Privacy policy: myhrtoolkit users

Privacy Statement (users)

Myhrtoolkit Limited (“we / us / our”) are committed to protecting and respecting your privacy.
 
This Privacy Statement (together with our User Guidance and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
 
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
 
By using the Application you are accepting and consenting to the practices described in this policy.
 

Who are we?

 
Myhrtoolkit Limited is a Limited Company whose address is Unit 18 Jessops Riverside, 800 Brightside Lane, Sheffield S9 2RX.

We provide an online human resources administration system called “myhrtoolkit” (and which can be found at app.myhrtoolkit.com/user_portal) which your employer uses to manage their human resources administration function (the App).
 
For the purposes of the UK General Data Protection Regulation (UK GDPR), Myhrtoolkit Limited is a data processor of your data.
 
Your employer is the Data Controller.
 

Our commitments as data processor

 
These are our (as data processor) primary commitments to you as a user of the App:
 

  • We will only use your personal data in a manner consistent with the law;
  • We have entered into a written contract with your employer that confirms that we will comply with all provisions of the UK GDPR (as a Data Processor of your personal data), in particular to:
    • only act on the written instructions of the controller;
    • not use a sub-processor without the prior written authorisation of the controller;
    • to co-operate with supervisory authorities (such as the ICO);
    • to ensure the security of the processing;
    • to keep records of its processing activities; and
    • to notify any personal data breaches to the controller.
  • The data collected about you personally is not accessed, used, amended or exploited by Myhrtoolkit Limited except for very good reason, and only as set out in this policy;
  • We will not use your personal data for marketing any services to you. We may in the future (although we currently do not do so) recommend related human resources services to certain individuals in your organisation which might include you; and
  • We will not share your personal data with any third party without your explicit consent (and currently we do not share your data with any third party at all except the authorised sub processors, see below);
  • We will assist your employer (the Data Controller) to comply with your rights under the UK GDPR;
  • We do not transfer your personal data outside the UK or the European Economic Area (EEA), unless highlighted in our 3rd party supplier list.

 
Your employer should provide you with a privacy statement setting out the lawful basis on which your personal data is processed.
 

Data Protection Officer

 
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact your employer first, but if you are not able to resolve the issue, please contact Myhrtoolkit’s DPO using the details set out below.
 

Full name of legal entity: Myhrtoolkit Limited
Name or title of DPO: Chief Information Security Officer
Email address: dataprotection@myhrtoolkit.com
Postal address: Unit 18 Jessops Riverside, 800 Brightside Lane, Sheffield S9 2RX
Telephone number: 0330 236 8399 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
 

Information collected on the Application

 
A list of personal data that may be stored on the Application is listed at Appendix One (which we may update from time to time). This may include:
 

  • Information you or your employer enters into the Application.
    This is information about you, that you or your employer or other employees or your employer’s authorised contractors enter into the Application or by corresponding with us by phone, e-mail or otherwise. This may include some or all of the employment and personal information set out at Appendix One.
  • Information we collect about you.
    With regard to each of your visits to our Application we will automatically collect the following information:
    • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your user agent, browser type and version, operating system and platform;
    • information about your visit, including the date and time, IP address, full Uniform Resource Locator (URL) and referring URL.
    • We may also record a history of data changes including audit trails.
  • Information we receive from other sources.
    Whilst we currently do not do so, we may in the future work with other data processors who work with your employer. For example, we may use API technology to connect to other third party online systems used by your employer (such as payroll).
  • Cookies.
    Our website requires cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and allows us to improve our services. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

 
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a feature of the App. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
 

Uses made of the information

 
We use information held about you in the following ways:
 

    1. Information you give to us.
      We will use this information:
      1. to carry out our obligations arising from the contract entered into between us and your employer to process information related to your employment;
      2. to notify you about changes to our service;
      3. We may use Aggregated Data to analyse trends or provide business data to us, your employer or other employers. For example, we do not currently, but we may in the future collect data across all clients and users to establish “industry wide” levels of sickness absence;
      4. To establish who logged in to the Application and when;
      5. To ensure the security of the Application if and when appropriate;
      6. To maintain the Application and correct bugs if and when they arise;
      7. to ensure that content from the Application is presented in the most effective manner for you and for your computer; and
      8. in any other circumstance where we have your explicit consent or where we are unable to get your consent, the circumstances urgently require it to ensure or uphold data security.

 

  1. Information we collect about you.
    We will use this information:
    1. to administer the Application and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    2. to improve the Application to ensure that content is presented in the most effective manner for you and for your computer;
    3. to allow you to participate in interactive features of our service, when you choose to do so;
    4. as commercial intelligence to help keep the Application safe and secure;
    5. to make suggestions and recommendations to you and other users of the Application about goods or services that may interest you or them.

 

Disclosure of your information to third parties

 
We will only disclose your personal information to third parties:

  • If Myhrtoolkit Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • Where we use Authorised Third Parties to process your data. In such cases we carefully audit such providers and use only industry leading providers. A list of Authorised Third Parties is available on request and can be found on the website.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use.

 

Where we store your personal data

 
All information you provide to us is stored on secure servers at a suitable third-party hosting agent within the UK or EEA.
 

Disposal of Information

 
Your personal data should only be held for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. How long your data is stored is largely down to your employer.
 
When you leave your employer’s employment your employer should mark you as a “leaver” which will delete non-essential items of information including for example your bank details; however other personal data about you will be sorted by your employer until they operate the relevant departed employee delete function.
 
Following an authorised termination of the agreement between us and your employer, we will delete all personal user data from our servers after 30 days have elapsed. After a further 30 days, this data will be removed from our rolling back up. After this point, we will retain only company level data appropriate for recording the previous existence of our commercial relationship. None of your personal data is stored.
 

Third party sites and links

 
The Application may, from time to time, contain links to and from the websites of partner organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
 

Your legal rights

 
Under certain circumstances, you have rights under UK GDPR in relation to your personal data. These may include the right to:
 

  • request access to your personal data;
  • request correction of your personal data;
  • request erasure of your personal data;
  • object to processing of your personal data;
  • request restriction of processing your personal data;
  • request transfer of your personal data; and
  • withdraw consent.

 
These rights are complex and subject to the rules set out in the UK GDPR.
 
While most of these rights are enforceable against your employer (as Data Processor) we have given your employer a commitment that we will assist them to comply with their obligations under the UK GDPR.
 

Data Security

 
As an organisation we take data security very seriously indeed.
 
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
 
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
 

Changes to our privacy policy

 
Any changes we make to our privacy policy in the future will be posted on the website and, where appropriate, notified to you by e-mail. You should check for updates each time you log in to the App.
 

Children

 
The Application is not intended for children and we do not knowingly collect data relating to children.
 

Contact

 
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to myhrtoolkit, Unit 18 Jessops Riverside, 800 Brightside Lane, Sheffield S9 2RX or via email dataprotection@myhrtoolkit.com.

Appendix One
Data Field Detail of data stored
Personal details Name, date of birth, gender, marital status, nationality, DBS no.
Employee contact information Address, telephone, email, skype
Emergency contact info Name, address, telephone, notes, relationship to user
Work details Location, Department, Job title & description, employee no.
Start date Date of joining the organisation
Leaving date Date the user is leaving / left the organisation
Holiday information Entitlement, dates, historical records, related payments, reasons for refusal, related correspondence.
Pay information Pay rate, frequency, dates of variations, associated documents, PAYE form, Payroll no. WTR opt in / out status.
National Insurance No. NI Number
Disciplinary information Dates, status as per ACAS levels, expiry dates, associated documents
Sickness Information Historical records including dates, related payments (SSP / CSP), Bradford score, reasons for absences, managers & employees’ notes, related documents.
Other Absence Type of absence, relevant dates, duration of absence, associated notes
Contractual documentation Employment related documents, date of upload, open and read status
Identification documents Documentation provided by user to prove right to work e.g. EU passport, visa etc.
Appraisal / Performance Dates, completed documents, user and manager comments, repeat pattern
Training Information Dates, courses completed, qualifications, time, CPD points, user & manager comments
Hours of Work inc part time status and WTR Working pattern, part time status, change dates, associated notes and documents
Career history Job titles with associated dates and notes
Health and Safety related information Accident records, customer generated form data, worker status e.g. young worker.
File Notes Notes & documents entered by a manager relating to the User
data-migration
free data migration
free-support
unlimited free support
mot
3 month MOT