Privacy Policy for
Corarl Cloud Human Resource Management System

Last updated 12 April 2022

This privacy policy (the “Privacy Policy”) of Corarl cloud human resource management system is designed to advise you about how Corarl collects, maintains, stores, uses and discloses your Personal Data that you provide and Service, Log, Data that we collect. This Privacy Policy forms part of the Terms and Conditions of Use for Corarl HR. By clicking the “Accept Privacy Policy” button when you first log onto Corarl HR and/or by signing in to your user account, you are accepting the practice described in this Privacy Policy.

At Corarl we take privacy very seriously. We’ve designed our Privacy Policy to ensure that we communicate clearly to you, as clearly as possible, how we handle personal information and data. We strongly encourage you to read this Privacy Policy carefully. It will help you to make a well-informed decision about sharing your personal information with us. The defined terms in this Privacy Policy have the same meaning as in our Terms and Conditions, which you should read together with this Privacy Policy. Below are some additional definitions of terms for your reference.

1. WHAT TYPES OF DATA DO WE COLLECT?

1.1. During the signing of a contract between you and Corarl for the Corarl HR product, we collect your company name, address, payment details
1.2. When you log in to Corarl HR, your IP address, browser type, date, time, and any errors are automatically collected
1.3. While using the features in Corarl HR, the content you enter into Corarl HR to run your business is collected
1.4. When you seek our Support, your email, name, browser information, and content in the chat message is collected
1.5. When you use the feature: Mobile Time Clock GPS in Corarl HR to clock in or out, we collect your Location Data for attendance purpose
1.6. Your email address is collected.

2. HOW DO WE USE YOUR DATA?

We may use your personal information provided for the following:
2.1. To enable your subscription and account to use our service;
2.2. To process your payment for the use of Corarl HR;
2.3. To provide support to you when needed;
2.4. To provide you the features embedded in Corarl HR;
2.5. To inform you regarding updates concerning Corarl HR, its service, Terms and Conditions, and this Privacy Policy;
2.6. To communicate with you;
2.7. To verify your identity; and
2.8. To comply with laws and regulations in applicable jurisdictions.

We may use your non-personally identifiable data to:
2.9. Measure the usage of different features within Corarl HR so that we can make updates and improvements in these features to better suit your needs;
2.10. Provide you with training related to Corarl HR; and
2.11. Otherwise improve Corarl HR.

3. DO WE SHARE YOUR DATA?

3.1. Corarl does not sell or rent your content to any third party. Corarl does securely transmit limited data to third parties who have stringent privacy policies and who safeguard your limited data to provide you support and push notifications.
3.2. Corarl may use third-party services. No more Data than necessary is shared with these services and Corarl assures the third party services used adhere to strict privacy standards.
3.3. Corarl does not disclose, communicate or make any of your or your employees’ Data available to third parties without your permission, unless:
a. it is required or permitted by applicable law or Court’s order; to which we will notify you;
b. we are required to do so in order to meet our obligations to any relevant regulatory authority; to which we will notify you;
c. permission has been granted by the Client’s relevant individual decision-maker.

4. WHAT PERSONAL DATA DO WE STORE OF YOUR EMPLOYEES?

4.1. We securely store such personal data of your employees that you or your company’s representative provide.
4.2. Your employees’ Data stored with us may be the following:
a. Name
b. Date of birth
c. Professional details and fringe benefits
d. Home address
e. Nationality
f. Phone number
g. Email address
h. Banking details
i. Passport id number and national id number
j. We collect fingerprint templates when they migrate them from their fingerprint device to our system or register employee’s fingerprints through our system
k. We collect employee’s time log when they sync or download time log from the device to our system
l. Profiling details (including annual/monthly income, marital status, occupation, residency status, gender, highest completed level of education, photos/images)
4.3. We may also store certain sensitive categories of your employees’ Data. Such categories consist of biometric information (passport copy), medical information (blood types) and religious or philosophical belief.

5. HOW DO WE PROTECT AND SECURE THIS DATA?

5.1. We securely transmit your data by encrypting it to store on our servers which have SSL Certificates and securely protect such information as passwords, bank account information with encryption. Your contact information is also securely stored.
5.2. We understand your HR information is confidential and we take the necessary precautions to ensure your information is not shared or disseminated without your prior approval.
5.3. As part of our business practices, we limit employee access to confidential information, such as: employment history, residential address, salary, bank account information, passport or identification number and limit the use and disclosure of such information to authorized persons only.
5.4. As part of our internal rules and business practices, Corarl’s employees are required to strictly comply with our Privacy Policy while hosting and storing your Data.
5.5. Our employees are trained to handle your Data securely and with utmost respect and confidentiality.
5.6. The security of your Data is important to us and Corarl uses commercially acceptable means to protect it. However, this shall not be interpreted as Corarl’s guarantee for an absolute security of your Data as no method of transmission over the Internet, or method of electronic storage, is 100% secure.
5.7. Corarl uses physical, electronic, technical and administrative safeguards to protect your Personal Data stored on Corarl HR from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5.8. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of your information.

6. HOW DO WE ENSURE THE ACCURACY OF DATA IN CORARL HR?

6.1. As you are the person responsible for entering data into Corarl HR, you are responsible for the accuracy of the information and data you input. Any user can update his/her user information.
6.2. The Admin User has permission to change any Personal Information of any user. If you are the Admin User, then you must ensure that you are authorized to disclose this information to Corarl HR, and that without Corarl HR taking any further steps required by applicable data protection or privacy laws, Corarl HR may collect, use and disclose such information for the purposes described in this Privacy Policy.
6.3. This means that you must take reasonable steps to ensure the individuals concerned are aware of and/or consent to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the individual’s right to obtain access to that information, Corarl HR’s identity, and how to contact Corarl.
6.4. If you observe or believe that your Personal Data stored on Corarl HR and held by us is incorrect, inaccurate, incomplete, out-of-date, irrelevant or misleading, contact your Admin User. If you observe or believe your Personal Data has been modified without your permission and/or knowledge, please immediately notify or advise us by email at Support@Corarl.com. Corarl can assist you to access and correct, update or modify your Personal Data.
6.5. Data of your employees will be deleted from our records when you perform the action to erase any employee’s Data, or 30 days after the termination of our business relationship.
6.6. For Corarl to provide you with support, you must also assist Corarl HR with any requests for information during the support process.

7. WHAT IS OUR COOKIES POLICY?

7.1. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
7.2. You can change your setting to have your browser notify you when you receive a cookie or refuse all cookies. If you do not accept cookies from our website, you may not be able to access some portions of our website and thus not be able to use some functions ordinarily performed by our website.
7.3. We use cookies on our website for the following purposes:
a. To collect information;
b. To improve the user experience on the website;
c. To assist us in monitoring the performance of the website, application;
d. To remember your preferences;
e. To monitor traffic on the website; and
f. To assist the website in functioning properly.

8. WHAT HAPPENS WHEN THIS PRIVACY POLICY IS UPDATED?

We may update this Privacy Policy from time to time. When we update this Privacy Policy, we will revise the “Effective Date” date above. You will also receive an email notification of the updated version.

9. IF YOU HAVE A COMPLAINT ABOUT THIS PRIVACY POLICY OR BELIEVE THERE WAS A BREACH OF DATA OR HAVE A QUESTION, WHO DO YOU CONTACT?

If you have any question, request and/or complaint regarding this Privacy Policy, please contact us by email at Support@corarl.com Our Support team will provide an initial response confirming that we have received your communication within 10 business days, and we will investigate and attempt to resolve your query or complaint within 30 business days of reception of the communication, or a longer period if necessary. Our Support team will inform you if it will be necessary to take more than 30 days to resolve.

10. RIGHTS OF DATA SUBJECTS

As an employee, you have the possibility to claim the following rights regarding the use of your Data. Please direct such claims towards your employer.
10.1. Right to be forgotten
You have the right to request that your employer deletes any Data that we process about you. The Data will be deleted from our records when such action is performed by your employer. If the Data is needed for fulfillment of our contractual duties towards your employer, we will however not delete the information until the Data is no longer needed.
10.2. Right to access
You have, at any time, the right to receive confirmation from your employer as to whether Data concerning you are being processed. You have also the right to access that Data and to receive the following information:
a. The purposes of the processing
b. The categories of Data concerned
c. The recipients or categories of recipients to whom Data have been or will be disclosed
d. The envisaged period for which the personal data will be stored, or the criteria used to determine that period
e. The existence of automated decision-making and profiling
10.3. Right to rectification
You have, at any time, the right to demand us, by submitting your request to your employer, to correct any inaccurate personal data within a month’s time. You have also the right to complete incomplete personal data, taking into account our purposes of the processing, by the means of providing a supplementary statement.
10.4. Right to restriction of processing
You have, instead of demanding us to delete any data, the right to demand us to restrict our processing of your personal data by submitting your request to your employer. This may be achieved if
a. You have reason to believe that the accuracy of the Data is not correct, and the restriction shall be in place during a period that allows us to verify the accuracy of the Data
b. The processing is unlawful but you don’t want us to delete the Data
c. We no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
d. You have objected to processing concerning profiling or automated decision-making, whereby a restriction shall be obtained during the period when we assess whether our legitimate ground for the processing override your legitimate ground.
10.5 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you by directing such objection to your employer. This can be done when the Data is processed as part of automated decision-making, including profiling, and direct marketing, if such processing would be carried out (see “4. What personal data do we store of your employees” above).