FindoHR Privacy Policy

This Privacy Policy describes how Hidden Leaf Technologies Private Limited ("Hidden Leaf Technologies," "Company," "We," or "Us"), an Indian company headquartered in Bangalore, Karnataka, India, processes the Personal Data of its Users (Employers) and the Data Principals (Candidates) whose Personal Data is provided by the Users via the FindoHR SaaS Platform ("Platform" or "Service").

1. Introduction and The Role of FindoHR in Data Processing

FindoHR is a data-driven SaaS product designed to help employers find reliable talent by providing predictive analytics and risk assessment to reduce costly employee attrition.

Our Role under the DPDP Act, 2023:

• For User/Client Account Data: We are the Data Fiduciary, as we determine the purpose and means for processing your account login and billing information.
• For Data Principal (Candidate) Data: We primarily act as a Data Processor, processing this data strictly on the instructions and behalf of the User/Employer, who remains the Data Fiduciary and is responsible for obtaining necessary legal consent/notice from the candidate.

By using FindoHR, the User/Employer warrants that they have provided the necessary Notice to the Data Principal (Candidate) regarding the collection, processing, and disclosure of their Personal Data to Us for the purpose of attrition risk assessment, as mandated by the DPDP Act.

2. Categories of Personal Data Collected

We collect two main categories of Personal Data:

A. User/Client Data (Employer Account Data)

This data is provided directly by the User (Employer or HR professional) for account creation and management:

• Identity and Contact Data: Name, job title, company name, business email address, and phone number.
• Authentication Data: Email address used for the OTP login mechanism and account activity logs.
• Financial Data: Billing address, subscription details, transaction history, and payment method details (processed through our third-party payment gateway, Razorpay).
• Administrative Data: Usage and access logs which may be reviewed by Our internal Superadmin portal team for account approval, monitoring, termination, or compliance purposes.

B. Data Principal/Candidate Data (Processed on behalf of the User)

This data is uploaded and provided to Us by the User (Employer) for the purpose of utilizing the FindoHR risk assessment Service:

• Identity Data: Full Name, mobile number, current city, and other unique identity information necessary for the Service's proprietary analytics functions.
• Hiring Data: Application status, interview notes, offer status, and attrition risk scores generated by the FindoHR Platform.

3. Purpose of Processing Personal Data

We process Personal Data for the following specific and lawful purposes:

4. Disclosure and Sharing of Personal Data

We do not sell, rent, or trade the Personal Data we process. We only disclose data in the following circumstances:

• With Third-Party Service Providers: We use Razorpay for handling all payment transactions, including recurring subscriptions. We only share the minimum necessary financial data required for payment processing.
• To Our Algorithms: Candidate Data is shared internally with the FindoHR proprietary algorithms to generate risk scores and alerts.
• For Legal Compliance: We may disclose Personal Data if required by law, court order, or governmental authority to comply with legal processes or protect Our rights, property, or safety, or that of Our Users or the public.
• Internal Superadmin Access: Our designated Superadmin team has secure access to User and Candidate Data only when necessary for technical support, account termination, security auditing, or compliance monitoring.

5. Data Security, Retention, and International Transfer

Data Security (Security Safeguards)

We implement reasonable technical and organisational security safeguards, as mandated by the DPDP Act, to protect Personal Data from unauthorized access, loss, or disclosure. These include data encryption, access controls, and regular system updates.

Data Retention

We retain Personal Data only for as long as is necessary to fulfil the purposes outlined in this Policy, or as required by law. Candidate Data retention is primarily governed by the Service Agreement with the User/Employer.

Jurisdiction and Cross-Border Transfer

The FindoHR Platform is currently focused on the Indian market. All collected data is primarily stored within data centres located in India. Should we expand globally and data be transferred outside of India, we will ensure compliance with the then-current provisions of the DPDP Act regarding cross-border data transfer mechanisms.

6. Rights of the Data Principal and User

In accordance with the DPDP Act, both the User and the Data Principal (Candidate) have the following rights concerning their Personal Data:

• Right to Information: The right to obtain a summary of the Personal Data being processed and the processing activities.
• Right to Correction and Erasure: The right to request the correction of inaccurate or incomplete data, and the right to request the erasure of data no longer required for the specified purpose.
• Right to Grievance Redressal: The right to have grievances addressed by our designated Grievance Officer.
• Right to Nomination: The right for the Data Principal to nominate another individual to exercise their rights in the event of death or incapacity.

The User/Employer, as the primary Data Fiduciary for Candidate Data, is responsible for addressing these rights from Candidates. We will provide necessary assistance as a Data Processor.

7. Grievance Redressal Mechanism

For any questions, concerns, or grievances regarding the processing of Personal Data or this Privacy Policy, please contact our designated Grievance Officer:

We commit to responding to all legitimate requests and grievances within the timelines prescribed by the Digital Personal Data Protection Act, 2023.