tapwrkBack to homepage

GDPR Information

This page explains how tapwrk approaches data protection in line with the General Data Protection Regulation (GDPR).

tapwrk as data processor and controller

  • For most workplace attendance scenarios, tapwrk acts as data processor on behalf of the customer organisation (the employer). The employer defines the purposes and means of processing attendance data and remains the data controller.
  • For certain activities, such as operating our website, managing trials, demos and billing, tapwrk may act as data controller.

In both roles we apply appropriate technical and organisational measures to protect personal data, including encryption, access controls and regular security reviews.

Lawful bases and transparency

Customer organisations are responsible for choosing the appropriate lawful basis for using tapwrk with their employees (for example legitimate interest or performance of a contract) and for providing clear privacy information.

Our own processing is described in more detail in the tapwrk Privacy Policy.

Data subject rights

Under GDPR, individuals have rights such as access, rectification, erasure, restriction, portability and objection.

When tapwrk acts as data processor, we support the customer organisation in fulfilling these rights (for example by exporting or deleting attendance records on request). When we act as controller, individuals can contact us directly using the contact details below.

Data location and transfers

tapwrk primarily stores and processes data within the European Union or in countries that offer an adequate level of protection. Where data is transferred outside the EU/EEA, we rely on safeguards such as Standard Contractual Clauses.

Security and incident response

We maintain security controls designed to keep data confidential, intact and available. If we become aware of a personal data breach that affects customer data, we will notify the relevant customer without undue delay and provide information necessary for their own legal obligations.

Contact

For questions related specifically to GDPR and data protection, please contact:

legal@tapwrk.com