Privacy policy

Read more about how Benify manages personal data in our Privacy Policy.


At Benify, we use cookies on our website so that you are able to enjoy the best possible online experience.

Read more about cookies in our Cookie policy

Benify AB sub-processors

Alla personuppgifter lagras på servrar som helt och hållet ägs och kontrolleras av Benify. Våra servrar finns placerade på tre fysiskt oberoende datacenter inom EU.

Benify AB:s underentreprenörer

 Benify processing – Invoice partner. Storage location – EU. Processing location – EU.
• Lifeplan AB – Pension & Insurance consulting partner. Storage location – EU. Processing location – EU.
• Printline Idéproduktion AB – Prints and sends welcome mail to users. Storage location – EU. Processing location – EU.
• Stay Secure Sweden AB – Provides advanced e-mail protection services. Storage location – EU. Processing location – EU.
• Zendesk Inc. – Provider of system for customer service. Storage location – EU. Processing location – USA (Standard clauses, Privacy Shield and security measures in place).
• CGI Sverige AB – Provider of Electronic identification service. Storage location – EU. Processing location – EU.

Personal data retention

To ensure that personal data processing is limited to what is necessary Benify have a personal data retention policy implemented in the Benify application.

The purpose of this policy is to adapt the Benify application to the GDPR requirement of data protection by design and by default and the principles of data minimization and storage limitation.

The policy is based on the following scenarios:
• Automatic erasure for active clients and end-users
• Erasure due to termination of agreement
• Erasure due to termination of employment
• Individual’s right to erasure and restrict processing

GDPR at Benify

This year we will see the biggest change to European privacy law in over 20 years – having a significant impact upon the way in which you store, manage and share your employees’ personal data.

Coming into force on 25th May 2018, the General Data Protection Regulation (GDPR) will affect all organisations which offer goods or services- or monitor the behaviour of data subjects within the European Union.

The GDPR is all about protecting the interests of your employee and making it easier for them to retain control of their personal data in a digital age where data carries increasing economic value. Failure to comply with the new regulations could cost your business up to €20 million or 4% of your worldwide annual turnover. With this in mind, it’s crucially important that every part of your organization is ready for the changes to come in May.

The GDPR will affect how you manage your employee rewards
As an employer, you are the data controller of your employees’ personal data.  Any other body or person whom you entrust with this data, such as Benify, has the role of data processer.

As the data controller, you will soon have a legal obligation to ensure the necessary “technical and organizational measures” to protect your employees’ personal data in accordance with the GDPR. This means ensuring full transparency as to how the data is stored, managed or shared so that your employee can retain full control over their personal data.

This will have a great impact upon how you manage your employees’ data when providing your employee experience. Not only will this affect your employee rewards management, but so too your various other employee lifecycle activities, such as onboarding, pension, enrolment, company events and much more.

Benify – industry experts in data security
Benify is an internationally certified ISO/IEC 27001 organization. Every day, we manage the employee data of thousands of the world’s biggest employers. We take care to do so with impeccable attention to detail, based on a systematic approach which includes physical, digital, operational and organizational safeguards.

As a customer or partner with Benify, you have our assurance that all of our services are compliant with the forthcoming EU-wide regulations – meaning you can trust us to manage your employee benefits, rewards, communication and all other portal services, safe in the knowledge that your sensitive data is secure. We provide the internal security framework so you can focus on your business.

Our efforts are based on 7 cornerstones of:

Lawfulness, fairness and transparency

Benify takes comprehensive measures to ensure that our processing of personal data is lawful and complies with relevant legislations and agreements. We are fully transparent with our internal polices, procedure and the security measures taken to process and protect personal data.

Data minimization

Together with the client, Benify’s experts conduct meticulous implementation-, integration- and management reviews of the portal to minimise risk and ensure only applicable data is to be processed.

Storage limitation

Benify’s application ensures privacy by design – through automated system functionalities which remove personal data that are no longer required for processing purposes.


Benify allows you to clearly demonstrate the actions you have taken to ensure full compliance with the GDPR. We will help you to show accountability at each step in the process.

Purpose limitation

Clients have full control in setting and limiting the purpose and scope within which Benify has license to process. This is well defined and documented in a personal data processing agreement.

Data accuracy

Regular file integration ensures that all data remains accurate. Benify performs periodical integrity checks, thereby applying the four-eyes principle before taking action.

Integrity and confidentiality

Benify is an internationally certified ISO 27001 organization. We guarantee protection of your employees’ personal data behind a framework of technical and organizational safeguards.

Most significant improvements

Information security ISO 27001
We have a fully implemented and certified information security management system according to ISO 27001. This means we take comprehensive measures to protect personal data at all times.

Risk assessment – privacy impact analysis
We continuously perform risk analyses focusing on protection of personal data and privacy. All risk analyses are documented and managed according to our internal policies and procedures.

Improved information and transparency
We put a lot of focus on information and transparency to make it easy for our clients and end user to review how we process personal data and the security measures we have implemented.

Data minimization
To minimize the extent of personal data we continuously analyze and review our personal data processes. This involves analyzing content of reports, integrations files etc. to make sure we only process and display necessary personal data.

Updated data processing agreements
We have updated our template for Data Processing Agreements (DPA) to fully comply with the requirements of the GDPR. Benify’s template is offered to all our clients but of course all clients are permitted to use their own DPA: s.

Updated policies
Our internal policies and procedures have been reviewed and updated to ensure they are compliant with the GDPR.

Personal data retention policy
To ensure that personal data processing is limited to what is necessary we have implemented a personal data retention policy in the Benify application.

Right of access by data subject
To ensure the individuals rights of access we have implemented application functionality to provide each end user access to an individual user page describing the personal data processed by Benify.

Right to erasure – The right to be forgotten
To ensure the right to erasure we have implemented application functionality and processes to effectively remove an end user’s personal data by request.