GDPR Compliance

  • Home
  • GDPR Compliance

GDPR Compliance

Effective Date: 01-01-2022

SignalHRM (“we,” “us,” or “our”) takes data privacy seriously and is committed to protecting and respecting your privacy rights in compliance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement describes the principles, processes, and security measures that SignalHRM has established to handle personal data responsibly, transparently, and lawfully.

1. Scope of Data Collection



To provide our Human Resource Management System services effectively, SignalHRM collects and processes certain personal data from users and clients, which includes:

  • Identification Data: Such as names, job titles, phone numbers, and email addresses, primarily to facilitate HR and team management within the platform.
  • HR and Employment Data: Including attendance records, employee performance data, salary information, and leave details. This information is provided by our clients (employers) to manage their workforce.
  • System Usage Data: Including IP addresses, device information, and user interaction data, used for diagnostics, service improvement, and enhancing user experience.

We are committed to minimizing data collection to only what is necessary and relevant to the services provided by SignalHRM.

2. Purpose and Legal Basis for Processing Personal Data



SignalHRM processes data solely for specified, legitimate purposes, including but not limited to:

  • Service Delivery: Processing is essential for performing the contractual obligations of providing HR management services to clients.
  • Service Improvement: Usage data helps us to optimize the platform’s functionality and user interface.
  • Security and Compliance: Processing is conducted to comply with legal obligations, resolve disputes, and enforce our agreements.

Under GDPR, we rely on the following legal bases for processing:

  • Performance of Contract: Data processing is necessary to fulfill the terms of the service contract.
  • Legitimate Interests: When processing is required to serve the business interests of SignalHRM or its clients, provided it does not infringe on user rights.
  • Consent: We seek explicit consent in cases where it is required by GDPR, and users retain the right to withdraw consent at any time.

3. Data Retention Policy



We retain personal data only for as long as is necessary to meet the purposes outlined in this compliance statement or as required by law. Data retention periods are as follows:

  • Active Accounts: User data is retained as long as the account is active and used for its intended purpose.
  • Account Termination: Upon termination or cancellation of an account, data is either anonymized or deleted based on the user or client’s request, with a retention grace period for regulatory compliance.
  • Backup Retention: Certain data may be retained for a limited period within our backup systems, strictly for recovery purposes, and is securely deleted according to established retention schedules

4. Security Measures to Protect Personal Data



SignalHRM employs comprehensive technical and organizational security measures to protect personal data from unauthorized access, alteration, or disclosure. Security features include:

  • Data Encryption: Both in transit and at rest, to prevent unauthorized access during data storage and transmission.
  • Access Controls: Strict role-based access to data, with authorization limited to essential personnel.
  • Continuous Monitoring: Regular security scans, vulnerability assessments, and threat monitoring to detect and address potential security risks.
  • Incident Response: A structured incident response plan in place to handle any security breaches, including prompt notification to affected users and regulators if required by law.

5. User Rights Under GDPR



SignalHRM recognizes and supports the rights of data subjects under GDPR, including the following:

  • Right to Access: Users can request information regarding the personal data we hold about them, along with a copy of this data.
  • Right to Rectification: Users may request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to Be Forgotten): Users can request deletion of their personal data under circumstances permitted by law.
  • Right to Restrict Processing: Users have the right to request limited processing of their data, allowing storage only.
  • Right to Data Portability: Users are entitled to receive their data in a structured, machine-readable format and may request it to be transferred to another controller.
  • Right to Object: Users may object to processing based on legitimate interests, including profiling, and direct marketing.

To exercise these rights, users should contact SignalHRM at [insert contact email]. We may require identity verification before processing such requests to protect privacy.

6. Data Transfers and International Processing



SignalHRM may transfer data outside of the European Economic Area (EEA) to provide services efficiently, such as hosting services on globally distributed cloud servers. When transferring data internationally, we ensure:

  • Standard Contractual Clauses (SCCs): Transfers are protected under EU-approved SCCs, providing contractual assurances of GDPR-level protections.
  • Adequacy Decisions: We rely on decisions by the European Commission regarding countries deemed to have adequate data protection laws.

7. Use of Third-Party Processors



SignalHRM works with third-party service providers (“processors”) to deliver services effectively. These third parties are carefully selected and bound by data processing agreements to ensure compliance with GDPR standards, particularly regarding:

  • Data Processing Requirements: Third-party processors are required to process data only as instructed by SignalHRM and in compliance with GDPR.
  • Security Measures: Processors must implement equivalent security measures to protect personal data.
  • Confidentiality and Data Access: Only authorized personnel of third-party processors can access data, strictly for the purpose of providing services to SignalHRM.

8. Data Breach Notification



In the event of a data breach, SignalHRM follows an established protocol to respond promptly and effectively:

  • Containment and Investigation: We immediately work to contain and investigate the breach to assess its nature and impact.
  • Notification to Authorities: In compliance with GDPR, we will notify relevant supervisory authorities within 72 hours if the breach is likely to pose a risk to data subjects.
  • Notification to Affected Users: If required, we will inform affected users without undue delay, explaining the nature of the breach, potential impact, and any steps they may need to take.

9. Changes to This GDPR Compliance Statement



SignalHRM may update this GDPR Compliance Statement periodically to reflect changes in our data practices or legal requirements. We will notify users of significant changes and, where necessary, request consent to material updates.

Contact Information

For inquiries regarding data privacy or to exercise your rights, please reach out to our Data Protection Officer at: