tomHRM is committed to protecting the privacy of individuals who visit our website (“Visitors”) and individuals who register to use the tomHRM Services on behalf of tomHRM Clients (“Users”) (collectively “you” or “your”).
Information we collect about you by the Services
Contact Information (example email address)
You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or customer support team.
We collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.
Device and browser data
We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device.
Information from page tags
We use third party tracking services that employ cookies and page to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by tomHRM or by Users through our Services include page tags that allow the sender to collect information about who opened those emails and clicked on links in them.
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
If you arrive at a tomHRM website or SaaS from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
The categories of personal data of Users are processed
When you register for an account, we collect your first and last name, username, password and email address, company name.
If you make a payment to tomHRM, we require you to provide your billing details, a name, address, postal code, VAT ID, email address and financial information corresponding to your selected method of payment (e.g. a bank account numer or type o payment). If you provide a billing address, we will regard that as the location of the account holder to determine which tomHRM entity with whom you contract.
You can set various preferences and personal details on pages like your „Setting page”. For example, your default language, time zone, format date/time.
If you use our SaaS will also result in us collecting the following data on your behalf:
- Activities data in the SaaS
- Other personal data entered into the SaaS.
The Customer and/or User tomHRM decides the retention period for all personal data that he can control the retention of through the SaaS or that he can provide instructions for under the agreements between Customer and tomHRM.
Strictly necessary cookies. These are cookies that are required for the operation of our Website and Service. They include, for example, cookies that enable you or your Users to log into secure areas of our Website or Service.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website and Service when they are using it. This helps us to improve the way our Website and Service works.
Functionality cookies. These are used to recognise you and your Users when you/they return to our Website. This enables us to personalise our content for you and your Users, greet you and your Users by name and remember your/their preferences.
Targeting cookies. These cookies record your and your Users’ visit to our Website, the pages you and your Users have visited and the links you and your Users have followed. We will use this information to make our Website and the advertising displayed on it (if any) more relevant to your and your Users’ interests. We may also share this information with third parties for this purpose.
If you disable cookies in Your internet browser, somfeatures will be disabled.
The Personal Data we obtain from you and your Users (including, without limitation, Client Data) may be moved to and stored at a destination within the European Economic Area (“EEA”). Staff members operating within the EEA who work for or on behalf of us may process this information. Such staff members may, among other things, be involved in the processing of payment details, the provision of support services and the delivery of your and your Users’ request(s) for us to provide the Service.
The data of anonymous users will be kept for 24 monthswhile data of verified users will be kept for a period of 10 years,counting from the beginning of the year following the year in whichconsent to the processing of personal data was given.
If you hold an account with tomHRM (uses SaaS) we do not delete the data in your account – you are responsible for and control the time periods for which you retain this data. There are controls in your account where you can delete data at the account level (all data in your account) and at the response level.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Google Mountain View, CA,USA: Data storage
Amazon Web Services, Inc.: USA, Data storage and hosting
OVH: France/Poland, Data storage and hosting
Hotjar Limited: Malta, Marketing communications
Slack Technologies Limited: Internal communications
Sendgrid Inc. , CO, USA: Email delivery
Twilio Inc.: Email delivery
Twilio UK Limited: Email delivery
Userengage: Poland, Marketing communications
Łukasz Gruszka Pearnet: programming support&development
LANTAN Grzegorz Czerwiński: administration server support
Access to data controlled by our Users
tomHRM has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her request to the applicable tomHRM Client (the data controller). The Client is able to remove the data without tomHRM involvement, or will request that tomHRM remove the data.
Some of you (in particular, European users) have certain legal rights to obtain information about whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations. We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request).
Rights which you are entitled to are:
Data access rights
Right to restrict processing
Right of Rectification
Right to Erasure (Right to be Forgotten)
Right to object to processing
Right to withdraw consent; and
Data portability rights
The administrator of the data
The administrator of the data indicated in theconsent for the processing of personal data expressed above is ENNOVA Spółka Jawna, ul. Słoneczna 36/50, Elbląg 82-300
Updated: May 25, 2019