What about Backups?

We understand the importance of regular reliable backups to ensure system availability and continuity; as such, we operate 2 entirely separate backup routines for the purposes of disaster recovery. The first is managed by our hosting partner, Google Cloud Platform, who make a daily back up of all changes and take a full back up once a week. These are stored in their secure data centre over a 2 week rolling period. Additionally, myhrtoolkit take a full daily back up which is stored for 30 days off-site with a different PCI DSS Level 1 service provider. Before this leaves our servers, the back-up is encrypted, transmitted over a secure connection and remains encrypted whilst it is outside our network. Both facilities are based entirely in the EEA. Please note that individual data, records or documents cannot be extracted from this back up.


Do you encrypt my data?

Our certificates are encrypted with 256-bit encryption, and all data that passes between you and our servers is encrypted with industry standard 128-bit encryption.
For further details on how we keep your data secure, please review our Security Statement.


For how long do you retain my data?

In regular use, information is held as long as the Data Controller allows it to be. Tools to edit or delete fields or remove whole user records are provided. Leavers are managed through a secure process allowing different levels of sanitisation or anonymisation.
Following a customer serving notice to terminate their use of myhrtoolkit, an account operates normally until the final day of contract, usually the day before the next monthly invoice would have been issued. During this period we are happy to assist in data extraction.
Customer data is then archived for a further 30 days before all data is deleted rendering it non-recoverable.
Following the archive period, account data then resides in the disaster recovery back up for a further 30 days.
After this point, the only data retained is company level data appropriate for recording the previous existence of our commercial relationship. No personal data is stored.


Stage Period Access
Normal usage Until final day of contract Full
Archive 30 days Can be reinstated on request (fees apply)
Data Recovery back up 30 days No


Do you have a business continuity and disaster recovery plan?

Should the occasion arise, we have plans in place which would allow us to continue providing service to you, these are fully documented and regularly tested.