Introduction At HRLocker, we are committed to safeguarding the privacy of visitors to our website (www.hrlocker.com). This policy explains how we collect, use, store, and protect your personal data when you interact with our website.
1. Data We Collect
When you visit our website, we may collect the following types of data:
- Data You Provide:
- Information submitted through forms or pop-ups, such as your name, email address, and telephone number.
- Responses to optional research surveys.
- Automatically Collected Data:
- IP address, browser type, and operating system.
- Details of your visits, including pages viewed, time spent on the site, and referral sources.
- Cookies and tracking technologies (see Section 5: Cookies Policy).
2. How We Use Your Data
We use the data collected to:
- Enhance and personalize your experience on our website.
- Respond to inquiries and provide requested information about our products and services.
- Send marketing communications, where consent has been provided.
- Conduct optional research surveys to improve our services.
- Comply with legal obligations.
3. Sharing Your Data
We may share your data with trusted third-party service providers, including:
- Google Analytics: To collect website usage data and improve performance.
- HubSpot: To manage inquiries, email communications, and form submissions.
We may also share your data with legal or regulatory authorities when required by law. All third-party processors are contractually obligated to comply with GDPR and maintain equivalent security standards.
We do not give or sell your personal data to third parties without your consent.
4. Data Retention
We retain personal data:
- For as long as necessary to fulfill the purposes outlined in this policy.
- In compliance with applicable legal requirements.
- For up to 24 months for marketing purposes, after which we will request your permission to retain it.
5. Cookies Policy
Our website uses cookies to enhance your experience. These include:
- Essential Cookies: Required for the website to function.
- Analytical Cookies: To understand how visitors interact with our site.
- Marketing Cookies: For targeted advertisements.
You can manage your cookie preferences through your browser settings or our cookie banner.
6. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption: Data in transit is encrypted using HTTPS protocols.
- Secure Hosting: Our website is hosted on ISO 27001-certified servers.
- Access Controls: Role-based access ensures only authorized personnel can access your data.
These measures are aligned with GDPR requirements and ISO 27001 standards for data security.
7. Data Breaches
In the event of a data breach impacting your personal data, we will:
- Take immediate steps to contain and address the breach.
- Notify the relevant supervisory authority and affected individuals within 72 hours, as required by GDPR Article 33.
8. International Transfers
If we transfer your personal data outside the EU, we will ensure adequate protection through approved mechanisms, such as:
- Standard Contractual Clauses (SCCs).
- Adequacy Decisions by the European Commission.
9. Your Rights
Under GDPR, you have the right to:
- Access, correct, or delete your personal data.
- Object to the processing of your data for marketing purposes.
- Restrict or request the transfer of your data to another service provider.
- Lodge a complaint with a data protection authority.
To exercise your rights, contact us using the details below.
10. Contact Us
If you have any questions about this policy or wish to exercise your rights, please contact us:
Email: support@hrlocker.com
Phone: +353 1 443 4132
Address:
5th Floor, Connaught House,
One Burlington Road, Dublin 4,
D04 C5Y6, Ireland
Client Privacy Policy
HRLocker Client Privacy Policy Effective Date: 9 December 2024
Introduction HRLocker is committed to protecting the privacy and confidentiality of personal data processed on behalf of its clients. This Client Privacy Policy outlines how we process, store, and protect personal data within the HRLocker platform, in accordance with GDPR and ISO 27001 standards.
1. Scope
This policy applies to all HRLocker clients and their use of the HRLocker SaaS platform. HRLocker acts as a Data Processor, processing personal data on behalf of its clients, who act as Data Controllers.
2. Data We Process
As a Data Processor, HRLocker processes the following types of personal data:
- Employee Data:
- Names, job titles, contact details, employment history, leave records, timesheets, and other HR-related information entered into the platform by the client.
- Administrator Data:
- Names, email addresses, and roles of client administrators.
- System Logs:
- Audit trails and logs of actions performed within the platform for security and troubleshooting purposes.
3. Purpose of Processing
HRLocker processes data solely to:
- Deliver HRLocker services, including leave management, payroll data exports, and HR reporting.
- Maintain and enhance the platform’s functionality, performance, and security.
- Fulfil legal and regulatory obligations, as applicable.
4. Data Retention
- Employee Data: Retained for the duration of the client agreement and deleted upon termination, unless required by law or agreed otherwise.
- System Logs and Backups: Retained for 30 days for security and recovery purposes.
- Administrator Data: Retained for the duration of the client agreement and deleted upon termination unless required for troubleshooting or legal purposes.
5. Data Security
We implement robust measures to protect personal data, including:
- Encryption: Data in transit is secured using HTTPS, and data at rest is encrypted with industry-standard protocols.
- Access Controls: Role-based access ensures only authorized HRLocker personnel can access client data.
- Data Hosting: Data is stored in ISO 27001-certified Microsoft Azure data centres located in the EU.
- Regular Audits: Internal and external audits are conducted to ensure compliance with GDPR and ISO 27001 requirements.
6. Sharing Your Data
We may engage trusted third-party processors to support the delivery and security of our platform, including:
- Microsoft Azure: Provides secure data hosting and backup services.
- HubSpot: Manages customer relationship and communication data for administrators.
All third-party processors are contractually obligated to comply with GDPR and maintain equivalent security standards.
HRLocker does not sell or share personal data with any other third parties unless required by law or with the client’s explicit consent.
7. Data Breaches
In the event of a personal data breach, HRLocker will:
- Take immediate steps to contain and address the breach.
- Notify the client without undue delay and, in any event, within 72 hours of becoming aware of the breach, in compliance with GDPR Article 33.
- Provide all necessary details to assist the client in fulfilling their obligations as Data Controller.
8. Client Responsibilities
As the Data Controller, the client is responsible for:
- Ensuring the lawful collection and input of personal data into the HRLocker platform.
- Managing user access rights within the platform.
- Responding to data subject requests for access, correction, or deletion of their personal data.
- Informing HRLocker promptly of any changes to their data processing activities that may affect compliance.
9. Data Subject Rights
HRLocker does not interact directly with employees whose data is entered into the platform. All data subject rights requests, such as access, correction, or deletion, must be directed to the client (Data Controller).
The client is responsible for managing these requests and ensuring compliance with GDPR. HRLocker will provide technical support to the client if needed to fulfill such requests.
10. International Transfers
If data is transferred outside the EU, HRLocker ensures adequate protection through:
- Standard Contractual Clauses (SCCs).
- Adequacy Decisions: Where the receiving country is deemed to provide adequate data protection by the European Commission.
11. Regular Audits
HRLocker conducts regular internal and external audits to ensure compliance with GDPR and ISO 27001 standards. These audits include:
- Security reviews of data storage and access.
- Evaluations of third-party processor agreements and activities.
- Assessments of data breach response protocols.
12. Updates to This Policy
HRLocker reserves the right to update this policy as necessary to reflect changes in legal, regulatory, or operational requirements. Clients will be notified of any significant changes via email and through the platform’s administrator dashboard.
13. Contact Us
If you have any questions about this policy or need support, please contact us:
Email: support@hrlocker.com
Phone: +353 1 443 4132
Address:
5th Floor, Connaught House,
One Burlington Road, Dublin 4,
D04 C5Y6, Ireland