Privacy Statement (users)
Myhrtoolkit Limited (“we / us / our”) are committed to protecting and respecting your privacy.
This Privacy Statement (together with our User Guidance and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By using the Application you are accepting and consenting to the practices described in this policy.
Who are we?
Myhrtoolkit Limited is a Limited Company whose address is Edmund House, 233 Edmund Road, Sheffield S2 4EL.
We provide an online human resources administration system called “myhrtoolkit” (and which can be found at https://app.myhrtoolkit.com/user_portal/) which your employer uses to manage their human resources administration function (the App).
For the purposes of the General Data Protection Regulation (GDPR), Myhrtoolkit Limited is a data processor of your data.
Your employer is the Data Controller.
Our commitments as data processor
These are our (as data processor) primary commitments to you as a user of the App:
- We will only use your personal data in a manner consistent with the law;
- We have entered into a written contract with your employer that confirms that we will comply with all provisions of the GDPR (as a Data Processor of your personal data), in particular to:
- only act on the written instructions of the controller;
- not use a sub-processor without the prior written authorisation of the controller;
- to co-operate with supervisory authorities (such as the ICO);
- to ensure the security of the processing;
- to keep records of its processing activities; and
- to notify any personal data breaches to the controller.
- The data collected about you personally is not accessed, used, amended or exploited by Myhrtoolkit Limited except for very good reason, and only as set out in this policy;
- We will not use your personal data for marketing any services to you. We may in the future (although we currently do not do so) recommend related human resources services to certain individuals in your organisation which might include you; and
- We will not share your personal data with any third party without your explicit consent (and currently we do not share your data with any third party at all except the authorised sub processors, see below);
- We will assist your employer (the Data Controller) to comply with your rights under the GDPR;
- We do not transfer your personal data outside the European Economic Area (EEA) at all.
Your employer should provide you with a privacy statement setting out the lawful basis on which your personal data is processed.
Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact your employer first, but if you are not able to resolve the issue, please contact Myhrtoolkit’s DPO using the details set out below.
|Full name of legal entity:||Myhrtoolkit Limited|
|Name or title of DPO:||Managing Director|
|Email address:||[email protected]|
|Postal address:||Edmund House, 233 Edmund Road, Sheffield S2 4EL|
|Telephone number:||0345 225 0414|
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information collected on the Application
A list of personal data that may be stored on the Application is listed at Appendix One (which we may update from time to time). This may include:
- Information you or your employer enters into the Application.
This is information about you, that you or your employer or other employees or your employer’s authorised contractors enter into the Application or by corresponding with us by phone, e-mail or otherwise. This may include some or all of the employment and personal information set out at Appendix One.
- Information we collect about you.
With regard to each of your visits to our Application we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your user agent, browser type and version, operating system and platform;
- information about your visit, including the date and time, IP address, full Uniform Resource Locator (URL) and referring URL.
- We may also record a history of data changes including audit trails.
- Information we receive from other sources.
Whilst we currently do not do so, we may in the future work with other data processors who work with your employer. For example, we may use API technology to connect to other third party online systems used by your employer (such as payroll).
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a feature of the App. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Uses made of the information
We use information held about you in the following ways:
- Information you give to us.
We will use this information:
- to carry out our obligations arising from the contract entered into between us and your employer to process information related to your employment;
- to notify you about changes to our service;
- We may use Aggregated Data to analyse trends or provide business data to us, your employer or other employers. For example, we do not currently, but we may in the future collect data across all clients and users to establish “industry wide” levels of sickness absence;
- To establish who logged in to the Application and when;
- To ensure the security of the Application if and when appropriate;
- To maintain the Application and correct bugs if and when they arise;
- to ensure that content from the Application is presented in the most effective manner for you and for your computer; and
- in any other circumstance where we have your explicit consent or where we are unable to get your consent, the circumstances urgently require it to ensure or uphold data security.
- Information we collect about you.
We will use this information:
- to administer the Application and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the Application to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as commercial intelligence to help keep the Application safe and secure;
- to make suggestions and recommendations to you and other users of the Application about goods or services that may interest you or them.
Disclosure of your information to third parties
We will only disclose your personal information to third parties:
- If Myhrtoolkit Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- Where we use Authorised Third Parties to process your data. In such cases we carefully audit such providers and use only industry leading providers. A list of Authorised Third Parties is available on request and can be found on the website.
Where we store your personal data
All information you provide to us is stored on secure servers at a suitable third-party hosting agent within the EEA.
Disposal of Information
Your personal data should only be held for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. How long your data is stored is largely down to your employer.
When you leave your employer’s employment your employer should mark you as a “leaver” which will delete non-essential items of information including for example your bank details; however other personal data about you will be sorted by your employer until they operate the relevant departed employee delete function.
Following an authorised termination of the agreement between us and your employer, we will delete all personal user data from our servers after 30 days have elapsed. After a further 30 days, this data will be removed from our rolling back up. After this point, we will retain only company level data appropriate for recording the previous existence of our commercial relationship. None of your personal data is stored.
Third party sites and links
The Application may, from time to time, contain links to and from the websites of partner organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your legal rights
Under certain circumstances, you have rights under GDPR in relation to your personal data. These may include the right to:
- request access to your personal data;
- request correction of your personal data;
- request erasure of your personal data;
- object to processing of your personal data;
- request restriction of processing your personal data;
- request transfer of your personal data; and
- withdraw consent.
These rights are complex and subject to the rules set out in the GDPR.
While most of these rights are enforceable against your employer (as Data Processor) we have given your employer a commitment that we will assist them to comply with their obligations under the GDPR.
As an organisation we take data security very seriously indeed.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The Application is not intended for children and we do not knowingly collect data relating to children.