Myhrtoolkit Limited (“we / us / our”) are committed to protecting and respecting your privacy.
This Privacy Statement (together with our User Guidance and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By using the Application you are accepting and consenting to the practices described in this policy.
Myhrtoolkit Limited is a Limited Company whose address is Unit 18 Jessops Riverside, 800 Brightside Lane, Sheffield S9 2RX.
We provide an online human resources administration system called “myhrtoolkit” (and which can be found at app.myhrtoolkit.com/user_portal) which your employer uses to manage their human resources administration function (the App).
For the purposes of the UK General Data Protection Regulation (UK GDPR), Myhrtoolkit Limited is a data processor of your data.
Your employer is the Data Controller.
These are our (as data processor) primary commitments to you as a user of the App:
Your employer should provide you with a privacy statement setting out the lawful basis on which your personal data is processed.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact your employer first, but if you are not able to resolve the issue, please contact Myhrtoolkit’s DPO using the details set out below.
|Full name of legal entity:||Myhrtoolkit Limited|
|Name or title of DPO:||Chief Information Security Officer|
|Postal address:||Unit 18 Jessops Riverside, 800 Brightside Lane, Sheffield S9 2RX|
|Telephone number:||0345 225 0414|
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
A list of personal data that may be stored on the Application is listed at Appendix One (which we may update from time to time). This may include:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a feature of the App. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We use information held about you in the following ways:
We will only disclose your personal information to third parties:
All information you provide to us is stored on secure servers at a suitable third-party hosting agent within the UK or EEA.
Your personal data should only be held for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. How long your data is stored is largely down to your employer.
When you leave your employer’s employment your employer should mark you as a “leaver” which will delete non-essential items of information including for example your bank details; however other personal data about you will be sorted by your employer until they operate the relevant departed employee delete function.
Following an authorised termination of the agreement between us and your employer, we will delete all personal user data from our servers after 30 days have elapsed. After a further 30 days, this data will be removed from our rolling back up. After this point, we will retain only company level data appropriate for recording the previous existence of our commercial relationship. None of your personal data is stored.
The Application may, from time to time, contain links to and from the websites of partner organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Under certain circumstances, you have rights under UK GDPR in relation to your personal data. These may include the right to:
These rights are complex and subject to the rules set out in the UK GDPR.
While most of these rights are enforceable against your employer (as Data Processor) we have given your employer a commitment that we will assist them to comply with their obligations under the UK GDPR.
As an organisation we take data security very seriously indeed.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The Application is not intended for children and we do not knowingly collect data relating to children.
|Data Field||Detail of data stored|
|Personal details||Name, date of birth, gender, marital status, nationality, DBS no.|
|Employee contact information||Address, telephone, email, skype|
|Emergency contact info||Name, address, telephone, notes, relationship to user|
|Work details||Location, Department, Job title & description, employee no.|
|Start date||Date of joining the organisation|
|Leaving date||Date the user is leaving / left the organisation|
|Holiday information||Entitlement, dates, historical records, related payments, reasons for refusal, related correspondence.|
|Pay information||Pay rate, frequency, dates of variations, associated documents, PAYE form, Payroll no. WTR opt in / out status.|
|National Insurance No.||NI Number|
|Disciplinary information||Dates, status as per ACAS levels, expiry dates, associated documents|
|Sickness Information||Historical records including dates, related payments (SSP / CSP), Bradford score, reasons for absences, managers & employees’ notes, related documents.|
|Other Absence||Type of absence, relevant dates, duration of absence, associated notes|
|Contractual documentation||Employment related documents, date of upload, open and read status|
|Identification documents||Documentation provided by user to prove right to work e.g. EU passport, visa etc.|
|Appraisal / Performance||Dates, completed documents, user and manager comments, repeat pattern|
|Training Information||Dates, courses completed, qualifications, time, CPD points, user & manager comments|
|Hours of Work inc part time status and WTR||Working pattern, part time status, change dates, associated notes and documents|
|Career history||Job titles with associated dates and notes|
|Health and Safety related information||Accident records, customer generated form data, worker status e.g. young worker.|
|File Notes||Notes & documents entered by a manager relating to the User|