Privacy Policy

1. Introduction

Norms HRMS ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Human Resource Management System (HRMS), website, and mobile applications.

By using our services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Employee Information: Name, employee ID, designation, department, contact details, emergency contacts
• Identity Information: Date of birth, government ID numbers (Aadhaar, PAN, etc.), address
• Financial Information: Bank account details, salary information, tax details, provident fund information
• Family Information: Spouse and dependent details for statutory and insurance purposes
• Professional Information: Work history, qualifications, certifications, performance data
• Login Credentials: Username, password, and other authentication information

2.2 Biometric Information

Our face recognition app (Norms Face) collects and processes:

• Facial recognition data for attendance marking
• Facial templates and biometric identifiers
• Fingerprint data (when using integrated biometric devices)

2.3 Location Information

Our mobile applications may collect:

• GPS location data for geo-fenced attendance marking
• Field visit locations and routes (Norms Field app)
• Office and work site locations for attendance validation

2.4 Automatically Collected Information

• Device information (device type, operating system, unique device identifiers)
• Usage data (login times, features accessed, interaction patterns)
• Log files and analytics data
• IP addresses and network information

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 HRMS Operations

• Employee management and organizational structure
• Payroll processing and salary calculations
• Attendance tracking and leave management
• Performance evaluation and goal management
• Statutory compliance (PF, ESI, TDS, Professional Tax)
• Benefits administration and loan management

3.2 Service Delivery

• Providing access to self-service portals
• Generating reports and analytics
• Facilitating communication and notifications
• Customer support and technical assistance

3.3 Security and Compliance

• Identity verification and authentication
• Fraud prevention and security monitoring
• Legal compliance and regulatory reporting
• Audit trails and data integrity

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

4.1 Authorized Sharing

• Employer Access: Your employer has access to your employment-related information
• Statutory Authorities: Government agencies for compliance (PF, ESI, Income Tax, Labor Department)
• Service Providers: Trusted third-party vendors who assist in service delivery
• Legal Requirements: When required by law, court orders, or legal processes

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: Data encryption in transit and at rest
• Access Control: Role-based access with multi-factor authentication
• Data Isolation: Multi-tenant architecture with complete data isolation
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Regular security awareness training for our staff
• Backup and Recovery: Regular data backups and disaster recovery procedures

6. Mobile Application Privacy

6.1 Norms MyHR (Employee Self-Service)

• Collects location data for geo-fenced attendance
• Stores authentication credentials securely
• Downloads payslips and documents for offline access
• Sends push notifications for HR updates

6.2 Norms Field (Field Staff Management)

• Tracks GPS location during field visits
• Stores customer and contact information
• Captures and uploads visit photos
• Records expense data and receipts

6.3 Norms Face (Face Recognition Attendance)

• Processes facial recognition data for attendance
• Stores facial templates securely
• Uses camera permissions for face capture
• Validates location for attendance marking

7. Biometric Data Protection

Special protections for biometric information:

• Consent: Explicit consent obtained before collecting biometric data
• Purpose Limitation: Used only for attendance and identity verification
• Secure Storage: Encrypted storage with restricted access
• Retention Limits: Deleted upon employment termination or consent withdrawal
• No Sharing: Never shared with third parties except as legally required

8. Data Retention

We retain your information for the following periods:

• Employment Records: As per Indian labor law requirements (typically 5-7 years after employment ends)
• Payroll Data: As per tax and statutory requirements (minimum 7 years)
• Biometric Data: Until employment termination or consent withdrawal
• System Logs: Up to 2 years for security and audit purposes
• Marketing Data: Until you opt-out or withdraw consent

9. Your Rights

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data in a structured format
• Consent Withdrawal: Withdraw consent for biometric data processing
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us using the information provided in the "Contact Us" section.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will promptly delete it.

11. International Data Transfers

Your information is primarily stored and processed in India. If we transfer information outside India, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns
• Improve our services

You can control cookie settings through your browser preferences.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

14. Compliance with Indian Laws

This Privacy Policy complies with applicable Indian laws, including:

• Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Personal Data Protection Bill (as applicable)
• Indian labor laws and statutory requirements

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: