Rede Ímpar
Sabará Hospital Infantil
Unilabs
Unimed Fortaleza
Santa Casa de Misericórdia da Bahia
Unidade Local de Saúde de Matosinhos
Centro Hospitalar de São João
Pró-Saúde
Luz Saúde
Notredame Intermédica
Pulido Valente
Hospital de Santa Maria
Hospital IGESP
Hospital LeForte
Hospital Pequeno Príncipe

Privacy Policy

SISQUAL® Workforce Management Lda. (“SISQUAL”) provides a platform through a Software as a Service (SaaS), On-Premises Application and Mobile Application models. At SISQUAL®, the privacy and security of our customers, users and visitors are very important. SISQUAL® is fully committed in protecting the data you share with us. This privacy policy explains how SISQUAL® processes information that can be used directly or indirectly to identify an individual (“Personal Data”) collected through use of its website and platform in accordance with the applicable regulation and standards identified in this Privacy Policy (such as GDPR for example).

For the purposes of this policy, SISQUAL® defines the term “Customer” as an entity with which SISQUAL® has an established relationship, the term “User” as any individual who responds to marketing campaigns by SISQUAL® or who is included as a contact in a customer’s account, and the term “Visitor” as an individual that visits our front-end website (for example www.sisqualwfm.com).

Any information stored on SISQUAL®’ platforms is treated as restricted. All information is stored securely and is accessed by authorized personnel only. SISQUAL® implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

Information we collect on our corporate website

 

In general, you may visit SISQUAL®’ website, www.sisqualwfm.com, without providing us with any directly identifiable personal data. However, we may collect indirectly identifiable (pseudonymous) information from you, which includes your IP address used to track unique visits to our site for analytic purposes. In order to grant you access to protected and secure resources we may collect your full name, postal address and email address, to fulfil your requests for information including white papers, or participate in feedback surveys. In other instances, we may ask you to provide us with information such as your product interests so that we can send you only the information that is useful to you, including articles, newsletters, product and service alerts, new product and service announcements and event invitations. When we collect your personal data, we will inform you as to why we are asking for information and how the information will be used. However, please note that providing directly identifiable personal data is optional. When you receive your confirmation email or when you receive any email from SISQUAL®, you will be given instructions on how to remove yourself from the list.

SISQUAL®’ accountability for personal data that it receives under the GDPR and subsequently transfers internally or to a third party outside the European Economic Area is described in further detail below. In particular, SISQUAL® remains responsible and liable under the GDPR if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the GDPR unless SISQUAL® proves that it is not responsible for the event giving rise to the damage.

Information we collect in our mobile applications

 

We collect, receive and store your Personal Data to enable you to have access to the service, to help you enjoy the different functions of the software. If you do not accept the Privacy Policy, we ask you not to use the service or download the application.

We collect the following Personal Data when you use our mobile applications:

The information we collect from you is all related to the services provided. These include, time and duration of any specific service and location from which the services were accessed.

You can customize your account with additional information such as a photo, phone numbers or other personal information that will be stored on the employer’s database server and can be integrated into the employer’s internal systems.

We collect your username, employee number and password to validate your identity on your employers’ authentication server.

The user is obligated to:

  1.  Not to substitute and/or impersonate any person, reserving the right of SISQUAL® to block your account in the assumption that someone substitutes another person, being SISQUAL® exempt from any kind of responsibility;
  2. Keep the password secure and confidential;
  3. Not to share, reveal or transfer your password to another person.

It is important to collect information related to the device you are using, device identifiers, IMEI, hardware type, and other software details such as the operating system version.

This is a free, full downloadable application, so there are no hidden fees for it.

Saving the location is part of the service when you register a new clocking record. This data is only stored with your permission and is only stored on your employers database server.

You need to enable the location so that the application can capture it (GPS coordinate and/or Wi-Fi SSID) and send it to your employer’s server to allow you to clock-in or clock-out.

It is important that you agree to the above points and you are solely responsible for authenticating the data that has been provided by you.

We do not sell or rent your Personal Data to third parties for marketing purposes.

The app is available from app distributors. The processing of Personal Data, the use of cookies or other devices are governed by the privacy policies and conditions of use of the distributors themselves: Apple Store, Google Play, Huawei AppGallery.

Grounds for using data

Cookie Information

SISQUAL uses cookies to help us understand more about our website visitor activity. For example, we can track data about visits to the website, including numbers of visitors and visits, geo-location data, length of time spent on the site, pages clicked on or where visitors have come.

If you do not want us to track this information you can turn off cookies within your browser, follow the instructions here: https://cookies.insites.com/disable-cookies/.

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

We, our service providers, and/or non-affiliated third parties, may use “cookies” or similar technologies such as “pixel tags” on our digital properties. We and our partners use cookies or similar technologies in order to analyse trends, administer the websites, and track users’ movements around our digital properties. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

We use these technologies with our website visitors in a de-identified fashion. We may also use third-party analytics and marketing integration services such as those by Google, to help us track and optimize our website performance and customer-facing marketing. These third parties may also use both cookies and pixels to help us better manage content on our site by informing us what content is effective. These third parties are prohibited from using collected data for any purpose other than as a service provider to us.

When providing our software and providing SISQUAL® services to our corporate customers, SISQUAL® acts as a Data Processor. We need to collect and use personal data to enter into a contract with a customer or to fulfil our contractual obligations. We may also use such data for our legitimate business interests to administer our platforms, provide access to interfaces and features, and to enforce our acceptable use policies and terms of service.

To the extent our customers need to collect and share and allow us to process personal data of their employees and customers to enable our services, we will rely upon our customers to provide necessary privacy notices and to obtain required consents.

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

SISQUAL® takes commercially reasonable steps to ensure the ongoing confidentiality, integrity, availability and resilience of our systems and services processing your personal data.

Notably, we implement comprehensive antivirus, anti-spam, and spyware protection for the servers along with a full-fledged intrusion detection system coupled with robust firewalls and alerts system in place.

If you are our Customer or prospect, you have enhanced rights under the GDPR. You may access, correct or request deletion of your personal data.

SISQUAL® abides by the Data Subject Rights requests referenced within GDPR Articles 13-22 with respect to:

Right to be informed (about processing activities and applicable rights)

Right to access data (or obtain data being processed)

Right to rectify information (when outdated or incorrect)

Right to erasure (and to be publicly forgotten)

Right to object to processing (particularly activities based on consent)

Right to restrict processing (when processing is deemed to be unlawful)

Right to data portability (between proprietary systems in a common format)

Rights related to automated decision making (including decisions based on profiling activities)

SISQUAL® has put into place operational processes to comply with all Data Subject Rights requests within 30 days when received, however we may need to verify certain Personal data fields to ensure we act upon the correct data.

If your business contact information changes, or if you would like to modify or remove your details, or to exercise your other rights, please contact quality@sisqual.com.

Additionally, SISQUAL® is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

All processing of Personal Data is performed in accordance with privacy rights and regulations following the GDPR and the local legislation.

You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be deleted, limited or corrected if it is inaccurate. You can do this by contacting us via dpo@sisqual.com. We encourage you to contact us should you have any privacy-related complaint.

In compliance with the GDPR, SISQUAL® commits to resolve complaints about our collection or use of your personal information.

SISQUAL® reserves the right to update or change this Privacy Policy from time to time.

Changes will be posted on this page. If we make a material change to our privacy practices, we will provide notice on the site or by other means as appropriate.

If you have any questions, please feel free to contact quality@sisqual.com.

To contact SISQUAL®’s Data Protection Officer, please reach out to dpo@sisqual.com.

 

PUBLIC INFORMATION – Privacy Policy – updated on 31/03/2023

Cloud Privacy Policy

SISQUAL is truly committed to complying with applicable data protection legislation and regulation (including the GDPR), and the contractual terms agreed with its cloud service customers.
Our cloud service is provided on a Software as a Service (SaaS) model, where the customer only accesses and uses our WFM software in the cloud. This Policy only applies to service provision with the SaaS model. Exceptions to this service model and any specific resulting liabilities will be detailed in the contract.
We have appointed a Data Protection Officer (DPO) who acts as a point of contact for our customers with regard to the protection of personal data, who can be contacted via this email address: dpo@sisqual.com

Cooperation with regard to the rights of data subjects
Our WFM software (as of version 7) includes functionalities that enable our clients to comply with their obligation to facilitate the exercise of data subjects’ rights of access, correct and/or delete personal data concerning them. Please refer to the document “RGPD SISQUAL WFM” for further details and also for information on any situations that the client relies on us to facilitate the exercise of data subject rights.

Purpose of processing
We do not process any personal data stored by you or your end users in the WFM database for any purpose not included in the cloud service agreement, unless you instruct us to do so. We also do not use such personal data for marketing and advertising purposes.

Notification of disclosure
We will notify the service customer, in accordance with any procedure and winding period agreed in contract, of any legally binding request for disclosure of personal data by a law enforcement authority, unless such notification is otherwise prohibited (for example, to preserve the confidentiality of a law enforcement investigation).
We will consult with the service customer where legally permissible before then any disclosure of personal data and will accept any contractually agreed requests for the disclosure of personal data that are authorised by the service customer.
We will make a record of all exposures of personal data to third parties, such as those arising from legal investigations or external audits, including what data was disclosed, to whom, at what time, and the source of the authority for the purpose of the disclosure.

Notification of data breaches
We will promptly notify you in the event of unauthorised access to personal data or unauthorised access to processing equipment or facilities resulting in the loss, disclosure or alteration of personal data, and will provide the information necessary for you to comply with your obligation to notify the relevant authorities. This notification obligation does not extend to a data breach caused by you or a data subject or within the system components for which they are responsible.
In the event that a breach involving personal data has occurred, we will keep a detailed record of the incident, including a description of the data compromised, if known, and any notifications made in accordance with applicable laws and regulations.

Return, transfer and deletion
In the event of termination of the contract, after receiving and complying with a request to return personal data to you, transfer it to another cloud provider or to another personal data controller (for example as a result of a merger), we will ensure secure deletion of all data (by us and any of our authorised sub-contractors) from wherever it is stored, including for backup and business continuity purposes, as soon as it is no longer required by the specific customer.
Information on sub-contractors
The use of subcontractors participating in personal data processing is indicated in the contract with the client. We will inform you in good time of any intended changes in this regard so that you have the ability to object to such changes or to terminate the contract. We will inform you of the names of our relevant sub-contractors, the countries in which they may process data and the means by which those sub-contractors are obliged to meet or exceed our own obligations.
We will also inform our customers of the countries where personal data may be stored arising from the use of sub-processors. Any intended changes in this respect will be informed to the customer in good time so that the customer has the ability to object to such changes or to terminate the contract.

Technical and organisational measures
SISQUAL has implemented and continuously improves technical and organisational measures in line with the guidelines and requirements of international standards ISO/IEC 27001, 27002, 27701 and 27018 to ensure that contracted security requirements are met and that personal data is not processed for any purpose regardless of customer instructions, as well as to ensure compliance with relevant security and personal data protection obligations imposed by applicable law and regulations such as the GDPR. We are finalising the certification process according to ISO/IEC 27701 and since 2020 we are certified according to the international standards ISO/IEC 27001, 27018, 20000-1 and ISO 9001.

Awareness, education and training
All our staff are informed of the possible negative consequences on data subjects, on our customers, on SISQUAL and its employees, of violating privacy or security rules and procedures, especially those on the processing of personal data and related assets.

User access management
SISQUAL WFM in the cloud is provided on a Software as a Service (SaaS) model, so the customer is responsible for all aspects of access management for users under their control, providing administrative rights to manage or terminate access.
We recommend that all our customers implement procedures for user registration and deletion to avoid situations where user access control is compromised, such as the corruption or compromise of passwords or other user registration data (e.g. as a result of inadvertent disclosure), in line with the guidelines and requirements of the international standards ISO/IEC 27001 and 27002.

Use of encryption
To enhance the protection of personal data we use HTTPS encryption.

Backups
We guarantee backup and restoration of all data residing in the cloud provider.

Audits
We conduct independent internal audits and are audited by an accredited certification body every year. These audits verify that information security and privacy are implemented and operated in accordance with our policies and procedures.

PUBLIC INFORMATION – Cloud Privacy Policy – updated on 02/07/2021