Strandum Privacy Policy

At Strandum, we prioritise the privacy and protection of your personal data. As a provider of Human Resource Information System (HRIS) software, we are committed to ensuring that the personal data we process is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our services. By using our services, you agree to the terms of this Privacy Policy. We encourage you to read it carefully.

1. Who We Are

Strandum is dedicated to providing efficient HRIS solutions that help businesses manage their human resource processes. Depending on the context in which we handle your personal data, Strandum may act as both a Data Controller and a Data Processor. As a Data Controller, we determine the purposes and means of processing personal data you provide directly to us. As a Data Processor, we process data on behalf of our customers, strictly following their instructions.

2. What Personal Data We Collect

We collect various types of personal data depending on how you interact with us. This may include your name, contact details (such as email and phone number), job title, and organisation details. Additionally, in the context of our HRIS services, we may collect employment-related information such as job titles, payroll and compensation information, performance reviews, time and attendance records, and benefits enrolment data. We also collect technical data, including IP addresses, browser types, operating systems, and usage data. In certain cases, we may process special categories of personal data, such as health information, biometric data, and diversity-related data. This data is collected directly from you, from your employer if they are our customer, or through your use of our services.

3. How We Use Your Personal Data

We use your personal data primarily to deliver, operate, and support our HRIS software and related services. This includes managing your account, authenticating users, and ensuring the security of our platform. We also use your data to communicate with you, respond to your enquiries, and send you service-related notifications and updates. Where you have opted in, we may send you promotional communications about new features, products, and events. Additionally, we analyse usage patterns and feedback to improve our services and develop new features. We also process your data to comply with legal obligations, enforce our terms of service, and protect our rights, as well as the rights of our customers and others.

4. Legal Basis for Processing

The legal basis for processing your personal data depends on the specific context in which we collect it. In many cases, we process your data to fulfil a contract with you, such as providing our HRIS services. In other instances, we process your data based on your consent, particularly for activities like sending marketing communications. We also process data based on our legitimate interests, such as improving our services, provided that these interests are not overridden by your rights and interests. Additionally, we process data to comply with legal obligations.

5. Sharing Your Personal Data

We do not sell your personal data. However, we may share your personal data with third-party service providers who assist us in delivering our services. These providers, which may include cloud hosting services and technical support, are bound by confidentiality agreements and are only allowed to process your data according to our instructions. In the event of a merger, acquisition, or sale of our business, your personal data may be transferred to the acquiring entity. We may also disclose your data if required by law, regulation, or legal process, or if we believe it is necessary to protect the rights, property, or safety of Strandum, our customers, or others.

6. International Data Transfers

As part of our global operations, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards, are in place to protect your data in compliance with GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. After this period, your data will be securely deleted or anonymised. For data processed within our HRIS services, retention periods are determined by the Data Controller, typically your employer. We recommend that our customers define their data retention policies within our system in accordance with applicable legal and regulatory requirements.

8. Your Rights

Under GDPR, you have certain rights concerning your personal data. These include the right to request access to the personal data we hold about you, to request correction of inaccurate or incomplete data, and to request the deletion of your data, subject to certain conditions. You also have the right to restrict processing under certain circumstances, the right to receive your data in a structured, commonly used, and machine-readable format, and the right to have it transferred to another Data Controller. Additionally, you can object to the processing of your data for direct marketing purposes or where the processing is based on our legitimate interests. Where processing is based on your consent, you have the right to withdraw your consent at any time. To exercise any of these rights, please contact us at dataprotection@strandum.com. We may need to verify your identity before processing your request.

9. Data Security

We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits to ensure the ongoing confidentiality, integrity, and availability of your data.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to personalise your experience, analyse usage patterns, and deliver targeted content. Cookies are small text files stored on your device that help us remember your preferences and improve your experience on our website. You can manage your cookie preferences through your browser settings, but please note that disabling cookies may affect your experience on our website.

11. Children’s Privacy

Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. We will notify you of any significant changes by posting the updated policy on our website or through other appropriate communication channels. Your continued use of our services after any changes to this Privacy Policy indicates your acceptance of the updated terms.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at dataprotection@strandum.com.