Below are the answers to many of the common questions we get asked.
Who we are
Who controls the data?
What data is held?
Users can add and change personal information about themselves. There is a corresponding notifications to alert management to such changes. Access controls are provided to allow customer control of who has access to what. We recommend using these and being aware of who can add what.
It is the responsibility of data controllers to establish the appropriate lawful bases for processing of any personal information which they choose to input into myhrtoolkit.
Where is our data held?
Are you regulated?
Do you have a Data Protection Policy?
Do you share my data with anyone?
We do not routinely disclose personal information to third parties outside of myhrtoolkit. The only circumstances in which we will disclose such information to third parties would be where either:
- Myhrtoolkit Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
How can I get information about me corrected?
How do I raise a data security or privacy issue?
Who has access to our data?
Do you sub-contract any services to 3rd parties?
We work with several trusted partners:
How do you control who at Myhrtoolkit has access to my data?
Do you have a dedicated Data Protection and/or Information Security Officer?
|Name or title of DPO||Managing Director|
|Address||Data Protection, myhrtoolkit, 233 Edmund Road, Sheffield, S2 4EL|
|Telephone||0345 225 0414|
What measures do you have in place to keep my data safe?
How would security incidents affecting our data be formally reported to us?
What about Backups?
Do you encrypt my data?
For further details on how we keep your data secure, please review our Security Statement, www.myhrtoolkit.com/security-statement/.
For how long do you retain my data?
Following a customer serving notice to terminate their use of myhrtoolkit, an account operates normally until the final day of contract, usually the day before the next monthly invoice would have been issued. During this period we are happy to assist in data extraction.
Customer data is then archived for a further 30 days before all data is deleted rendering it non-recoverable.
Following the archive period, account data then resides in the disaster recovery back up for a further 30 days.
After this point, the only data retained is company level data appropriate for recording the previous existence of our commercial relationship. No personal data is stored.
|Normal usage||Until final day of contract||Full|
|Archive||30 days||Can be reinstated on request (fees apply)|
|Data Recovery back up||30 days||No|