I’m evaluating HR.my for managing human resources in our company in Spain, and I have a couple of points I would like to clarify:
Data Storage Location: Could you please provide details about where the data is stored? Specifically, is the data stored within the European Union, or is it located in a country that complies with EU data protection regulations (GDPR)? This is critical for us to ensure compliance with Spain’s data protection laws, as personal data must be stored in accordance with the General Data Protection Regulation (GDPR).
Attendance Record Modifications: I understand from your documentation that attendance records can only be added and not modified by employees, and that any missed check-ins or check-outs must be handled by HR. Could you please confirm if this policy is strictly enforced, and if employees are able to request manual adjustments through HR if there are any discrepancies in their attendance records?
I appreciate your help and look forward to your response.
Yes, currently if there is any missed check-in or check-out, an employee will need to request adjustment through HR. You could use Document Workflow to set up such request workflow if you wish.
I am interested in using your HR management application and want to ensure full compliance with European data protection regulations, as required by law, since it’s precisely the law what is forcing us to go digital with this. Our primary concerns stem from the fact that your servers are located in Singapore, which falls outside the European Economic Area (EEE). The General Data Protection Regulation (GDPR) requires us to perform due diligence when transferring personal data internationally.
Could you please help me understand:
How do you ensure GDPR compliance for data transfers to Singapore?
Have you implemented Standard Contractual Clauses (SCCs) or other EU-approved mechanisms for international data transfers?
What specific measures protect our employees’ personal data during storage and transmission?
Your transparent response will help us quickly evaluate HR.my as a potential solution for our HR management needs.Thank you for your understanding and cooperation.
Perhaps you didn’t realize yet, I am the ONLY person maintaining HR.my.
So, I really don’t have such legal resource to study how GDPR works and what SCC is all about. I am really sorry that I am not able to clarify further, as I am clueless about these legal frameworks.
Happy to amuse you XD Considering your tone, with your permission, I’ll be less formal, maybe then it’ll be easier to communicate. I totally understand your lack of resources and I thank you for your work regardless. I myself lack those legal resources as well. I’m just looking for a way in which the company I’m part of, which has barely 2 employees, can fulfill the new Spanish regulations which force us to go digital with these registers. It’d be pointless to do so and then find out we’re in trouble not for not going digital but for not considering GDPR, SCCs, etc. Whatever you can tell me will be of use.
Besides, regarding my other, previously stated, doubt, I’ll ask some questions the AI has recommended. You can take time to answer. Thank you so much for reading and answering so far.
Biometric Data: Does your system use any form of biometric data (such as fingerprints or facial recognition) for attendance tracking? Please note that recent guidelines from the Spanish Data Protection Agency (AEPD) prohibit the use of such systems for time tracking.
Data Retention: European regulations require companies to store attendance records for four years and keep them available for inspection. Can you confirm that your system allows for this extended data retention period? How can we access historical data if needed?
Transparency and Auditability: Regarding the Document Workflow for attendance adjustments:
How does the system ensure transparency in the adjustment process?
Is there an audit trail for all modifications made to attendance records?
Can employees easily access their complete attendance history, including any adjustments?
Employee Access: How can employees view their attendance records and request corrections if necessary?
Thank you again for all your work.
Yes, I do agree that this may be a showstopper here. It’s not really about what features that I could offer, but whether my system could offer compliance under various European legal frameworks.
As I already explained previously, I have not had any chance to study GDPR in detail yet, not to mention that this is my first time to come across the term SCC.
I think your best bet is to keep looking, and either narrow your search to European solutions, or solutions from big MNC corporates that could really accommodate for various legal frameworks worldwide.