Log in

I want to access:

Subcontractors


Why does Simployer engage subcontractors?

Simployer engages subcontractors mainly for operations and maintenance of technical infrastructure. There are excellent companies with this as their expertise, and they help Simployer to deliver even better stability, scalability and security than we would manage on our own. That way Simployer can concentrate on being the best HRM solution provider. No one can be experts on everything.

Which subcontractors does Simployer engage?

The list of subcontractors is stated in the latest version of the Data Processing Agreement. Also, see the page "Sub processors".

Can the Customer refuse Simployer's engagement with new subcontractors?

Yes, the Data Processing Agreement gives the Customer the opportunity to refuse any new subcontractors by terminating the agreement with Simployer with 30 days written notice. If the Customer would like to keep using Simployer, new subcontractors must be excepted. Simployer will never engage subcontractors that we don't consider to be GDPR compliant.

What responsibillity does the Customer have towards Simployer subcontractors?

All subcontractors are Simployer's responsibility. The Customer only relates to Simployer and the agreements made with Simployer. Simployer signs DPA's with all of it's subcontractors.

Will any new subcontractors have access to customer data?

No. Simployer have signed agreements with all subcontractors that no personnel at the subcontractor may access customer data without legitimate reason; that is, if the personnel is authorized by us our you, the Customer, to handle such data. Simployer have technical measures in place to prevent such access, and will only grant access when needed (when you, the Customer, grants access to assist in support or any other specified assignment/instructions, or in the event of an security-related incident).

Where will subcontractors store data?

Data will primarily be stored in data-centers within EU/EEU. See the entire list in the article "Sub processors".

Service-specific subcontractors may process data also outside of the EU/EEA but the categories of personal data and the retention time is limited, and we do regular evaluations to make sure that all use of subprocessors are compliant with GDPR and safe to use.

Do we have to sign a new DPA if a new subcontractor is introduced?

No. According to the existing DPA, Simployer shall notify the Customer about any new subcontractors. If the Customer does not reject the new subcontractor, in writing, within 30 days from the notice, the new subcontractor is accepted to the existing DPA.

Processing of personal data in simployer


Is there anyone at Simployer that has access to our data?

No one in Simployer has access to the customer's data unless the customer requests support and provides Simployer access to the system. In such a support scenario, a identifiable employee in Simployer will have access to the system for a limited period of time.

Is there anyone at Simployer that has access to data in Time & Plan?

For the Time & Plan modules, a routine is established where the customer gives a written permission to access the system for each support case or request for assistance. This is done via a standardized method in the support system and as default the permission is valid for the current day. In case of other needs a different period can be specified.

Are customer data stored on servers in Norway?

GDPR does not require data to be stored specifically in Norway or even within EU, but more complex assessments are required in such cases. We regularly assess our subprocessors and storage-partners, and will always use partners that are GDPR-compliant and secure for us and our customers. Read more about storage in Simployer.

Is it possible to delete data and history of employees who have left the company, after completing the statutory obligation related to accounting and documents in accordance with the law?

Yes, and it is the Customer which performs deletion of data in Simployer.

How are security practices / encryption, etc. in connection with the transfer of personal data?

All communications where customer data flows over the internet is encrypted with SSL (https).

Do you have any further information about Simployer and GDPR

All our customers have access to our security and privacy documentation

Do you have a feature to delete all passwords at once in Simployer?

No, Simployer offers no such functionality, but an administrator at the Customer can reset passwords for users in Simployer. Simployer also offers authentication through Active Directory, allowing users to use their work account to login to Simployer.

Must all employees have access to edit personal data in a HR / Payroll system?

No, there is no such requirement. However, it may be an advantage that the employee has self-service for such data, as the employee is the one who themselves have the most updated and correct data.

How many years can you keep information about employees who have left?

There is no specific answers to this in the legislation. The concept of "purpose" is deciding. However, it will not be allowed to store data forever (no purpose).

Deletion of Personal Data in Simployer - What is the best procedure to comply with GDPR?

It is the customer who is the controller and who selects which personal data may be deleted from Simployer based on a risk assessment and the legal needs for data. Disabling users in Simployer removes access to personal data about the person, but the data is still stored.

Personal data related to the company (such as sick leave, holidays, documents, etc.) can be deleted separately in Simployer. Disabled users who do not have such data associated with their profile can also be physically deleted from the system. Simployer strived to make the deletion / anonymization procedures as flexible and user-friendly as possible for our customers.

How are rights to insight for the registered safeguarded?

By default, each user has access (and editing rights) to all personal data in Simployer. Simployer also has a report that the user can run, which shows which persons have access to the user's personal data and which persons can edit the user's personal data.

Is the Simployer DPA compliant with GDPR?

The Data Processing Agreement for Simployer complies with applicable national law and the GDPR.

General rules on handling of personal data


What access rights do the employee have?

As a general rule, the employee has access to all personal data the employer has stored about the employee, with the following exceptions:

  • Content subject to confidentiality, eg. whistleblowing cases
  • Content that is used for statistical purposes only

Who can access personal information?

Only employees with a legal need have a cause to see personal data, in addition to the employee himself. Other categories of people with access can for example be the employees managers or payroll workers in the business.

What is personal data?

Personal data is all information that can be linked to an individual. This may for example be:

  • Name
  • Address
  • Phone
  • Date of birth
  • Pictures
  • Fingerprint
  • Etc.

What is a sensitive personal data?

A sensitive personal data is information about:

  • racial or ethnic background, or political, philosophical or religious opinion
  • that a person has been suspected, sentenced, charged or convicted of a criminal offense
  • health conditions
  • sexual preferences
  • membership of trade unions
  • genetic and biometric information

What does it mean that a legal purpose is needed for processing personal data?

This means that you must have a specific legal purpose for processing personal data. This may for example be consent from the person whos information is bein processed, in order to fulfil a contract or by requirements in relevant national law.

What are the fines for breach of GDPR?

In case of serious breaches of privacy, fines may be issued up to 4% of global annual turnover or 20 million euros, whatever is the highest.

Responsibilities and roles related to privacy


Who is the controller?

The controller is the one who determines the purpose of processing personal data and the tools to be used. In a customer relationship with Simployer, it is the customer who is the controller.

What is a data processor?

A data processor is the person who processes personal information on behalf of the controller. In a customer relationship with Simployer, Simployer AS is a data processor.

Which businesses need a data protection officer?

All public entities must have a data protection officer. Private businesses need a privacy officer if

  • The main line of business requires regular and systematic monitoring of physical persons on a large scale
  • The main line of business consists in large-scale handling of special categories of personal data or information on convictions or criminal offenses.

We have created an interactive wizard to help you decide if your business needs a data protection officer. The tool is available as part of the subscription to the legal aid product, Privacy in Work Conditions.

Privacy in administration and follow-up of employment


Can minutes from employee conversations be transferred to a new leader?

Yes, a new leader may have transferred access to all minutes that will be necessary for his / her management. The minutes and accompanying documents belong to the employer, not the individual leader. New leader can therefore have access.

Can the employer submit photos and information of the employee on the intranet and the internet?

The employer can post photos and information on the intranet. For external publishing, for example, on the internet, the employer must consider whether the employee has reason to expect information to be published. Then it must be assessed in relation to the employee's position and function. Leaders and employees in outward facing functions will have to accept this, while it may be different if you are employed in, for example, production or a call center.

Handbooks AI


What data do you collect, and what do you not collect?

We respect your privacy by not collecting or storing your questions and our responses during regular interactions. However, we do collect technical data like error reports and performance metrics to help improve our service. If you use the feedback feature, we log your question, the response you received, your language preference, and your company name—without collecting any personal information.

Additional Information:

  • Azure OpenAI Usage: Our chatbot leverages Azure OpenAI services. Microsoft may employ its own logging practices as outlined in their privacy policies. Please consult Azure OpenAI documentation for details.
  • Qdrant Vector Database: Log data is stored within a Qdrant vector database. We utilize both Azure and Qdrant servers located within Europe to comply with data residency requirements.

How do you keep my data secure?

We use trusted services to store data securely within the region to comply with data residency laws. Access to this data is limited to authorized personnel who need it for troubleshooting or service improvement.

Will my data be used to train or modify the AI model?

No, your data will not be used to train or modify the AI. We use a pre-trained model, so your interactions do not influence the way the AI understands or responds.

Who can use the AI chatbot to access documents or information?

Only users with existing permissions to access relevant articles and documentation can query the chatbot.

How long do you keep the data?

For details on our data retention policy, please visit the following link: Simployer Data Retention Policy.

How can we help?

We’re here for every step of your employee journey. From intuitive software for people management to hands-on learning programs and expert support from our legal team — we've got you covered.

Vector Book a meeting

Curious to see Simployer in action? Book a demo today and discover your new HR toolkit!
Talk to Sales

Vector Need a hand? We’re here to help!

Looking for answers or updates? Our Support Center has everything you need—FAQs, release notes, customer care, and more. Dive in or reach out; we’re here to help!
Go to support