Legal
GDPR & Processing.
This page describes in broad terms how NewWorks handles client and visitor data under the GDPR. For the data we collect through this website, our privacy statement and cookie policy also apply.
Client and visitor data
We process two kinds of data: data about visitors to this website, and client data within the engagements we carry out. For both, the principle is the same: no more than necessary, and with control in mind.
For visitor data, NewWorks is itself the controller; what we collect and which cookies we use is set out in our privacy statement and cookie policy. Within client engagements, we process data on behalf of and on the instructions of the client. In that case the client is the controller and NewWorks acts as the processor.
AI and processing
NewWorks is an AI company and uses AI tooling as part of our work. We do so in a controlled way, with arrangements agreed in advance:
- We never train on client data and do not use client data to train or improve models.
- Which AI tools and models we use for an engagement, and which we explicitly do not, are agreed with the client in advance.
- We only process the data needed for the agreed task.
We only process a client's data once an engagement begins, and always within the framework we have set out together. We build our solutions to be legible and traceable so that you stay in control; the final legal judgement remains with your organisation.
Data processing agreement
For engagements in which we process data on your behalf, we record the arrangements as standard in a data processing agreement, including purpose, security and sub-processors.
The data processing agreement forms part of the engagement contract and records, among other things: the subject and duration of the processing, the types of data and data subjects, the security measures, the use of any sub-processors, and the arrangements for returning or deleting data afterwards. You can request our model data processing agreement via info@newworks.ai.
Data location
EU hosting is our default, and wherever possible we process data within the European Economic Area. The exact tools, models and processing locations that apply to your engagement are agreed per project and recorded in the data processing agreement. Where a specific processing activity calls for additional safeguards, we put these in place in line with the GDPR.
Would you like to know exactly how this works for your situation? Get in touch and we will explain it in concrete terms.
Trust Center & contact
The concrete practices around security and compliance are set out in the Trust Center. Questions about processing? Email info@newworks.ai or see the Privacy statement.