Privacy Policy

This policy was last updated on Dec 11th 2024 and is subject to change at any time.

At HRLocker, we provide two distinct privacy policies to ensure transparency and clarity in how we handle data:

  1. Website Privacy Policy: This policy outlines how we collect, use, and protect data from visitors to our website. It covers cookies, analytics, and personal information submitted through forms or surveys.
  2. Client Privacy Policy: This policy is specifically for organisations using the HRLocker platform. It details how we process, store, and secure employee and administrator data on behalf of our clients, aligning with GDPR and ISO 27001 standards.

By maintaining separate policies, we ensure that website visitors and platform users understand how their data is managed in their respective contexts.

Website Privacy Policy

HRLocker Website Privacy Policy
Effective Date: 9 December 2024

Introduction
At HRLocker, we are committed to safeguarding the privacy of visitors to our website (www.hrlocker.com). This policy explains how we collect, use, store, and protect your personal data when you interact with our website.

1. Data We Collect

When you visit our website, we may collect the following types of data:

  • Data You Provide:
    • Information submitted through forms or pop-ups, such as your name, email address, and telephone number.
    • Responses to optional research surveys.
  • Automatically Collected Data:
    • IP address, browser type, and operating system.
    • Details of your visits, including pages viewed, time spent on the site, and referral sources.
    • Cookies and tracking technologies (see Section 5: Cookies Policy).

2. How We Use Your Data

We use the data collected to:

  • Enhance and personalize your experience on our website.
  • Respond to inquiries and provide requested information about our products and services.
  • Send marketing communications, where consent has been provided.
  • Conduct optional research surveys to improve our services.
  • Comply with legal obligations.

3. Sharing Your Data

We may share your data with trusted third-party service providers, including:

  • Google Analytics: To collect website usage data and improve performance.
  • HubSpot: To manage inquiries, email communications, and form submissions.

We may also share your data with legal or regulatory authorities when required by law. All third-party processors are contractually obligated to comply with GDPR and maintain equivalent security standards.

We do not give or sell your personal data to third parties without your consent.

4. Data Retention

We retain personal data:

  • For as long as necessary to fulfill the purposes outlined in this policy.
  • In compliance with applicable legal requirements.
  • For up to 24 months for marketing purposes, after which we will request your permission to retain it.

5. Cookies Policy

Our website uses cookies to enhance your experience. These include:

  • Essential Cookies: Required for the website to function.
  • Analytical Cookies: To understand how visitors interact with our site.
  • Marketing Cookies: For targeted advertisements.

You can manage your cookie preferences through your browser settings or our cookie banner.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption: Data in transit is encrypted using HTTPS protocols.
  • Secure Hosting: Our website is hosted on ISO 27001-certified servers.
  • Access Controls: Role-based access ensures only authorized personnel can access your data.

These measures are aligned with GDPR requirements and ISO 27001 standards for data security.

7. Data Breaches

In the event of a data breach impacting your personal data, we will:

  • Take immediate steps to contain and address the breach.
  • Notify the relevant supervisory authority and affected individuals within 72 hours, as required by GDPR Article 33.

8. International Transfers

If we transfer your personal data outside the EU, we will ensure adequate protection through approved mechanisms, such as:

  • Standard Contractual Clauses (SCCs).
  • Adequacy Decisions by the European Commission.

9. Your Rights

Under GDPR, you have the right to:

  • Access, correct, or delete your personal data.
  • Object to the processing of your data for marketing purposes.
  • Restrict or request the transfer of your data to another service provider.
  • Lodge a complaint with a data protection authority.

To exercise your rights, contact us using the details below.

10. Contact Us

If you have any questions about this policy or wish to exercise your rights, please contact us:
Email: support@hrlocker.com
Phone: +353 1 443 4132
Address: 5th Floor, Connaught House,
One Burlington Road,
Dublin 4,
D04 C5Y6, Ireland

Client Privacy Policy

HRLocker Client Privacy Policy
Effective Date: 9 December 2024

Introduction
HRLocker is committed to protecting the privacy and confidentiality of personal data processed on behalf of its clients. This Client Privacy Policy outlines how we process, store, and protect personal data within the HRLocker platform, in accordance with GDPR and ISO 27001 standards.

1. Scope

This policy applies to all HRLocker clients and their use of the HRLocker SaaS platform. HRLocker acts as a Data Processor, processing personal data on behalf of its clients, who act as Data Controllers.

2. Data We Process

As a Data Processor, HRLocker processes the following types of personal data:

  • Employee Data:
    • Names, job titles, contact details, employment history, leave records, timesheets, and other HR-related information entered into the platform by the client.
  • Administrator Data:
    • Names, email addresses, and roles of client administrators.
  • System Logs:
    • Audit trails and logs of actions performed within the platform for security and troubleshooting purposes.

3. Purpose of Processing

HRLocker processes data solely to:

  • Deliver HRLocker services, including leave management, payroll data exports, and HR reporting.
  • Maintain and enhance the platform’s functionality, performance, and security.
  • Fulfil legal and regulatory obligations, as applicable.

4. Data Retention

  • Employee Data: Retained for the duration of the client agreement and deleted upon termination, unless required by law or agreed otherwise.
  • System Logs and Backups: Retained for 30 days for security and recovery purposes.
  • Administrator Data: Retained for the duration of the client agreement and deleted upon termination unless required for troubleshooting or legal purposes.

5. Data Security

We implement robust measures to protect personal data, including:

  • Encryption: Data in transit is secured using HTTPS, and data at rest is encrypted with industry-standard protocols.
  • Access Controls: Role-based access ensures only authorized HRLocker personnel can access client data.
  • Data Hosting: Data is stored in ISO 27001-certified Microsoft Azure data centres located in the EU.
  • Regular Audits: Internal and external audits are conducted to ensure compliance with GDPR and ISO 27001 requirements.

6. Sharing Your Data

We may engage trusted third-party processors to support the delivery and security of our platform, including:

  • Microsoft Azure: Provides secure data hosting and backup services.
  • HubSpot: Manages customer relationship and communication data for administrators.

All third-party processors are contractually obligated to comply with GDPR and maintain equivalent security standards.

HRLocker does not sell or share personal data with any other third parties unless required by law or with the client’s explicit consent.

7. Data Breaches

In the event of a personal data breach, HRLocker will:

  • Take immediate steps to contain and address the breach.
  • Notify the client without undue delay and, in any event, within 72 hours of becoming aware of the breach, in compliance with GDPR Article 33.
  • Provide all necessary details to assist the client in fulfilling their obligations as Data Controller.

8. Client Responsibilities

As the Data Controller, the client is responsible for:

  • Ensuring the lawful collection and input of personal data into the HRLocker platform.
  • Managing user access rights within the platform.
  • Responding to data subject requests for access, correction, or deletion of their personal data.
  • Informing HRLocker promptly of any changes to their data processing activities that may affect compliance.

9. Data Subject Rights

HRLocker does not interact directly with employees whose data is entered into the platform. All data subject rights requests, such as access, correction, or deletion, must be directed to the client (Data Controller).

The client is responsible for managing these requests and ensuring compliance with GDPR. HRLocker will provide technical support to the client if needed to fulfill such requests.

10. International Transfers

If data is transferred outside the EU, HRLocker ensures adequate protection through:

  • Standard Contractual Clauses (SCCs).
  • Adequacy Decisions: Where the receiving country is deemed to provide adequate data protection by the European Commission.

11. Regular Audits

HRLocker conducts regular internal and external audits to ensure compliance with GDPR and ISO 27001 standards. These audits include:

  • Security reviews of data storage and access.
  • Evaluations of third-party processor agreements and activities.
  • Assessments of data breach response protocols.

12. Updates to This Policy

HRLocker reserves the right to update this policy as necessary to reflect changes in legal, regulatory, or operational requirements. Clients will be notified of any significant changes via email and through the platform’s administrator dashboard.

13. Contact Us

If you have any questions about this policy or need support, please contact us:
Email: support@hrlocker.com
Phone: +353 1 443 4132
Address: 5th Floor, Connaught House,
One Burlington Road,
Dublin 4,
D04 C5Y6, Ireland

Privacy Policy was last modified: December 11th, 2024 by Adam Coleman