Last Updated: 11/02/2024
At PeopleFactor, we are committed to complying with the General Data Protection Regulation (GDPR). This FAQ provides answers to common questions about how we handle personal data and help our customers comply with GDPR requirements.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that governs the collection, processing, and storage of personal data. It gives individuals greater control over their personal information and requires organizations to implement robust data protection measures.
2. What Data Does PeopleFactor Collect?
We collect the following types of data:
- Employee Data: Name, email, phone number, address, job title, employee ID, bank account details, salary information, tax details, and emergency contact information.
- Employer Data: Company name, contact details, billing information, and administrative user credentials.
- Usage Data: IP address, browser type, device information, and usage patterns.
This data is collected through our HRMS platform, mobile apps, and website.
3. Who is Responsible for Employee Data?
Data Controller: Your employer (our customer) is the data controller and is responsible for determining how your personal data is processed.
Data Processor: PeopleFactor acts as a data processor and processes personal data on behalf of your employer in accordance with their instructions.
If you have questions about how your data is handled, please contact your employer directly.
4. How Long is Data Stored?
- We retain personal data only for as long as necessary to provide our services or as required by law.
- After the termination of services, we automatically delete customer data in accordance with our data retention policy.
- Employers may request data deletion at any time by contacting us at support@peoplefactor.in.
5. Who Has Access to Data?
- Employer Representatives: Authorized personnel from your organization who manage employee data.
- Employees: Employees can access their own data through the PeopleFactor platform.
- PeopleFactor Team: Our team may access data only when necessary to provide support or resolve technical issues.
6. Can I Access, Update, or Delete My Data?
During Employment: Please contact your employer to request access, updates, or deletion of your data.
After Employment: Your employer is responsible for managing your data post-employment.
PeopleFactor provides tools and support to help employers fulfill these requests.
7. Is Data Transferred Outside the EU?
- PeopleFactor uses cloud servers located in Asia (Singapore).
- Any transfer of personal data outside the EU is done in compliance with GDPR requirements, including the use of Standard Contractual Clauses (SCCs) or other legal mechanisms.
8. How Does PeopleFactor Ensure Data Security?
We implement the following measures to protect personal data:
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Role-based permissions and multi-factor authentication.
- Regular Audits: Periodic security assessments to identify and address vulnerabilities.
- Incident Response: Procedures to detect and mitigate data breaches.
9. What Are My Rights Under GDPR?
- Access: Request a copy of your personal data.
- Correction: Update or correct inaccurate data.
- Deletion: Request deletion of your data.
- Objection: Object to the processing of your data for specific purposes.
- Portability: Request a transfer of your data to another service provider.
To exercise these rights, please contact your employer.
10. How Can I Contact PeopleFactor?
If you have questions about GDPR or our data practices, please contact us at:
