Who we are
Based in Sheffield, Myhrtoolkit Ltd was founded in 2005 and has traded continuously since then. We have a current establishment of 13 people, delivering the myhrtoolkit online hr system – which is specifically designed for small and medium sized businesses. You can read more about the company and the business by visiting https://www.myhrtoolkit.com/
Who controls the data?
All personal user data collected remains under the control of our individual customers who act as the data controller. Through the tools provided by the myhrtoolkit system, data controllers have sole control of all data which is added to the system and which individual functions of the system are used or not. The responsibility for establishing the lawful bases for processing rests with the data controller. There is a useful whitepaper here
. In relation to our customer facing business, myhrtoolkit act as data processor and do control data added or removed from the system.
What data is held?
GDPR relates only to personal information, and it is highly likely that not all data added will be personal information. As the data controller, each individual customer is responsible for the personal (and all other) data added to the Toolkit.
Users can add and change personal information about themselves. There is a corresponding notifications to alert management to such changes. Access controls are provided to allow customer control of who has access to what. We recommend using these and being aware of who can add what.
It is the responsibility of data controllers to establish the appropriate lawful bases for processing of any personal information which they choose to input into myhrtoolkit.
Where is our data held?
All customer data is hosted wholly within the EEA within a data centre certified to ISO 27001.
Are you regulated?
Yes, by the Information Commissioner’s Office (ICO) as Data Processors.
Do you have a Data Protection Policy?
Please follow the link in our Privacy and GDPR portal /privacy/
Do you share my data with anyone?
We do not routinely disclose personal information to third parties outside of myhrtoolkit. The only circumstances in which we will disclose such information to third parties would be where either:
- Myhrtoolkit Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
How can I get information about me corrected?
In relation to access or requests for corrections, given the nature of our system and its integrated tools, we provide data controllers with the ability to rectify the data under their control. Should any questions arise about usage, our service desk is always happy to help.
How do I raise a data security or privacy issue?
All enquiries and complaints in relation to data protection or privacy matters should be addressed to Data Protection, myhrtoolkit, 233 Edmund Road, Sheffield, S2 4EL, or by email via [email protected]
Who has access to our data?
Do you sub-contract any services to 3rd parties?
We work with several trusted partners:
How do you control who at Myhrtoolkit has access to my data?
What about Backups?
We understand the importance of regular reliable backups to ensure system availability and continuity; as such, we operate 2 entirely separate backup routines for the purposes of disaster recovery. The first is managed by our hosting partner, Google Cloud Platform
, who make a daily back up of all changes and take a full back up once a week. These are stored in their secure data centre over a 2 week rolling period. Additionally, myhrtoolkit take a full daily back up which is stored for 30 days off-site with a different PCI DSS Level 1 service provider. Before this leaves our servers, the back-up is encrypted, transmitted over a secure connection and remains encrypted whilst it is outside our network. Both facilities are based entirely in the EEA. Please note that individual data, records or documents cannot be extracted from this back up.
Do you encrypt my data?
Our certificates are encrypted with 256-bit encryption, and all data thtat passes between you and our servers is encrypted with inductry standard 128-bit encryption.
For further details on how we keep your data secure, please review our Security Statement, www.myhrtoolkit.com/security-statement/
For how long do you retain my data?
In regular use, information is held as long as the Data Controller allows it to be. Tools to edit or delete fields or remove whole user records are provided. Leavers are managed through a secure process allowing different levels of sanitisation or anonymisation.
Should a customer decide that they no longer wish to use the myhrtoolkit system, their account and all user data is archived customer data for a further 30 days before deletion from the live system. Following the archive period, account data then resides solely in the disaster recovery back up for a further 30 days before being finally deleted.
Do you have a business continuity and disaster recovery plan?
Should the occasion arise, we have plans in place which would allow us to continue providing service to you, these are fully documented and regularly tested.