Data Protection & GDPR Compliance

Effective Date: February 1, 2026

WRKFORC is committed to the highest standards of data protection, privacy, and confidentiality when delivering Employer of Record (EOR), PEO, Payroll Outsourcing, Employment Outsourcing, Work Permit, and Recruitment services across multiple countries.

Because we process sensitive employee, payroll, and immigration data on behalf of our clients, data protection is a core part of our operational framework.

This page explains how WRKFORC complies with international data protection regulations, including the General Data Protection Regulation (GDPR).

 

1. Our Role in Data Processing

Depending on the service provided, WRKFORC acts as:

  • Data Processor when processing employee data on behalf of clients (Payroll, PEO, Employment Outsourcing, Work Permit, Recruitment)

  • Data Controller & Employer when delivering Employer of Record (EOR) services

In all cases, data is processed strictly for legitimate employment, payroll, and compliance purposes.

 

2. GDPR Principles We Follow

WRKFORC processes data according to GDPR principles:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimization

  • Accuracy of records

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

 

3. Types of Sensitive Data We Protect

As part of our services, we securely process:

  • Identification documents (ID, passport)

  • Salary and payroll records

  • Tax and social insurance data

  • Employment contracts and HR files

  • Work permits, visas, and immigration records

  • Contact and personal employee information

 

4. Security Measures

WRKFORC applies strict technical and organizational measures including:

  • Encrypted data storage and transmission

  • Secure payroll and HR management systems

  • Role-based access controls

  • Confidentiality agreements with all staff

  • Regular system monitoring and backups

  • Secure document handling procedures

 

5. International Data Transfers

WRKFORC operates across multiple countries. Data may be securely accessed by authorized teams in different locations strictly for service delivery purposes.

All access follows strict confidentiality and data protection standards aligned with GDPR requirements.

 

6. Data Subject Rights

Employees and individuals whose data we process have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request deletion where legally permissible

  • Restrict or object to certain processing

  • Request data portability where applicable

Requests can be sent to: privacy@lightgray-dolphin-216309.hostingersite.com

 

7. Data Retention

We retain data only as long as required for:

  • Service delivery

  • Legal and regulatory obligations

  • Audit and compliance requirements

 

8. Data Breach Procedures

WRKFORC maintains internal procedures to detect, report, and investigate any data breaches. In the unlikely event of a breach, affected clients will be notified promptly in accordance with GDPR and applicable laws.

 

9. Third-Party Processors

Where necessary, WRKFORC works with trusted service providers (hosting, banking, system providers). These providers are carefully selected and bound by data protection and confidentiality obligations.

 

10. Compliance with Local & International Laws

In addition to GDPR, WRKFORC complies with local data protection, labor, tax, and immigration laws in each country where services are provided.

 

11. Contact for Data Protection Matters

For any data protection or GDPR-related inquiries:

privacy@lightgray-dolphin-216309.hostingersite.com
www.lightgray-dolphin-216309.hostingersite.com

Scroll to Top