House of Benefits values and takes pride in processing personal data with a high level of integrity and security. In this policy, House of Benefits explains why and how we process personal data.
There are some key legal terms that it is essential to know in order to understand this policy. Below is a description of these terms.
Personal data is information related to an identified or identifiable natural person or data subject. An identifiable person is someone who can be identified, either directly, for example through a personal identity number, or indirectly, through use of the data in conjunction with other information in the possession of the data controller. Certain special categories of personal data, including racial or ethnic origin, trade union membership, sexuality, physical or mental health conditions, and religious beliefs, are considered sensitive data. Such data require higher protection and safeguards.
Processing personal data includes any operation or set of operations performed on personal data, whether or not by automatic means. So, processing includes disclosure by transmission, structuring, amending, storing and many other activities performed on personal data.
Controller is the natural or legal person who determines the purposes and means of the processing of their personal data. The controller is entitled to engage other parties to process personal data on its behalf. Such party is called a processor. The processor is thus acting under the authority of the controller and is only allowed to process the controller’s personal data on instructions from the controller or if required by applicable law.
House of Benefits provides software as a service to our clients in order to assist them in improving and managing their employees’ benefits, thereby strengthening their employer brands. The services are provided through House of Benefits digital benefit portal where employees of our clients log in as end-users to view and manage their benefits. Provision of these services thus require House of Benefits to processes personal data of our clients identifying and relating to our clients’ employees as data subjects.
Consequently, each client is the controller of their respective personal data and House of Benefits is engaged as a processor acting under the authority, and on the behalf, of our clients.
The benefit portal is tailored to each client’s service request. The processing activities carried out by House of Benefits therefore differ between different clients, but generally includes (without being limited to) the following operations:
Receiving personal data related to the end-users of the portal from clients and end-users Integrating the personal data in the benefits portal to set up individual accounts and further personalize the experience of the portal Administrating orders and benefits transactions related to orders made by the data subjects in the benefit portal, and transmitting the data back to the client Developing new tools, products of services for our clients Communicating with end-users and client administrators regarding use of the benefit portal House of Benefits only processes the clients’ personal data in order to provide them with our services for digital processing of benefits, and only pursuant to their instructions or as required by law. When authorized by clients to process personal data for continuous development, testing and troubleshooting in the benefit portal, House of Benefits uses pseudonymized, anonymized or aggregated data to the extent possible.
House of Benefits processing activities is governed by written Data Processing Agreements between House of Benefits and each client. These agreements states that House of Benefits is acting as a processor under the authority of the controller and shall comply with instructions from the client and relevant data protection authority. It also imposes certain obligations on House of Benefits regarding how to process personal data in order to ensure privacy rights and secure routines.
Since House of Benefits processes our clients’ personal data as a processor during delivery of the service, the client as controller determines the purposes and means of the processing.
The companies that offer their products and services in the portal are independent suppliers. They are not sub-contractors of House of Benefits but have entered into cooperation agreements with House of Benefits pursuant to which they offer their products and services in the benefit portal as a digital marketplace for the clients and end-users. The supplier is therefore the contractual counterparty in relation to orders made in the portal, not House of Benefits.
In order to complete a purchase in the portal the end user confirms the order and House of Benefits will send the order to the supplier and provide the supplier with relevant personal data relating to the end-user.
When an order is completed by the end-user, the supplier is the controller of the personal data it has received. The supplier is therefore responsible for determining the purpose and means of processing such data.
We will send you transactional email notifications when you select one benefit or another. Notifictions can be sent also directly to the platform in Notification section. We will also send you reminders form time to time in order to make sure you do not miss important deadlines.
In areas where it demms it necessary the House of Benefits has developed additional regulations (procedures and instructions) governing the protection of information.