Privacy Policy

This Privacy Policy applies to all the products, services, websites and web application offered by ENNOVA Sp.j.

tomHRM is committed to protecting the privacy of individuals who visit our website (“Visitors”) and individuals who register to use the tomHRM Services on behalf of tomHRM Clients (“Users”) (collectively “you” or “your”).

This Privacy Policy applies to data provided on or through the tomHRM website located at www.tomhrm.com, the tomHRM web application (the „SaaS” – tomhrm.app) owned and operated by tomHRM, and the services offered by tomHRM through the website and SaaS (collectively, the “Services”) and describes tomHRM privacy practices in connection with the use of tomHRM’s website, SaaS and Services.

Information we collect about you by the Services

Contact Information (example email address)
You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or customer support team.

Usage information
We collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.

Device and browser data
We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device.

Information from page tags
We use third party tracking services that employ cookies and page to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by tomHRM or by Users through our Services include page tags that allow the sender to collect information about who opened those emails and clicked on links in them.

Log Data
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

Referral information
If you arrive at a tomHRM website or SaaS from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

The categories of personal data of Users are processed

Registration information

When you register for an account, we collect your first and last name, username, password and email address, company name.

Billing information

If you make a payment to tomHRM, we require you to provide your billing details, a name, address, postal code, VAT ID, email address and financial information corresponding to your selected method of payment (e.g. a bank account numer or type o payment). If you provide a billing address, we will regard that as the location of the account holder to determine which tomHRM entity with whom you contract.

Account setting

You can set various preferences and personal details on pages like your „Setting page”. For example, your default language, time zone, format date/time.

Account information

If you use our SaaS will also result in us collecting the following data on your behalf:

Activities data in the SaaS
Other personal data entered into the SaaS.

The Customer and/or User tomHRM decides the retention period for all personal data that he can control the retention of through the SaaS or that he can provide instructions for under the agreements between Customer and tomHRM.

Cookies

Strictly necessary cookies. These are cookies that are required for the operation of our Website and Service. They include, for example, cookies that enable you or your Users to log into secure areas of our Website or Service.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website and Service when they are using it. This helps us to improve the way our Website and Service works.

Functionality cookies. These are used to recognise you and your Users when you/they return to our Website. This enables us to personalise our content for you and your Users, greet you and your Users by name and remember your/their preferences.

Targeting cookies. These cookies record your and your Users’ visit to our Website, the pages you and your Users have visited and the links you and your Users have followed. We will use this information to make our Website and the advertising displayed on it (if any) more relevant to your and your Users’ interests. We may also share this information with third parties for this purpose.

The use of cookies by our partners and affiliates is not covered by this Privacy Policy. We do not have access or control over those cookies. Our partners and affiliates use session ID and persistent cookies to better gauge interest in our Services.

If you disable cookies in Your internet browser, somfeatures will be disabled.

Stored data

The Personal Data we obtain from you and your Users (including, without limitation, Client Data) may be moved to and stored at a destination within the European Economic Area (“EEA”). Staff members operating within the EEA who work for or on behalf of us may process this information. Such staff members may, among other things, be involved in the processing of payment details, the provision of support services and the delivery of your and your Users’ request(s) for us to provide the Service.

Data retention

The website

The data of anonymous users will be kept for 24 monthswhile data of verified users will be kept for a period of 10 years,counting from the beginning of the year following the year in whichconsent to the processing of personal data was given.

SaaS

If you hold an account with tomHRM (uses SaaS) we do not delete the data in your account – you are responsible for and control the time periods for which you retain this data. There are controls in your account where you can delete data at the account level (all data in your account) and at the response level.

Third-Party Services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Subprocessors

Google Mountain View, CA,USA: Data storage
Amazon Web Services, Inc.: USA, Data storage and hosting
OVH: France/Poland, Data storage and hosting
Hotjar Limited: Malta, Marketing communications
Cloudflare: Security
Slack Technologies Limited: Internal communications
Sendgrid Inc. , CO, USA: Email delivery
Twilio UK Limited: Email delivery
Userengage: Poland, Marketing communications

Access to data controlled by our Users

tomHRM has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her request to the applicable tomHRM Client (the data controller). The Client is able to remove the data without tomHRM involvement, or will request that tomHRM remove the data.

Your rights

Some of you (in particular, European users) have certain legal rights to obtain information about whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations. We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request).

Rights which you are entitled to are:

Data access rights
Right to restrict processing
Right of Rectification
Right to Erasure (Right to be Forgotten)
Right to object to processing
Right to withdraw consent; and
Data portability rights

The administrator of the data

The administrator of the data indicated in the consent for the processing of personal data expressed above is ENNOVA Spółka Jawna, ul. Sadowa 7/13, Elbląg 82-300

Updates Privacy Policy

tomHRM may update this Privacy Policy from time to time, and will notify account holders of significant changes in the way we treat any Personal Information, by sending a notice to the primary email address specified in your tomHRM account. We may also place a prominent notice on our website. You will have an opportunity to opt out of such new or different uses of Personal Information prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Updated: May 19, 2021