Privacy Policy

Introduction

Fivin WorkforceHub ("Fivin", "we", "our", or "us") is committed to protecting the privacy of the individuals who use our workforce management platform. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By accessing or using Fivin, you agree to the practices described in this policy.

This is a placeholder document. A full, legally reviewed privacy policy will be provided before the platform is made available to external users.

Data We Collect

We may collect the following categories of information:

• Account information — name, username, email address, and role assigned within the platform.
• Workforce data — schedules, clock-in/clock-out records, hours summaries, and leave requests.
• Usage data — pages visited, actions taken, and timestamps, for operational and security purposes.
• Device & session data — IP address, browser type, and session identifiers.

How We Use Your Data

The information we collect is used to:

• Provide, operate, and improve the Fivin platform and its features.
• Manage user accounts and enforce role-based access controls.
• Generate reports, summaries, and analytics for workforce management purposes.
• Ensure platform security and detect unauthorized access or misuse.
• Communicate operational notices relevant to your account or organization.

Data Retention

We retain your data for as long as your account is active or as required to fulfill the purposes outlined in this policy. Workforce records (such as schedules and time logs) may be retained for a defined period to satisfy legal, payroll, or audit obligations. When data is no longer needed, it is securely deleted or anonymized.

Third Parties

We do not sell or rent your personal information to third parties. We may share data with trusted service providers who assist in operating the platform (for example, cloud hosting or email delivery services), subject to confidentiality obligations. We may also disclose information where required by law or to protect the rights and safety of Fivin and its users.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, subject to legal or contractual obligations.
• Object to or restrict certain processing activities.
• Lodge a complaint with a relevant data protection authority.

To exercise any of these rights, please contact us using the details below.

General Data Protection Regulation (GDPR) Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data is processed in accordance with the General Data Protection Regulation (GDPR) and applicable local data protection laws. Fivin acts as a data processor on behalf of your organization (the data controller) for workforce-related data, and as a data controller for account and platform usage data.

Lawful Basis for Processing

We rely on the following lawful bases to process your personal data:

• Contractual necessity — processing required to provide the platform services under your organization's agreement with Fivin.
• Legitimate interests — security monitoring, fraud prevention, and platform improvement, where these interests are not overridden by your rights.
• Legal obligation — retaining payroll and attendance records to comply with applicable labor and tax laws.
• Consent — where we request consent for any optional processing, you may withdraw it at any time without affecting prior processing.

Your GDPR Rights

Under the GDPR you have the following rights, exercisable free of charge:

• Right of access (Art. 15) — obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your data where no legitimate basis for retention exists.
• Right to restriction (Art. 18) — ask us to limit processing in certain circumstances.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing.
• Right not to be subject to automated decisions (Art. 22) — not be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g., the Finnish Data Protection Ombudsman — tietosuoja.fi).

International Data Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to maintain an equivalent level of data protection.

Data Protection Officer

If you have questions specifically about our GDPR obligations or wish to escalate a concern, you may contact our Data Protection contact using the details in the section below.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact the Fivin team at: