Security principles embedded on all system layers

Privacy policy

Personal data

This Privacy Policy governs the manner in which FledgeHR collects, uses, maintains and discloses information collected directly from users (each, a “User”) or entered into the system by companies and organizations (“The Client”) using the FledgeHR app (“Service”). This privacy policy applies to the Service and all products and services offered by FledgeHR.

We may collect personal data and identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, are added by their employer or organisation, place an order, subscribe to the newsletter, fill out a form or use other activities, services, features or resources we make available on our Service.
Users may be asked for, as appropriate, name, email address, mailing address, phone number or profile photo. We will collect personal data from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Service related activities.
We may collect non-personal identification information about Users whenever they interact with our Service. Non-personal identification information may include, but is not limited to, the browser name, operating system, IP address, versions, the type of computer and other technical information about Users device and software.

Information collected by clients

A Client or User may store or upload into the Service Client Data. This includes but is not limited to new user invites, their employees and team members or external parties. FledgeHR has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Client is responsible for providing notice to its employees and users and third persons concerning the purpose for which Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data. In the framework of GDPR FledgeHR is the data processor for such data.

Web browser cookies

Our Service may use “cookies” to enhance User experience. User’s web browser places cookies – small objects of data – on your computer for record-keeping and information tracking purposes. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. Keep in mind that if you do so, some parts of the Service may not function properly.
Session cookies are used to keep track of your authentication, so that you are not required to log in each time you use the Service. Other examples of session cookies are keeping track of which pages and features of the Service you have used, which configuration and view options you have selected, which language you selected and so on, so you can start from where and how you left off.
The Service uses 3rd party partner technologies and analytics services to analyze and improve the Service for you.
By using the Service you agree to the use of cookies in your browser and HTML based e-mails for the purposes outlined above.

How we use collected information

FledgeHR may collect and use Users personal information for the following purposes:

  • To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience. Your data helps us to customize how the user interface and features look like for you, or provide you with tips, hints and training.
  • To improve our Service. We may use feedback you provide to improve our products and services. We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Service. We use it to diagnose and fix problems you might have while using the Service. We do not share this information with outside parties except to the extent necessary to provide the service.
  • To honor our contractual commitments to the Clients and to meet our contractual obligations to our users.
  • To inform you of new features, promotions, contests, surveys or other Service improvement or training activities.
  • To send periodic emails, information and updates, to respond to user inquiries, questions, and/or other requests. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe options in the user profile within FledgeHR app.

We do not sell, trade, or rent Users personal identification information to others.
To improve our Service, we may use generic aggregated anonymized information not linked to any personal identification information regarding visitors and users.

We protect your data

FledgeHR is designed with data protection and security in mind. We perform detailed analysis in all development and hosting phases of the system’s modules taking into account risk assessment, information security and data protection. The output is then applied on all application levels from design documents to low level algorithms and libraries so that information security is embedded in FledgeHR both through our people’s knowledge and through the underlying platform.

Data transmitted and stored in FledgeHR is served to and from your browser under secure connection SSL (Secure Socket Layers)

Where is your data stored

FledgeHR uses Microsoft Azure cloud and Azure SQL database as its native hosting and processing platform coupled with highly scalable and proven web development languages, tools and practices.
Azure is designed by Microsoft with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by various regulations. Read more about Azure security here.

All FledgeHR data is stored on Microsoft Datacenters located in Europe, in Netherlands and Ireland. Read more about Azure locations here.

Managing access and controlling how data is used and accessed

FledgeHR helps ensure that only authorized users with valid credentials can access the data.
The system follows recommended best practices for data protection and authentication, such as using separate accounts to authenticate users and applications. This enables limiting the permissions granted to users and applications and reduces the risks of malicious activity.

The underlying database server of FledgeHR, Microsoft SQL, provides the following built-in solutions that help in achieving greater security.

Azure SQL Database Firewall

When creating a database server in Azure, a firewall is set up to help protect the data. The firewall prevents all access to the database server until explicit access permissions are specified, based on the originating IP address of each request.This allows only necessary services to connect to the database, to ensure full functionality across Azure services.

Row-Level Security

This feature is used to restrict access according to specific user entitlements. We use Row-Level Security to control access to rows in a database table based on the characteristics of the user. In this way, only database users that have a specific need to access data in a database row will be granted that access. For example, every company using FledgeHR can access only those data rows that are pertinent to their setup.

The restrictions are applied every time that data access is attempted from any tier. This makes the security system more reliable and robust by reducing the system’s surface area.

Transparent Data Encryption

Transparent Data Encryption (TDE) addresses the scenario of protecting the data at the physical storage layer. TDE performs real-time encryption and decryption of the database, associated backups, and transaction log files.

This ensures that if these files are moved to another server, they cannot be opened and viewed on that server.

Backups

We rely on Azure’s native automatic database backup processes and we perform additional daily backups, so we can have your data safe and restorable within minutes in case of a major impact on the business continuity.

Your rights

You have the right to object to the processing and collection of your personal data, and to withdraw your consent at any time, except where otherwise determined by applicable law. Whenever you withdraw consent, you acknowledge and accept that this may immediately terminate your use of the Service.
You can request modification, export or deletion of your information, or obtain confirmation if and which data the Service holds about you:
– for Users through FledgeHR app, this can be done in the GDPR requests section
– for external Users, at any time by sending an email to support@fledgehr.com with the Subject line “Personal Data Request”, with your first and last name and the e-mail you have used in the Service. For your protection, we may take steps to verify identity before responding to your request.
You can unsubscribe from e-mails from the Service by logging in to your account and accessing the Personal Settings – Notifications page and applying changes there.

Please note that certain personal information may need to be retained by FledgeHR for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law.
We generally retain personal data for so long as it may be relevant to the purposes identified herein. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.

This provision does not apply to Personal Data that is part of Client Data for which FledgeHR is just the data processor. The Client can be your company, employer,  or your potential employer. In this case, the management of the Client Data is subject to the Client’s own Privacy Policy, and any request for access, correction or deletion should be made to the Client responsible for the uploading and storage of such data into the Service. When and if necessary, FledgeHR support team will assist the Client in processing such requests.  

Your acceptance of these terms

By using the Service, you accept this policy. If you do not agree to this policy, please immediately stop using our Service. Your continued use of the Service following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site or our services, please contact us for more information!