Privacy & Security

Your data: How we protect it and what we do with it

1. Introduction

SeamlessHR (“us”, “we”, or “our”) understands the need for privacy in handling your (“Data subject”) personal data. The purpose of this privacy policy (“Policy”) is to explain how, when and why we collect information about individuals, how, for what purposes and on what grounds these ‘Personal Data’ are subsequently processed, who processes them and what rights the individuals have in connection with their personal data.

2. Definitions

2.1. Personal Data: Means any information about a living individual from which that person can be identified. Personal Data as used in this Policy does not include information from which no individual can reasonably be identified, that is to say, anonymous information or personal data rendered anonymous in such a manner that the individual is not, or no longer is, identifiable (de-identified or anonymized information).

2.2. Contact information: This includes any information you provide to SeamlessHR that would allow us to contact you personally, such as your name, address, e-mail, phone number.

2.3. Payment and Financial information: Any information that we need to make payments to you, or on your behalf, including bank details such as bank name and branch, account name and number, etc.

2.4. Demographic information & interests: Any information that describes your demographic or behavioral characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g., postcode/zip code), hobbies and interests, and/or lifestyle information. We use such information to improve the quality of our service offerings.

2.5. GDPR: means General Data Protection Regulation.

2.6. Geolocation Data: When you access certain features on our software such as the Attendance Management feature, we may request for and collect your mobile device’s precise geo-location information each time our software is in use.

2.7. KDPA: means Kenya Data Protection Act.

2.9. NDPA: means Nigeria Data Protection Act.

2.9.1. SeamlessHR/ us/we/our: Means:

2.9.2. Seamless Human Resources Management Technology Ltd if you reside in Kenya;

2.9.3. The Seamless Company if you reside in South Africa.

2.9.4. The Seamless Ltd if you reside in Ghana; or

2.9.5. SeamlesssHR.Com Limited if you reside in Nigeria or any other country not listed above.

2.10. Sensitive Personal Data: Sensitive information includes data relating to race, ethnicity, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual tendencies, or criminal record.

3.0. Application

3.1. This Policy applies to the data processing that takes place through or in connection with;

3.1.1. your use of our software (by “software” we mean computer programs in any form, including local installations such as desktop and mobile applications as well as software in the form of on-demand services such as web and cloud applications);

3.1.2. your visiting, or accessing resources that form part of our website (we shall use the word “Website” to designate any such site); or

3.1.3. your communication or interaction with us.

3.2. This Policy does not apply in relation to other parties’ products, services, websites, resources or activities. When accessing third party sites or applications through us, ensure to read their privacy terms and policies before proceeding.

4. The Information We Collect

We collect various types of information, including Personal Data and other data, through its activities outlined above. Below are details the type of information is collected:

4.1. Profile Information: When registering for an account on the Software, you provide your full name, email, country, and time zone. Additional details like a profile picture, physical address, and phone number may be required. During the sign-up procedure, we may automatically record your internet protocol address (IP address) and an application programming interface token (API token) is automatically generated and stored under your User Account (this is an authentication token that you can use for accessing the Service through other software). Usernames, passwords, and user IDs are also collected and stored for authentication and identification purposes.

4.2. Billing Information: If subscribing to a paid plan, users provide billing details such as the payer’s full name, physical address, email, and optionally VAT number. Payment details are managed by a third-party payment service provider.

4.3. Usage Information: When using our Software or Websites, data like IP addresses, login times, user agent strings, and device information are automatically logged. Feedback features also collect technical data and user information related to service usage. For more information about cookies, please see Clause 7 below.

4.4. Third-Party Information: Users may utilize third-party services that may be integrated with our services, allowing data exchange. Information shared depends on service settings and user permissions.

4.5. Geo-location Data: Certain functionalities in our Software, such as the Attendance Management feature, require geo-location data to operate effectively. We collect both the precise and approximate location of your device, which may include GPS-based, Wi-Fi based, or cell-based location information. You can disable collection of location information by our app at any time in your device location settings. However, this may restrict your access to certain features or functionalities available on our Software.

4.6. Sensitive Personal Data: We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary.

4.7. Other Information: Additional information may be collected from forms, campaigns, support requests, social media interactions, or communications with Us. Records of communications may be retained for support purposes.

5. Geo-location Data

Certain functionalities on our software, such as the Attendance Management feature, require geo-location data to operate effectively. Both precise and approximate location data will be collected only after you grant us permission and while our software is in use. Background collection of location data would only be used where it is necessary for your operation or use of our services.

You may decline to grant permission or turn off location access from your device settings however, this may restrict your access to certain services or functionalities on our Software.

6. Cookies

6.1. When you utilize our web or cloud applications, visit our Websites, or access resources such as files, certain data known as cookies are sent to and stored on your device. Each cookie serves to distinguish you from other Users and visitors to our Websites. Additionally, techniques like web beacons or pixels may be employed, serving purposes similar to some cookies. In this policy, the term “cookie” encompasses all objects delivered through these techniques.

6.2. Cookies serve different purposes and vary in nature. For instance, a “session cookie” exists only temporarily in your device’s memory during your visit to a Website or service session, typically deleted when you close your browser. In contrast, a “persistent cookie” remains on your device until you delete it or it expires. A “secure cookie” is transmitted over an encrypted connection, enhancing security by making it difficult for others to intercept information. Cookies may also be categorized as “first-party” (belonging to us) or “third-party” (belonging to a different entity, such as a service or analytics provider).

6.3. Some cookies associated with your account contain certain profile Information, enabling you to log in and maintain session continuity, thereby enhancing security and ensuring appropriate content delivery. Other cookies help us (or our engaged third parties) recognize and count Website visitors, understand their navigation patterns, track interactions with our applications, and analyze usage behaviors without identifying individual Users. Specific cookies are designed to recognize you upon return visits, enabling us to personalize content and retain your preferences, such as language settings.

6.4. Third-party cookies may gather information about your browsing activities across different websites following your interaction with ours, enabling targeted advertising based on your browsing history.

6.5. Interacting with our online applications, Websites, or resources entails encountering these cookies, which are essential for the proper functioning of our Services and Websites. While you have the option to manage cookies individually, select specific types, or disable them entirely (as guided by your browser tools or support pages), disabling first-party cookies may impair or prevent our Services from operating properly, potentially diminishing your experience on our Websites.

6.6. Tools provided by third-party service providers allow for managing third-party cookies. As the service providers setting these cookies may change over time, please contact us via the details provided at the end of this Policy to inquire about current third-party cookies in use or utilize your browser tools for an overview of cookies we employ.

6.7. Our Services and Websites do not respond to web browsers’ “do not track” signals, and our data processing practices remain unchanged upon receiving such signals.

6.8. Use of cookies is contingent upon your agreement as outlined in this Policy. By accepting this Policy, you affirm that you have the necessary authorization, if using a device that does not belong to you (e.g., an employer’s computer or smart device), to consent on behalf of the device owner to store cookies and retrieve information as described herein.

7. How We Use Your Personal Data

The purposes for which Information is processed and the legal grounds for such processing are varied and depend on the nature of the Information. If Information is anonymous or de-identified, we may collect, use, disclose and otherwise process it for any purpose. Our processing of Personal Data, however, is limited to the purposes set out in this Policy.

8. Condition for Processing Personal Data

To the extent permissible under applicable law, SeamlessHR or any third party acting on its behalf shall only process your personal data if at least one of these conditions are met:

8.1. Consent: This refers to any freely given, specific, informed, and unambiguous indication through a statement or a clear affirmative action that signifies your agreement to the processing of your Personal Data by SeamlessHR. We may share your Personal Information with your explicit consent and deliberate action. For example, if you opt-in to receive newsletters or promotional offers from SeamlessHR and our affiliates, you are giving us permission to send you marketing communications. Likewise, if you sign into the Software under your employer’s subscription, you consent to SeamlessHR sharing your data and reports as may be required by your employer and in accordance with applicable law.

8.2. Contractual and Business Purposes: SeamlessHR utilizes information, including Personal Information provided by you, for various business purposes such as:

8.2.1. Processing registrations for our services or events or requests for information or support;

8.2.2. Provision of our services or use of our Software;

8.2.3. Location data may be processed in the course of using some features on our Software (I.e., attendance verification and time tracking);

8.2.4. Handling orders, billing, implementation, and service improvement;

8.2.5. Conducting internal research for technology development and demonstration;

8.2.6. Maintaining records of transactions and communications;

8.2.7. Performing audits and reporting related to transactions and interactions, including those conducted online;

8.2.8. Sending marketing communications (emails, calls, invitations) as permitted by law or with your consent;

8.2.9. Conducting user surveys, providing customized content, and performing analytics on our websites or app;

8.2.10. Operating, improving, and analyzing our website and services;

8.2.11. Protecting against fraud, economic loss, and ensuring health, safety, and welfare;

8.2.12. Detecting, analyzing, and preventing security incidents and other illegal activities;

8.2.13. Identifying and correcting errors in our systems, websites, or app functionality; or

8.2.14. Using Personal Information for short-term, immediate use within the current interaction, such as contextual ad customization, without disclosing it to other third parties or altering your experience beyond the current interaction.

8.3. Legal Proceedings: We may share your information, including Personal Information, in response to investigations, court orders, legal processes, or to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations posing potential threats to physical safety. This includes violations of SeamlessHR’s Terms of Service or as otherwise mandated by law. If SeamlessHR is legally obligated to disclose your information, we will promptly inform you, if permitted by law, so that you may seek protective measures or other appropriate relief.

8.4. Service Providers: We may also disclose Personal Information to service providers who assist in delivering our Services, such as cloud storage, security, application communications, customer support, backup, and data analytics.

8.5. Merger, Acquisition, and Sale of SeamlessHR: In the event of a merger, acquisition, restructuring, sale of assets, equity, or similar transaction involving SeamlessHR, Personal Information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website about any changes in ownership or use of Personal Information, along with any options you may have regarding your Personal Information. We will make reasonable efforts to ensure that the acquiring entity uses your Personal Information in a manner consistent with our Privacy Notice.

8.6. Other Legitimate Interest: We may also process your Personal Data If it is warranted by our legitimate interests or those of a third party and such interests are not overridden by yours or your fundamental rights.

8.7. Vital interest: processing is necessary to protect the vital interests of the individual or of another natural person.

9. User Rights

You have rights when it comes to our handling of your Personal Data. Those rights include:

9.1. the right to request for access to your Personal Data where those requests are reasonable and permitted by law or regulation. SeamlessHR shall provide reasonable and accessible means for Individuals to submit their requests, which do not have to take any specific form and can be submitted by any method, this process is handled and managed by the Data Protection Office in SeamlessHR,

9.2. the right to request that SeamlessHR erase your Personal Data if it is no longer valid or necessary for the purposes for which it was collected or if it is incomplete or inaccurate,

9.3. the right to rectify or amend inaccurate or incomplete Personal Data,

9.4. the right to withdraw your Consent at any time. This can be initiated by contacting the Data Protection Office of SeamlessHR,

9.5. the right to object to SeamlessHR’s processing of your Personal Data if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation,

9.6. individuals have the right to object to SeamlessHR’s processing of their Personal Data for direct marketing purposes,

9.7. the right to receive your Personal Data in a commonly used and machine-readable format and,

9.8. the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract,

9.9. the right to be subject to automated processing which will significantly affect you.

9.10. the right to lodge a complaint with the National IT Development Agency (NITDA) where you believe our processing of your data violates the requirements of the Nigeria Data Protection Act 2023 (NDPA), Office of the Data Protection Commissioner for KDPA and for GDPR, you can lay a complaint with the Information Commissioner’s Office (ICO).

10. Data Collection Methods

10.1. Electronic Messages: We keep record of your interactions with us via electronic media (such as email, text message, complaint forms etc.) in a secure manner while maintaining accuracy. When necessitated by legal or vital obligations, we archive these communications.

10.2. Hard Copy Forms: We maintain accurate records of the information that you provide to us via hard copy forms in a secure manner. When necessitated by legal or vital obligations, we archive these communications.

10.3. Web Forms: We keep record of your personal details provided via our web portal. Typically, such details are processed for contact, partnerships and recruitment purposes and are kept in a secure manner.

11. Transfer of Personal Data

11.1. Transfer for Service Provision: we employ other companies and individuals to perform functions on our behalf as service providers. Service providers, and their selected staff, are only allowed to access and use your Personal Data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure.

11.2. Disclosure of Personal Data to employers and supervisors: if you are assessing the Software under your employer or supervisor’s license or subscription, we may share some of your personal information and data with your employer or supervisor as the case may be (i.e. time and attendance sheets or records). By using our services under your employer or supervisor’s license, you agree to us disclosing your personal data for this purpose.

11.3. Transfer as a legal requirement: we may share your information with other parties when required by law or as necessary to protect our service. We may also share your information in connection with a transfer of assets, or if we are otherwise involved in a merger or transfer.

11.4. Intra-Company transfers: your Personal Data may be transferred to or accessible by other entities within the SeamlessHR Group. However, these entities will be bound by the terms of this Policy.

11.5. Out of Country Transfer: Your Personal Data may be transferred to a foreign country for storage or processing where it is necessary to do so in line with the permissible conditions defined by the NDPA, KDPA and GDPR. We will ensure that appropriate safeguards are in place to ensure the protection of your Personal Data being stored or processed out of the country.

12. How We Ensure Protection of Your Personal Data

We use appropriate measures (including physical access controls and secure software and operating environments) to keep your Personal Data confidential and secure. SeamlessHR is in compliance with these data protection laws and regulations: NDPA, KDPA and GDPR and this assures that your personal data is collected, managed, processed and stored according to the requirements stated in these regulations. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks.

12.1. Data Retention Policy: We ensure that your personal data is not retained for longer than necessary as determined by our data retention policy to reduce the likelihood/severity of a data breach.

12.2. Personal Data Breach Notification: SeamlessHR will inform relevant authorities and if necessary, affected individuals of personal data breach within 48 hours of being aware of the breach where Personal Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

13. Duration of Personal Data Storage

13.1. We retain your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected and any additional periods required by law. For example, we store your data to fulfill our contractual obligations and exercise our rights under that contract.

13.2. Legal retention periods differ based on the type of information and can be extensive. For instance, Personal Data related to our accounting or taxation (such as Profile Information and Billing Information) must be kept for at least seven years after the primary processing purpose has ended. This typically means seven years after the financial year in which our business relationship with you ended and the last transaction occurred.

14. Changes to this Notice

If we change the way we handle your Personal Data, we will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.

15. Contact Us

If you have any questions about this Policy or our data processing practices, or if you wish to exercise any of your data subject rights concerning the Personal Data we hold, please contact us using any of the contact details below.

Email: dpo@seamlesshr.com.

Phone: +2348090643 874

Physical Address: 8 Metalbox Rd, Ogba, Ikeja 101233, Lagos

16. Summary

16.1. Yes, we do collect Personal Data that you give us.

16.2. No, we won’t email you unless we think it’s really important e.g. to share some relevant updates and information with you.

16.3. Yes, you can opt-out from any communication.

16.4. Yes, we have to share some of that data with some of our service providers to make the solution work (e.g. our support platform).

Last Updated:

July 25, 2024

Information Security is a priority at SeamlessHR. We devote significant resources to ensure the confidentiality, integrity and availability of our data. SeamlessHR is committed to continuously evaluating and improving our policies, standards, processes and information systems in supporting business and customer services, in contributing to operational and strategic business decisions, and in conforming to legal and statutory requirements.

As a modern, forward-looking business, SeamlessHR recognises the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, employees and other stakeholders. In order to provide such a level of continuous operation, SeamlessHR is implementing an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001.

This information security policy forms a key part of our set of controls to ensure that our information is protected effectively and that we can meet our obligations to our customers, employees, and other stakeholders. This policy also states our intent to maintain a secure information-processing environment and to protect information assets.

This policy has been approved and must be communicated to SeamlessHR employees. It will be reviewed and updated annually. The policy will also be updated as and when there is any change in the information-processing environment, which may have an impact on the information risk profile.

Supporting policies for this information security policy include the following:

  • Mobile Device Policy
  • Human Resource Security Policy
  • Asset Management Policy
  • Access Control Policy
  • Cryptography Policy
  • Physical Security Policy
  • Operations Security Policy
  • Communications Security
  • Secure Software Development Policy
  • Supplier Relationships Policy
  • Information Security Incident Management Policy
  • Business Continuity Management Policy
  • Information Security Compliance Policy
  • Remote Work Policy
  • Configuration Management Policy
  • Threat Intelligence Framework
  • Cloud Security Policy
  • Network Security Policy
  • Open-source Software use and Adoption Policy