Privacy Policy
Privacy Policy for Yomly Mobile Application
SevenHR Information Technology Consultants LLC t/a Yomly , (we or us) incorporated and registered under licence number 1112114 with registered office at 50 B, Business Central Towers, Al Safouh 2, Dubai Internet City, Dubai, UAE, 214909, United Arab Emirates (“Yomly”).
SevenHR Information Technology Consultants LLC is a wholly owned subsidiary of Seven Solutions Limited (the Group). Seven Solutions Limited is registered in the Virgin Islands under company number 1973978 and registered office at Suite 6 Mill Mall, Wickhams Cay 1, Road Town, Tortola, Virgin Islands.
1. What is the purpose of this document?
- 1.1) We are committed to protecting and respecting your privacy. This privacy notice sets out the basis on which any personal data we collect about our customers and clients all users of our site (you), or that you provide to us through Yomly mobile application and Yomly web application.
- 1.2) We are a data processor. This means that we store data that you provide, maintaining security of the data that you have entrusted to us. We do not decide which data to be added to the Yomly platform and will not process it without a request from you, the client..
- 1.3) Please read this privacy notice carefully to understand what we do with your personal data and what rights you have in relation to our activities.
- 1.4) This privacy notice applies to our Clients, contractors, visitors to our site including employees, officers and representatives of Clients to whom we provide services.
- 1.5) We do not provide this data to any third-parties (subprocessors) unless under direct instructions from you, the client.
2. What is personal data and our lawful basis for processing
- 2.1) Personal data means any information relating to an individual from which that person can be identified. There are special categories of more sensitive personal data which require a higher level of protection (see further at section 4, below).
- 2.2) We will only use your personal data when the law allows us to. Our principal lawful basis for processing is set out in the table below. However, some of our grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
- 2.3) We may only rely on our legitimate interests (or those of a third party, such as our Clients) to process your personal data, if your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we have set out the relevant interests, below
- 2.4) We will only use your personal data for the purpose or purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose(s).
- 2.5) Please note that we may process your personal data without your knowledge or consent where this is required and permitted by law. (for example to fulfill a request from law enforcement).
- 2.6) We process personal data on behalf of our Clients, as a data processor. It is the client’s responsibility to make requests in line with their own policy and privacy notification
3. Personal data we collect from you and about you and how our use complies with the law
1 | Personal data we collect from clients | ||
Personal data | How we use your personal data | How our use complies with the law | |
For client contacts (including employees, officers and representatives of the company)We collect name and contact details, including email address, job title and business information relating to your employees’ offices and representatives [salary information, address, identification, document certification]. | To provide you with services and to manage the relationship between us. | Because it is necessary to perform the SaaS contract we have agreed with you. | |
Location Data. This is collected from the mobile application in the background whether the application is opened or closed. | To provide automatic Clock-In and Clock-out at your company defined locations. This requires us to compare your current location with a set of company defined locations and we only record the location and time of event. | If switched off, then you will use manual clock-in and clock-out. If switched off, then you will use manual clock-in and clock-out. |
|
2 | Personal data we receive from third parties | ||
On occasion we may collect personal data from 3rd parties. | To improve the services, we offer to clients. | It is necessary for our legitimate interests to ensure the smooth running of our website. |
4. Sensitive personal data
- 4.1) “Sensitive” or “Special category data” includes information about your health or medical conditions, genetic or biometric data, information about your race or ethnicity, religious or political beliefs or information relating to criminal convictions).
- 4.2) We do not generally process special category data for our own purposes. However, we may process personal data:
- 4.2.1 Relating to a health condition or disability in order to meet our legal obligation to make reasonable adjustments in the provision of our services;
- 4.2.2 Relating to racial or ethnic origin, religious or other beliefs and sexual orientation to ensure meaningful equal opportunity and diversity and inclusion monitoring and reporting. Such information will be anonymised to the fullest extent possible;
- 4.2.3 Where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent;
- 4.2.4 Where it is necessary to establish, exercise or defend a legal claim;
- 4.2.5 Where you have manifestly made the information public; or
- 4.2.6 Otherwise with your explicit consent.
- 4.3) We may process special category information as part of our services to Clients, and we do so in accordance with their privacy notice.
5. Sharing your personal data
- 5.1) We share personal data within the Group.
- 5.2) We share personal data with our Clients for the purposes set out above. Our Clients are data controllers in their own rights of any personal data we share with them, and they are responsible to you for their use of your personal data.
- 5.3) We may share your personal data with third party data controllers where necessary, as follows:
- 5.3.1) Government or law enforcement agencies;
- 5.3.2) Our insurance provider, our professional advisers and our professional indemnity insurance broker;
- 5.3.3) If we sell any business or assets, in which case we may disclose your personal data to the prospective buyer or such business or assets; and
- 5.3.4) We may share your personal data if we have a legal obligation to do so, including (but not limited to) for the purposes of fraud protection and credit risk reduction.
- 5.4) Where we share personal data with other data controllers, they are responsible to you for their use of your personal data and compliance with the law.
- 5.5) If you object to our sharing or continuing to use your personal data with any specific third- party, please contact us at support@www.yomly.com.
- 5.6) We share your personal data with third-party service providers who process it on our behalf (our data processors).
- 5.6.1) The following activities are carried out by third-party service providers on our behalf: IT support and maintenance, cloud service providers, IT hosting services, and confidential waste disposal.
- 5.7) All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We only permit third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
6. Automated decision-making
- 6.1) Automated decision-making takes place when an electronic system uses personal data to make decisions which could have significant effect on the individual, without human intervention.
- 6.2) We do not anticipate using your personal data for automated decision-making, but we update our privacy policy on www.yomly.com if this changes.
7. Data security
- 7.1) We have put in place:
- 7.1.1) Appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- 7.1.2) Procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- 7.2) Any personal data we process is held on secure servers, based within the UK or the European Economic Area (EEA).
- 7.3) We may transfer personal data to any Client or Group companies based outside the UK or the EEA.
- 7.4) If we are required to transfer personal data outside the UK or the EEA, we have put in place appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
8. How long will we keep your personal data for?
- 8.1) We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- 8.2) To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. Your rights
- 9.1) Under certain circumstances, by law you have the right to:
- 9.1.1) Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- 9.1.2) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- 9.1.3) Request erasure of your personal data (known as “the right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- 9.1.4) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- 9.1.5) Request the restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- 9.1.6) Request the transfer of your personal data to another party.
- 9.1.7) Withdraw consent in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we are required to in accordance with another lawful basis which has been notified to you.
- 9.1.8) Complain to the Information Commissioner’s Office if you are unhappy with our use of your personal data. Do contact us straight away if you consider that we are not handling your personal data properly so we can try and remedy the issue.
- 9.2) To exercise any of the above rights, please contact support@localhost/yomly.
- 9.3) You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- 9.4) We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- 9.5) If you request us to delete your personal data or restrict our use of it, we may not be able to provide our services to you.