GDPR Compliance
Workalizer is designed to support compliance with the General Data Protection Regulation (GDPR) and related data protection law. Workalizer is developed and operated by InfoHub Works Limited, a company registered in England and Wales (company number 11499103), with its registered office at 124 City Road, London, England, EC1V 2NX. This page explains how our service model and data handling align with GDPR principles, including the important distinction that we do not collect or store activity logs; we fetch and aggregate data from Google Workspace on your organization's behalf.
What Workalizer Is in Legal Terms
Workalizer is a software-as-a-service (SaaS) platform that provides performance and productivity analytics based on Google Workspace usage. Your organization (the customer) is the data controller for the personal data processed in Google Workspace. InfoHub Works Limited (operating as Workalizer) acts as a data processor: we process data only on documented instructions from the customer, for the purpose of providing analytics and insights. We do not determine the purposes or means of processing beyond what is necessary to deliver the service.
No Log Collection: Fetch and Aggregate
We do not collect, store, or retain raw activity logs or content from your users. Instead, our system connects to Google Workspace via official APIs using the access your organization grants. Data is fetched (pulled on demand or on a scheduled basis), aggregated and derived (e.g. counts, trends, summaries), and then used to generate dashboards and AI-generated insights. The underlying data is processed in memory or temporarily to produce these outputs; we do not build or keep separate logs of user activity. This approach supports data minimization and limits retention of personal data to what is necessary for the service.
Lawful Basis and Legitimate Use
As processor, we process personal data only where the customer has a lawful basis under GDPR (e.g. legitimate interest, contract, or consent, as determined by the customer). The customer is responsible for ensuring that its use of Workalizer and its instructions to us comply with applicable law, including informing employees and having an appropriate lawful basis for the analytics and performance-review purposes.
Data Minimization and Purpose Limitation
- We access only the Google Workspace data and API scopes that the customer explicitly grants.
- Processing is limited to producing analytics, insights, and reports for performance and productivity purposes.
- We do not use customer data for advertising, marketing to individuals, or selling data to third parties.
Security, Confidentiality, and Subprocessors
We implement appropriate technical and organizational measures to protect personal data (e.g. encryption, access controls, secure development practices). We ensure that any subprocessors that process personal data on our behalf are bound by obligations consistent with GDPR and our commitments to the customer. Details can be set out in our Data Processing Agreement or Data Access Policy.
Data Subject Rights and Assistance
We assist the customer in responding to requests from data subjects (e.g. access, rectification, erasure, restriction, portability, objection) to the extent that such requests relate to processing carried out by Workalizer. The customer remains responsible for responding to data subjects; we do not respond directly to end users unless the customer instructs us to do so.
International Transfers
Where personal data is transferred outside the European Economic Area (EEA), we use mechanisms recognized under GDPR (e.g. adequacy decisions, standard contractual clauses, or other approved transfer tools) to ensure an adequate level of protection. We can provide more detail in our data processing or privacy documentation on request.
Summary
Workalizer supports GDPR compliance by acting as a processor that fetches and aggregates Google Workspace data on instruction, without collecting or retaining activity logs, and by applying data minimization, purpose limitation, security, and assistance with data subject rights. Customers remain responsible for establishing a lawful basis and for their use of the service.
Contact
For questions about GDPR compliance or our processing, contact us via the Contact page or at InfoHub Works Limited, 124 City Road, London, England, EC1V 2NX.