Works-Council Enablement Kit

A starting kit for works councils and employee representatives evaluating BurnoutZero. It is meant to make co-determination straightforward — the privacy guarantees are built into the software and independently checkable.

Last updated 6/17/2026.

Talking points

  • No individual employee data is ever visible to managers or the employer — only privacy-protected aggregates, enforced by a k-anonymity floor in the product.
  • Participation is consent-based and revocable at any time; withdrawing consent removes the employee from all aggregates immediately.
  • Employees can export and permanently delete their own data themselves.
  • A "works council mode" privacy preset raises the anonymity floor and defaults consent to the most protective tier.
  • The organization can produce a dated, printable attestation of these guarantees for the council’s records.

DPIA outline

  1. Purpose: employee wellbeing and burnout prevention — not performance management.
  2. Data categories: self-reported check-ins, logged activities, optional calendar meeting-load metadata.
  3. Lawful basis & consent: per-employee opt-in consent, revocable; protective defaults under works-council mode.
  4. Recipients: managers see only k-anonymized aggregates; sub-processors are listed and EU-hosted.
  5. Risks & mitigations: re-identification → k-anonymity floor + differencing protection; scope creep → purpose limitation + no individual exposure by design.
  6. Data-subject rights: self-service access (export) and erasure; configurable retention; legal hold.

Co-determination FAQ

Can a manager see how a specific person is doing?

No. Managers only ever see team aggregates that blend at least the configured minimum number of consenting people. There is no screen, export, or API that reveals an individual.

What happens if only a few people on a team use it?

Below the anonymity floor, the manager sees nothing — never a near-individual figure.

Can the data be used in a performance review?

No. It is a wellbeing tool; individual data is never exposed and the Employee Bill of Rights commits that it is never used against an employee.

Can an employee leave and take their data with them, or erase it?

Yes — one-click export of all their own data, and self-service permanent deletion, at any time.

Logged-in admins can generate a dated, printable attestation from the enterprise Compliance page. See also: Trust Center · Employee Bill of Rights · Transparency