Skip to content
English
Go to atwork.ai
  • There are no suggestions because the search field is empty.

Data protection & data governance

  1. Data protection

    atwork processes personal data in the context of employee surveys, including first name, last name, email address, and work-related information.

    The management of personal data and data processing complies with the requirements of the Swiss Federal Act on Data Protection (FADP). and the General Data Protection Regulation (GDPR), as well as the applicable Swiss cantonal data protection guidelines. Our handling of personal data is based on the principle that the processing of personal data is traceable and transparent, that technical and organizational measures to protect data are consistently implemented, and that users can easily and efficiently exercise their rights, such as the right to information, correction, or deletion.

    atwork contractually obliges all service providers and partners to comply with applicable data protection laws (including the FADP and GDPR) and ensures that all data transfers are legally secure.

  2. Security measures

    Personally identifiable information (PII) remains entirely within the secure Azure environment. In addition, text entries transmitted to the Azure OpenAI Service are automatically checked for potentially sensitive content and cleaned up. This creates an additional layer of protection to prevent unwanted data transfers.

  3. Encryption

    The protection of sensitive data is a top priority for atwork. Stored information is encrypted, both during transmission and at rest.

    Our systems use the integrated security mechanisms of Microsoft Azure and AWS to reliably protect data from unauthorized access:

    • Data transmission: All communication between our application, clients, and AWS is secured by HTTPS and TLS 1.2. This ensures the confidentiality and authenticity of the transmitted data.
    • Data storage: In Microsoft Azure, all stored data – including SMTP login details – is protected by default using encryption mechanisms managed by Azure. The encryption keys are managed and controlled by Microsoft itself and monitored in accordance with recognized security standards.

  4. Data minimazation

    Personal data is reduced to the minimum necessary. Internal IDs are used, with only essential fields being mandatory. Data cannot be assigned to individual persons without these IDs.