1300 760 050 info@yourhrsystem.com

Data Protection and IT Security

Data protection and information security are key elements of Your HR System’s products and services. Protecting your data and earning your trust is pivotal to us.

General Information on Data Protection

How do I report a security issue to Your HR System?

Please send an email to support@yourhrsystem.com

Suggested information to provide (where applicable):

  • URL where the issue was detected
  • Your company name and the user name affected
  • Type of affected data
  • Mobile device / operating system information
  • Information on how issue can be reproduced

 

How does Your HR System otherwise ensure that employees handling orders are familiar with the legal requirements on data protection?

All Your HR System employees are bound to data secrecy and data protection in general and are made aware of the consequences of any breach. We run training and awareness programs regarding the handling of personal details, as well as data protection, on a regular basis.

What happens if there is a data breach at Your HR System?

In the unlikely event of a data breach at Your HR System, if personal data of a customer is affected and the breach is likely to entail a risk to the rights and the freedom of the customer’s staff, Your HR System will immediately notify the customer concerned, so as to enable them to fulfill their legal obligation to inform the regulatory authority and the individuals concerned.

Has the application been developed in accordance with the stipulations for data protection by design and by default?

Yes, data protection is an integral element of our product strategy. Therefore, even at the development stage of our features we carefully respect principles such as data economy and use state-of-the-art measures to ensure an adequate level of protection.

Availability & Capacity

What does Your HR System do to ensure availability of the system?
Your HR System focuses in particular on the geo-redundant design of the server infrastructure ensuring high levels of availability if and when regions are to go down.

Confidentiality & Integrity

Where is the data stored?
Your HR System uses the services of Microsoft Azure for hosting its software. All data is stored in Microsoft Azure data centres hosted within Australia, with the exception of Authentication details, which are stored in a Microsoft Azure data centre hosted in Europe.
Who at Your HR System and its service providers has access to customer data?
As a general rule, neither staff at the data centres nor at Microsoft Azure employees have access to your data. As far as Your HR System is concerned, only our DevOps Team (in charge of servers) and our Product Team as well as the HR Consultants (in charge of customers’ systems) will access data as and when necessary. This will be necessary to assist with the initial creation of an account as well as the processing of service enquiries. Access rights are granted on a need-to-know basis and documented. In addition, access to customers’ systems is logged.

Purpose Limitation

Who owns the data?
The customer is and remains the owner and controller of the data.
What happens to the data if a customer terminates the agreement or Your HR System goes out of business?
Upon termination of the business relationship, individuals authorized accordingly by the customer can request delivery of the data in a machine-readable format. 30 days after termination of the agreement, the data shall then be irrecoverably deleted. In the unlikely event of Your HR System going out of business, this procedure remains on principle unchanged, as the customer is the owner of the data and Your HR System is merely an order processor and can/will thus not dispose of the personal data in any other way.

Recoverability

Are backups done on a regular basis or do we have to back up our own data?
Your HR System has implemented a backup strategy for customer data and documents stored on its data centers according to the state of the art in order to guarantee adequate availability. This means that it is not necessary for the customer to carry out own backups. Regular restore tests are carried out to ensure that the backups have been stored properly and can be restored if necessary.
What happens to the customer data in case of a total failure of our system, e.g. by force majeure or similar events?
In the unlikely event of a total failure of the system, the redundant structure of the data centers (productive and backup data) ensures that your data is not lost. In this case, we will ensure fastest-possible recovery in accordance with our disaster recovery strategy.

Encryption

Is the data encrypted for transmission?
Yes, any personal data that the Your HR System application transmits to a client or other platforms must be encrypted using Transport Layer Security (TLS), specifically HTTPS. This requires for a secure connection to be established between the two communicating partners (client and server) before any data can be transmitted.