Privacy Policy
Your trust is the foundation of our HR ecosystem. We are committed to protecting the sensitive data of Philippine organizations and their workforce.
01. Data Collection
GrootHR collects information necessary to provide comprehensive human resource and payroll management services. This includes personal identification information for employees and administrators, such as full names, birthdates, government ID numbers (SSS, PhilHealth, Pag-IBIG, TIN), and contact details.
Information we collect directly:
- ✓Employment history and position details for payroll computation.
- ✓Financial information including bank account details for direct deposit.
- ✓Biometric or attendance data provided via integrated time-keeping hardware.
- ✓Location data when clocking in via GPS or against a client site geofence for Official Business.
02. Use of Information
Your information is the engine of your HR operations. We use the collected data strictly for the following purposes:
Payroll Processing
Calculating salaries, tax withholdings, and government contribution remittances.
Compliance Reporting
Generating mandatory reports for DOLE, BIR, and other Philippine regulatory bodies.
We do not sell or rent your personal data to third parties. We only share data with authorized government agencies as required by Philippine law or with verified service providers who assist in our core platform operations.
03. Data Security
Government-Grade Protection
We employ industry-standard cryptographic protocols to protect your data. All communication between your browser and our servers is encrypted using 256-bit TLS encryption.
Data at rest is encrypted using AES-256 standards. Our infrastructure is hosted on secure, Tier 4 data centers with 24/7 physical monitoring and multi-factor authentication requirements for all administrative access.
04. Your Rights
Under the Data Privacy Act of 2012 (RA 10173), every data subject in the Philippines is entitled to the following rights over their personal information:
05. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes it was collected for, or as required by Philippine law — payroll and statutory contribution records, for instance, generally follow the retention periods mandated by BIR, SSS, PhilHealth, and Pag-IBIG regulations.
When an employee record is no longer needed and no legal retention obligation applies, it is either securely deleted or anonymized. Organizations remain responsible for configuring their own internal retention practices for the records they control within GrootHR.
06. Compliance
GrootHR is fully compliant with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines. We adhere to the principles of transparency, legitimate purpose, and proportionality.
“We act as a Personal Information Processor (PIP) for our clients. It is the responsibility of the client (the Personal Information Controller) to ensure they have the proper consent from their employees before uploading data to GrootHR.”