PRIVACY POLICY

---

1. INTRODUCTION

BuddyPro AB, Org.nr 559516-1844 ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Workforce mobile application for task management and time tracking (the "App").

Workforce is designed for employees of organizations that have licensed our BuddyPro SaaS platform. By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the App.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

Account and Profile Information:

• Full name (first and last name)
• Email address
• Phone number
• Employee ID or identifier
• Profile image/photo
• Department or team assignment
• Job title or role
• Work schedule and shift preferences

Employment and Payroll Information:

• Social Security Number (when required for payroll and tax purposes)
• Bank account information for direct deposit
• Tax withholding preferences and forms
• Salary or hourly wage information
• Benefits enrollment data
• Emergency contact information

Work Assignment Data:

• Task assignments and descriptions
• Work order details and instructions
• Task acceptance or rejection decisions
• Completion status and progress updates
• Work notes and comments
• Time estimates and actual completion times

Communication Information:

• Chat messages with supervisors and team members
• Work-related communications and updates
• Support requests and feedback
• Notification preferences

2.2 Information We Collect Automatically

Time and Attendance Data:

• Clock-in and clock-out times
• Break times and duration
• Total hours worked per day, week, and month
• Overtime hours and patterns
• Attendance patterns and punctuality
• Time off requests and approvals

Location and Movement Data:

• GPS location at task start and completion
• Work site locations and addresses
• Travel time between job sites
• Geofencing compliance for designated work areas
• Route tracking for field work (when applicable)

Performance and Productivity Metrics:

• Task completion times and efficiency ratings
• Number of tasks completed per time period
• Task completion rates and success percentages
• Work quality indicators and feedback scores
• Productivity trends and patterns
• Schedule adherence and reliability metrics

Device and App Usage Information:

• Device type, operating system, and version
• App version and update history
• Feature usage and interaction patterns
• Session duration and frequency of use
• Error logs and diagnostic information
• Network connectivity and performance data

2.3 Information from Third Parties

From Your Employer:

• Employee roster and organizational chart information
• Work schedules and assignments
• HR records relevant to app functionality
• Performance reviews and evaluations
• Training records and certifications

From Integrated Systems:

• Payroll system data
• HR management system information
• Project management platform data
• Customer relationship management (CRM) data when relevant to tasks

3. HOW WE USE YOUR INFORMATION

3.1 Core Workforce Management Functions

Task and Schedule Management:

• Create and manage your employee account
• Assign and distribute work tasks and orders
• Track task progress and completion status
• Manage work schedules and shift assignments
• Enable task pool functionality for self-assignment
• Coordinate field work and location-based assignments
• Generate work reports and summaries

Time Tracking and Attendance:

• Record work hours and attendance
• Calculate overtime and break times
• Monitor schedule compliance and punctuality
• Generate timesheets and attendance reports
• Process time-off requests and approvals

Payroll and Compensation:

• Calculate wages based on hours worked and task completion
• Process direct deposits and payroll transactions
• Generate pay stubs and tax documents
• Track benefits and compensation data
• Comply with labor law and tax requirements

3.2 Communication and Coordination

Workplace Communication:

• Facilitate chat communication between employees and supervisors
• Send task assignments and updates
• Provide work-related notifications and alerts
• Share important company announcements
• Enable team collaboration and coordination

Performance Management:

• Track work performance and productivity metrics
• Generate performance reports for management review
• Identify training needs and development opportunities
• Monitor work quality and efficiency improvements
• Support performance evaluation processes

3.3 Platform Improvement and Analytics

Service Enhancement:

• Analyze usage patterns to improve the App
• Develop new workforce management features
• Optimize task assignment and scheduling algorithms
• Enhance user experience and interface design
• Improve system performance and reliability

Safety and Compliance:

• Ensure workplace safety and security
• Monitor compliance with labor laws and regulations
• Verify employee identity and prevent unauthorized access
• Maintain audit trails for regulatory compliance
• Detect and prevent fraudulent time reporting

4. LEGAL BASIS FOR PROCESSING

4.1 Legal Basis Under GDPR

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

Contract: Processing necessary for the performance of your employment contract and our service agreement with your employer
Legal Obligation: Processing necessary to comply with employment law, tax law, and other legal requirements
Legitimate Interests: Processing necessary for our and your employer's legitimate interests in workforce management, provided these interests are not overridden by your rights and freedoms
Consent: Processing based on your specific consent for certain optional features

For each major processing activity, the specific legal basis is as follows:

• Account management and employee services: Contract
• Task assignment and management: Contract and Legitimate Interests
• Time tracking and attendance: Contract and Legal Obligation
• Payroll processing: Contract and Legal Obligation
• Location tracking for field work: Legitimate Interests or Consent
• Performance monitoring: Legitimate Interests
• App improvement and analytics: Legitimate Interests
• Workplace communication: Contract and Legitimate Interests
• Compliance with labor laws: Legal Obligation
• Safety and security measures: Legitimate Interests

5. INFORMATION SHARING AND DISCLOSURE

5.1 Sharing with Your Employer

Work-Related Data Shared with Your Employer:
Your employer has access to work-related information necessary for workforce management, including:

• Task assignments, progress, and completion status
• Time tracking data, attendance records, and work hours
• Location data for field work and job site verification
• Performance metrics and productivity data
• Work-related communications and updates
• Payroll and compensation information
• Schedule adherence and attendance patterns

5.2 Other Sharing Scenarios

Service Providers and Business Partners:

• Payroll processing companies for wage calculations and payments (legal basis: Contract)
• Banking institutions for direct deposit services (legal basis: Contract)
• Cloud service providers for data hosting and security (legal basis: Legitimate Interests)
• IT support and maintenance providers (legal basis: Legitimate Interests)
• Analytics providers for app improvement using anonymized data (legal basis: Legitimate Interests)

Legal and Regulatory Requirements:

• Tax authorities for employment tax compliance (legal basis: Legal Obligation)
• Labor department agencies for workforce compliance (legal basis: Legal Obligation)
• Court orders, subpoenas, or legal proceedings (legal basis: Legal Obligation)
• Law enforcement agencies when required by law (legal basis: Legal Obligation)

Safety and Security:

• Emergency services in case of workplace accidents or safety incidents (legal basis: Legitimate Interests)
• Insurance companies for workplace injury or liability claims (legal basis: Legitimate Interests)
• Security services for fraud prevention and investigation (legal basis: Legitimate Interests)

Business Transfers:

• In connection with mergers, acquisitions, or asset sales (legal basis: Legitimate Interests)
• To successors or assigns of our business

For each third party, we have Data Processing Agreements in place that comply with Article 28 of the GDPR. We ensure all third parties process your data securely and in accordance with EU data protection laws.

We do not sell your personal information to third parties and we do not transfer your data outside of the EU without appropriate safeguards.

5.3 Information We Do Not Share

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We also do not share your personal information with unauthorized parties or for purposes unrelated to your employment and the workforce management services we provide.

6. DATA STORAGE AND PROCESSING

BuddyPro AB operates exclusively within the European Union. All your personal data is stored and processed on servers located within the EU, in compliance with GDPR and other applicable EU data protection laws.

If we need to transfer your data outside the EU for any reason, we will ensure that adequate safeguards are in place (such as EU Standard Contractual Clauses) and will inform you of such transfers in advance.

7. DATA RETENTION AND DELETION

7.1 Retention Periods

We retain your personal information only for as long as necessary to fulfill employment and legal requirements. Specific retention periods are:

Active Employment:

• Account and profile information: Retained during employment plus 7 years after termination
• Time tracking and attendance records: Retained for 7 years for labor law compliance
• Payroll and tax information: Retained for 7 years for tax and financial compliance
• Performance and productivity data: Retained for 3 years after employment termination
• Work communications: Retained for 2 years from last interaction
• Location data: Retained for 1 year unless required longer for legal compliance

After Employment Termination:

• Some employment records may be retained longer to comply with labor law requirements
• Tax and payroll records retained per applicable tax law (typically 7 years)
• Legal hold requirements may extend retention periods

7.2 Account Deletion Process

Employee-Requested Deletion:

• Current employees may request deletion of certain non-essential personal data
• Essential employment data cannot be deleted while employment continues
• Former employees may request deletion subject to legal retention requirements
• Contact privacy@buddypro.io for deletion requests

Automatic Deletion:

• Data is automatically deleted according to our retention schedule
• Some data may be retained longer if required by law or for legitimate business needs

8. DATA SECURITY

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information in accordance with GDPR Article 32. These measures include:

Technical Safeguards:

• Encryption of personal data during transmission and at rest
• Secure authentication and multi-factor access controls
• Regular security assessments and vulnerability testing
• Monitoring for unauthorized access or breaches
• Regular backups and disaster recovery procedures
• Network security and firewall protection
• Secure API endpoints and data transmission protocols

Administrative Safeguards:

• Limited access to personal information on a need-to-know basis
• Employee training on privacy and security practices
• Data protection impact assessments for high-risk processing activities
• Incident response and breach notification procedures
• Vendor security requirements and Data Processing Agreements
• Regular security policy reviews and updates

8.2 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and will inform affected individuals and employers without undue delay, as required by GDPR.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8.3 Your Responsibility

Account Security:

• Keep your login credentials confidential and secure
• Use strong, unique passwords
• Enable two-factor authentication when available
• Report suspicious activity or security concerns immediately
• Log out properly when using shared or public devices

9. YOUR RIGHTS UNDER GDPR

As our services operate within the EU, you have the following rights under the General Data Protection Regulation (GDPR). However, please note that some rights may be limited in the employment context due to legal requirements and legitimate business needs:

9.1 Your Data Rights

• Right to Access: You can request a copy of the personal information we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete information
• Right to Erasure: You can request deletion of your personal information, subject to legal retention requirements
• Right to Restrict Processing: You can request limitation of how we use your data in certain circumstances
• Right to Data Portability: You can request transfer of certain data in a machine-readable format
• Right to Object: You can object to certain types of processing, including direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@buddypro.io

9.2 Account Management

Profile Management:

• View and update your profile information
• Modify communication and notification preferences
• Review your work history and performance data
• Access your time tracking and attendance records

Data Requests:

• Request a copy of your personal information
• Request correction of inaccurate information
• Request deletion of data (subject to employment and legal requirements)
• Object to certain processing activities

9.3 Communication Preferences

Optional Communications:

• Opt out of non-essential notifications
• Manage marketing and promotional communications
• Control optional feature notifications

Required Communications:

• Work-related notifications and task assignments (cannot be disabled)
• Important security or account notices (cannot be disabled)
• Legal and compliance communications (cannot be disabled)
• Payroll and benefits communications (cannot be disabled)

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience, analyze usage, and collect information about how you interact with our App. In accordance with EU law, we will ask for your explicit consent before placing any non-essential cookies on your device.

10.1 Types of Technologies Used

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Basic app functionality and navigation
• Work session tracking and time management

Functional Cookies:

• User interface preferences and settings
• Language and region preferences
• Notification and communication preferences
• Task and schedule display options

Analytics and Performance Cookies:

• App usage statistics and feature adoption
• Performance monitoring and optimization
• Error tracking and diagnostic information
• User experience improvement data

10.2 Managing Cookies

You can control cookie settings through your device or browser settings, though disabling certain cookies may affect app functionality. You can manage your cookie preferences at any time through our cookie management tool in the App settings.

11. CHILDREN'S PRIVACY

Our Workforce app is intended only for employees aged 16 and older. We do not knowingly collect or process personal data from individuals under 16 years of age. If we learn that we have received personal data from someone under 16 without proper verification, we will delete that information as quickly as possible. If you believe we have collected information from someone under 16, please contact us immediately at privacy@buddypro.io

12. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. We will notify you of material changes through the App, email, or other appropriate communication methods. Your continued use of the App after such updates constitutes acceptance of the revised Privacy Policy.

For significant changes that affect your rights or how we handle your data, we may require your explicit consent before the changes take effect.

13. DATA CONTROLLER AND DATA PROTECTION OFFICER

BuddyPro AB is the data controller for the personal information collected through our Workforce app. Your employer is also a data controller for employment-related personal data. Both BuddyPro and your employer have responsibilities under GDPR and other applicable privacy laws.

13.1 Contact Information

For questions about this Privacy Policy or our data practices, please contact us at:

13.2 Data Protection Officer

Our Data Protection Officer is responsible for overseeing questions regarding this Privacy Policy and our data protection practices:

13.3 Supervisory Authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we have not handled your personal data in accordance with applicable privacy laws:

---