Moodwork — Workplace mental health

GDPR compliance

General Data Protection Regulation — in force since 25 May 2018

The European GDPR came into force on 25 May 2018. It establishes new obligations for companies processing personal data, and new rights for the people concerned (right to be forgotten, right to data portability). Data governance and GDPR compliance guide Moodwork's day-to-day design and development processes.

Legal framework

Moodwork undertakes to comply with:

  • The French Data Protection Act of 6 January 1978 (Informatique et Libertés)
  • The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)

Moodwork's role

Under the GDPR, Moodwork acts exclusively as a processor of personal data. As such, Moodwork undertakes to comply with the following obligations:

Moodwork's commitments

I

Process the data solely for the purpose of performing the Client contract.

II

Process the data according to the Client's documented instructions. If an instruction violates the GDPR, Moodwork immediately informs the Client and does not carry out the instruction. Where a legal obligation requires a transfer to a third country, Moodwork informs the Client before processing (unless legally prohibited on public-interest grounds).

III

Guarantee the confidentiality of the personal data processed.

IV

Ensure that authorised personnel commit to confidentiality or are subject to appropriate statutory confidentiality obligations, and receive the necessary training in personal data protection.

V

Embed data protection principles by design and by default (privacy by design / privacy by default) in all tools, products, applications and services.

VI

Implement security measures ensuring a level of protection appropriate to the risks, including: pseudonymisation and encryption of personal data, as well as the means to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

VII

Maintain a record of processing activities that identifies and keeps up to date all personal data processing operations.

DPO contact

For any question regarding the protection of your personal data, contact our Data Protection Officer: [email protected]