the interests We pursue do not override Your fundamental rights and freedoms.
Substantial public interest: (Art. 9(2)(g) GDPR) when We rely on this basis We do it to prevent harm, fraud, money laundering, terrorist financing, child labor and to enable trust safety and compliance.
Privacy choices
Although restricting access to certain data might affect Your experience, you can always make changes, such as:
-
Disable cookies: You can block cookies in Your Web browser (check Your browser's Help page).
Don't provide Personal Data: You can still navigate the Website and access all Our features that don't require Your personal information.
You can withdraw Your consent for marketing communications: We will contact you directly if We receive Your explicit consent to send marketing communication, but if you don't wish to hear from us again, please click the unsubscribe button on the communication or use this form to let us know.
Data Subjects rights
You may exercise any rights related to the Personal Data We collect via the "Help" button if you are a registered user or privacy@livv.work if you are not a registered user. We will then verify Your identity and respond to Your inquiry without undue delay within 15 days of receipt of the request.
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension, together with the reasons for the delay.
We note that where requests are manifestly unfounded or excessive, in particular because of their repetitive character, We may refuse to act on the request. In such cases We shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Find below a summary list of Your rights and how you can exercise them:
| RIGHT TO | DESCRIPTION | ADDITIONAL INFORMATION |
|---|---|---|
| Access | You can access the personal data We hold about you directly on Your user profile. If you need additional | |
| information regarding: - the data categories We process - the purposes of the data processing - retention |
||
| period - to whom We disclose personal information - any other information about Your data message us at |
||
| privacy@livv.work. | Please let us know what kind of data you would like to access. | |
| Rectification | You can update most of the personal data by sending a message to the slack/teams assistant Livv. | |
| Message privacy@livv.work if you want to modify data that Livv can't modify. | Please let us know: the fields to |
|
| update the old data values to be replaced the new data values evidence of the new data values as |
||
| applicable | ||
| Data Portability | You have the right to receive, upon request, Your Personal Data that you have provided to us for | |
| purposes of Data Processing in a portable and machine-readable format. We can export and send a Json file containing all | ||
| personal data We have collected. | If you would like us to send Your information, please reach out to us through this | |
| form. | ||
| Object processing | In the event that the processing of Your personal data by us is alleged to be carried out in the | |
| public interest or for the purpose of the legitimate interest pursued by us, you have the right to object to it by | ||
| asserting specific reasons relating to Your particular situation. If you object, We will not further process Your |
||
| Personal Data unless We can demonstrate that Our continued processing of Your Personal Data is premised on compelling | ||
| legitimate grounds which override Your interests, rights and freedoms affected by Our continued processing of Your | ||
| Personal Data, or because Your Personal Data serves to assert, exercise or defend legal claims. Any such objection does | ||
| not affect the lawfulness of the processing activities carried out prior to Your objection being communicated to | ||
| us. To exercise Your right, send a message to privacy@livv.work. |
If the data has no other purpose | |
| except within the process to which you rightfully object, We will delete that data. | ||
| Restrict processing | You can restrict Your data from being processed if: -We processed or will process |
|
| inaccurate personal data - you believe that We processed Your personal data unlawfully -We don't need to |
||
| process Your personal data, but We need to keep it to allow you to establish, exercise, or defend a legal claim -you |
||
| exercised Your right to object processing, but We are still validating Your request | Let us know why you want us to | |
| restrict Your data processing. | ||
| Erasure (right to be forgotten) | Under the following circumstances you may request that We erase (delete) Your | |
| Personal Data without undue delay: -in case Your Personal Data is no longer needed for the purposes for which it was |
||
| collected; -if you have withdrawn Your consent and there is no other legal basis for the processing of Your Personal |
||
| Data; -if you have filed an objection to Our processing of certain of Your Personal Data and there are no overriding |
||
| legitimate reasons for continued processing such personal data; -if Your Personal Data is being processed |
||
| unlawfully; -if Your Personal Data must be deleted in order to fulfil a legal obligation. Please note that |
||
| the Right to Erasure does not apply when the processing of Your personal data is necessary for the compliance with a | ||
| legal obligation We are subject to, or for the establishment, exercise or defense of legal claims. | Use this form and | |
| state the reason for Your deletion request. We will reply to you to confirm We have deleted Your account or to let you | ||
| know why We are unable to fulfill the request. | ||
| Lodge a complaint | If you believe that We are not processing Your data in a lawful way under the GDPR or if you are | |
| not satisfied with any response We provide, you may lodge a complaint with a relevant data protection authority. | ||
| Please let us know Your complaint and We will look into it. You always have the right to complain at Your local Data | ||
| Protection Authority, if you are not satisfied with Our handling of Your complaint. |
How We keep Your data secure
Compliance
We comply with the EU's General Data Protection Regulation. Data protection is ensured by encryption and security measures throughout the lifecycle of Your data.
Infrastructure security
-
Data encryption in transit
Data encryption at rest
Architecture network isolation through private networks
Fully auditable access and changes
AWS is Our trusted cloud provider and is compliant with the following industry standards:
-
SOC I/II/III
-
ISO 27001/27017/27018
-
PCI-DSS
-
-
All systems are protected by a firewall with security threat detection and prevention mechanisms.
Internal best practices
-
We follow the least privilege principle to limit systems' access to essential personnel only.
We practice continuous credentials auditing and management.
We conduct internal security and privacy training.
Reliability
-
Infrastructure-as-code allows for quick rebuilding and portability.
Our average response times are under 150ms.
We practice continuous monitoring of applications and infrastructure.
We create daily data backups.
Data Privacy
-
Users have control of their data.
We do not keep any data other than data strictly necessary for business operations.
Personal Data Disclosures
In order to provide, maintain, improve, secure, and promote Our Services, We need to disclose Personal Data to third parties. All Personal Data in scope of this Policy is hosted on Amazon Web Services. This section provides further details about the specific disclosures We make to other third parties.
Suppliers (processors)
Certain Personal Data may be disclosed to Our suppliers who help us run Our business. Our suppliers may process Personal Data on Our behalf solely in accordance with Our instructions and pursuant to a written agreement. For example, We use suppliers for Webhosting, secure cloud storage, video conferencing, analytics, email delivery, customer relationship management, Web fonts, and other services. We also use suppliers such as social media companies and search engines to promote Our Services.
These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are either necessary for the purpose of performing Our contract with you or necessary for the purposes of Our legitimate interests (that are to provide, maintain, improve, secure, and promote Our Services). When none of these bases apply, We will seek Your permission (consent) to share Personal Data with a specific supplier.
Our suppliers may change over time, but registered Website Users will regularly receive a list of key suppliers.
Suppliers (controllers)
Certain Personal Data may be disclosed to other suppliers who also help us run Our business but act as controllers. These suppliers process Personal Data in accordance with their own privacy policies, hoWever, in any case, Our contracts with such suppliers require them to comply with applicable data protection laws when processing any Personal Data they receive from us. These suppliers include financial institutions, lawyers or notaries, licensed auditors assisting or supervising us in connection with Our compliance obligations, HR providers, identity verification service providers, and others.
These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are either necessary for the purpose of performing Our contract with you; or necessary for the purposes of Our legitimate interests (that are to provide, maintain, improve, secure and promote Our Services); these advisors may be different, depending on Our business needs.
Local authorities (controllers)
Various authorities such as regulators, tax authorities, law enforcement agencies, cOurts of law and others may require us to produce information that may include Personal Data about you. What Personal Data is included depends on each request.
These disclosures apply to all categories of Data Subjects in scope of this Policy. These disclosures are necessary for the purpose of us complying with Our legal obligations.
These authorities vary depending on the jurisdictions where We and Our Customers operate and where Employees and Contractors reside.
Technology Partners
Our platform integrates with other SaaS products such as OpenAI, email systems, Google, Microsoft 365 and human resource information systems (HRIS) through Our application programming interface (API). We partner with such SaaS providers to make it easier for their clients to access Our services and for Our clients to access their services.
When partner systems integrate with Our platform, they can pull personal data We store upon a customer's request. This means that when Customers integrate Our Platform with other SaaS systems they use, Our Platform will send Employee data to the requesting Customer via the partner SaaS system.
These disclosures apply to Employees only and are necessary for the purposes of Our Customers' legitimate interests (that is to make it easier for them to access Our services via a third-party system).
The Personal Data involved depends on the data the Customer requests and on the configuration of the partner SaaS system.
Corporate restructuring
If We sell or buy any assets or business, We may disclose Personal Data about you to the prospective seller or buyer of such business or assets. Conversely, if We are acquired by another business, Personal Data about Our customers will be transferred to the buyer.
These disclosures apply to all categories of Data Subjects and types of Personal Data in the scope of this. These disclosures are necessary for the purposes of Our legitimate interests (that are to properly run Our business and Our business' continued ability to provide Our Services.)
These recipients depend on whom We engage within the context of any type of corporate restructuring.
Further information
We would be happy to address any specific queries you may have about the Personal Data We disclose to third parties. We have tried Our best to outline all relevant disclosures in this section, hoWever, disclosures depend on many factors. If you need more specific information, please contact us using the contact details provided in this Policy.
International data transfers
We operate at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected.
When We transfer Your Personal Data to a third country, We will ensure that this transfer complies with applicable laws. We share Personal Data with countries located outside the EU and the EEA, on the basis of EU Standard Contractual Clauses. For transfers out of other jurisdictions operating transfer restriction regimes, We take additional steps to ensure compliance with local law.
Data retention
In accordance with applicable data protection laws, We do not store Your Personal Data for longer than needed for the purposes of the respective processing activity. The relevant retention periods depend on the national legislation of the country you are based in.
If the Personal Data is no longer required for the performance or enforcement of contractual or legal obligations, We will delete it regularly, unless its further temporary storage is still necessary to:
-
fulfill Our obligations pursuant to the agreement between Us and the Client;
establish, exercise, and defend a legal claim;
fulfill statutory obligations to which We are subject, such as continued storage pursuant to accounting legislation.
For more detailed information about the retention periods of the Personal Data that We process, you can request a copy of Our Retention Policy via privacy@livv.work.
Cookies
The Website and Our apps use "cookies" and similar technologies, such as pixel tags and software development kits, to help personalize Your online and in-app experience. A cookie is a text file that is placed on Your hard device by a Web page server or a mobile app. For detailed information about cookies and which types of cookies We use, please read Our cookie policy.
Cookies cannot be used to run programs or deliver viruses to Your computer.
Cookies are uniquely assigned to you and can only be read by a Web server in the domain that issued the cookie to you.
We may use cookies to collect, store, and track information for statistical purposes to operate Our Website and Services. You can accept or decline cookies.
Most Web browsers automatically accept cookies, but you can modify Your browser settings to disable cookies if you prefer (check Your browser's Help page).
If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.
To learn more about cookies and how to manage them, visit internetcookies.org.
Privacy Shield Frameworks
While Privacy Shield is no longer a valid mechanism for data transfers from the EU, it is still a valid commitment toward certain data privacy requirements for companies that participate in it. We participate in the Privacy Shield and are committed to comply with its principles. Organizations' continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recOurse for individuals.
We have certified to the Department of Commerce that We adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view Our certification, please visit https://www.privacyshield.gov/.
We commit to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable.
We are responsible for the collection and processing of data it may receive under the Privacy Shield Framework, including subsequent transfers to third parties We engage that act on Our behalf. We comply with the Privacy Shield Principles of all transfers of data in the EU.
Privacy of minors
We do not knowingly collect any Personal Data from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Data through Our Website or Service.
If you have reasons to believe that a person under the age of 18 has provided Personal Information to us through Our Website or Service, please contact us via privacy@livv.work.
Changes and amendments
We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. You can find the date of Our last update at the top of the document.
Contact Us
We have a Data Protection Officer (DPO) who monitors Our compliance with the General Data Protection Regulation (GDPR), other data protection regimes, and Our policies in relation to the protection of Personal Data and privacy.
For inquiries or requests about this Policy, please reach out to us via privacy@livv.work.