GDPR Compliance

Organizations using TeamTreat are typically the data controllers.

They determine:

• What employee data is uploaded
• Why the data is processed
• How long it should be retained

TeamTreat acts as a data processor, providing software infrastructure to manage this information.

Organizations may upload limited employee data such as:

• Employee names
• Work email addresses (optional)
• Birthdates
• Dietary requirements

This data is used only to support workplace celebrations managed through the platform.

TeamTreat processes data for the following purposes:

• Enabling organizations to track employee birthdays
• Managing workplace celebrations
• Coordinating associated orders
• Maintaining system security
• Providing customer support

TeamTreat is designed to store only the minimal information required to support celebration management workflows.

Organizations are responsible for ensuring they only upload necessary data.

TeamTreat may rely on trusted infrastructure providers to operate the service.

These providers process data only on our instructions and under strict security controls.

Examples include:

• Cloud infrastructure providers
• Authentication systems
• Database hosting providers

Data is retained only for as long as necessary to provide the service.

Organizations may remove employee data directly within the platform.

Individuals may have rights including:

• Access
• Correction
• Deletion
• Restriction of processing

Requests related to employee data should generally be directed to the organization that uploaded the information.

Organizations requiring a Data Processing Agreement (DPA) may contact us to request one.

TeamTreat implements reasonable safeguards including:

• Encrypted connections
• Authentication controls
• Infrastructure access restrictions

For GDPR-related questions, contact:

[email protected]