Privacy Policy

KALPHR ("Company", "we", "our", "us") operates a cloud-based Human Resource Management System (HRMS) designed for corporate organizations. We are committed to protecting personal data and ensuring compliance with applicable Indian data protection laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).

Scope of This Privacy Policy

This Privacy Policy applies to:

• Corporate clients using the KALPHR platform
• Authorized administrators, HR personnel, and users
• Employees whose data is processed within KALPHR
• Visitors to the KALPHR website

This policy does not apply to third-party websites or services linked from KALPHR.

Definitions (As per DPDP Act, 2023)

• Personal Data: Any data about an identifiable individual.
• Sensitive Personal Data: Includes biometric data, financial information, salary details, and official documents.
• Data Principal: The individual (employee or user) to whom personal data relates.
• Data Fiduciary: The organization (client company) that determines the purpose and means of processing personal data.
• Data Processor: KALPHR, which processes personal data on behalf of the Data Fiduciary.

Role of KALPHR

KALPHR acts strictly as a Data Processor.

• The Client Organization is the Data Fiduciary
• KALPHR processes data only on documented instructions of the Client
• KALPHR does not own or control employee data

Categories of Personal Data Processed

Organizational Information

• Company name and address
• Authorized representative details
• Subscription and billing information

Employee Personal Data (Client-Provided)

• Name, employee ID, department, designation
• Contact details (if enabled by the Client)
• Attendance and working hour records
• Leave records
• Payroll and salary-related information

Biometric Data

• Fingerprint or biometric identifiers (where biometric attendance is enabled)

Biometric data is treated as Sensitive Personal Data and processed only for attendance purposes.

Uploaded Documents (Client & Employee Documents)

KALPHR provides functionality for secure uploading, storage, and management of documents related to client organizations and their employees as part of its HRMS services.

Uploaded documents may include, but are not limited to:

• Employee identity proofs
• Appointment letters, offer letters, and employment contracts
• Educational and experience certificates
• Payroll and compliance-related documents
• Company policies, statutory filings, and internal records

Technical & Usage Data

• IP address
• Login timestamps
• Browser and device information
• User activity logs for security, audit, and troubleshooting

Purpose of Data Processing

Personal data, including uploaded documents, is processed solely for:

• HR operations such as attendance, leave, and payroll
• Employee record and document management
• Statutory and compliance requirements
• HR reporting and analytics
• System security, audits, and access control
• Customer support and issue resolution

KALPHR does not use personal data for advertising or unauthorized profiling.

Lawful Basis for Processing

Data processing is carried out based on:

• Consent obtained by the Client Organization from employees
• Legitimate use for employment and HR-related purposes
• Contractual necessity between the Client and KALPHR
• Legal obligations under applicable Indian laws

Biometric Data & Consent

• Biometric data is processed only for attendance tracking
• Client Organizations must obtain explicit, informed consent from employees
• KALPHR does not use biometric data for any secondary purpose
• Biometric data is not shared with third parties

Document Upload Responsibilities

The Client Organization is solely responsible for:

• Ensuring documents uploaded are lawful, relevant, and necessary
• Obtaining employee consent prior to uploading documents
• Verifying accuracy and authenticity of uploaded documents
• Compliance with labor, employment, and data protection laws

KALPHR does not verify the legal validity of uploaded documents.

Access Control & Confidentiality

• Uploaded documents and personal data are accessible only to authorized users of the Client Organization
• Access is governed by role-based permissions
• KALPHR personnel may access data only when required for technical support, security, or legal compliance
• All access is subject to confidentiality obligations

Data Storage & Security Measures

In compliance with Section 43A of the IT Act, 2000, KALPHR implements reasonable security practices, including:

• Role-based access control
• Secure authentication mechanisms
• Encrypted data transmission (where applicable)
• Secure server infrastructure
• Administrative access logging

No electronic system can be guaranteed 100% secure.

Data Retention & Deletion

• Personal data and documents are retained only as long as required for service delivery or legal obligations
• Upon account termination:
  • Data may be retained, archived, or deleted as per contractual terms
  • Clients are advised to download required data before termination

Prohibited Content

Clients must not upload:

• Illegal, obscene, or offensive material
• Content violating intellectual property or privacy rights
• Malware, viruses, or malicious files

KALPHR reserves the right to remove prohibited content and suspend access if misuse is detected.

Data Breach Management

In the event of a personal data or document-related breach:

• KALPHR will notify the Client Organization without undue delay
• Reasonable steps will be taken to mitigate risk and prevent recurrence

Rights of Data Principals (DPDP Act, 2023)

Employees (via their organization) have the right to:

• Access their personal data
• Request correction or updates
• Request erasure (subject to legal obligations)
• Withdraw consent where applicable

Requests may be routed through the Client Organization or emailed to: 📧 kalphrms@gmail.com

Data Sharing & Disclosure

KALPHR may disclose data:

• To authorized personnel of the Client Organization
• To infrastructure or service providers under confidentiality agreements
• When required by law, regulation, or court order

KALPHR does not sell or commercially exploit personal data.

Cross-Border Data Transfers

Where applicable, cross-border data transfers will be conducted in compliance with the DPDP Act, 2023 and applicable safeguards.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. Continued use of the platform constitutes acceptance of the revised policy.

Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India. Courts located in Gujarat, India shall have exclusive jurisdiction.

Contact Information

📧 Email: kalphrms@gmail.com
📍 Location: Mehsana, Gujarat, India