HRMS Logo
HRMS
Last Updated
February 3, 2026

HRMS Privacy Notice and Data Protection Policy

Effective Date: February 3, 2026

Your privacy is important to us. This policy explains how we collect, use, protect, and share personal information on behalf of our subscribing organizations.

Quick Navigation

Introduction Information We Collect Data Categories How We Use Information Data Security Data Sharing Employee Types Your Rights Refund Policy Contact Us

B2B Platform Notice: Machi Kunzult HRMS is a business-to-business (B2B) platform. We provide HR management services to subscribing organizations (businesses), who are our direct customers. Employee data is collected and processed on behalf of these organizations, who determine the purposes and means of processing. Organizations are responsible for obtaining employee consent and managing employee data rights.

1. Introduction to HRMS Privacy Policy

Machi Kunzult Ltd (“we,” “our,” or “the Company”) operates a business-to-business (B2B) Human Resource Management System (HRMS) platform. We provide HR management software services to Nigerian businesses and organizations (“Subscribing Organizations” or “Organizations”), who are our direct customers.

As a B2B SaaS provider, we process employee data on behalf of and under the instructions of our Subscribing Organizations. The Organizations are the data controllers who determine the purposes and means of processing their employees' personal data, while we act as the data processor providing the technical platform and services.

This Privacy Notice explains how we, as a data processor, handle personal information within our HRMS platform, which includes modules for payroll processing, attendance tracking, leave management, performance reviews, recruitment, document management, and financial accounting.

1.1 Our Role and Responsibilities

Subscribing Organizations (Data Controllers)

  • Determine purposes for processing employee data
  • Obtain employee consent where required
  • Handle employee data rights requests
  • Ensure lawful basis for data processing
  • Responsible for data protection compliance

Machi Kunzult HRMS (Data Processor)

  • Process data per organization instructions
  • Implement technical and security measures
  • Provide platform tools and features
  • Assist with data protection obligations
  • Maintain data security and confidentiality

1.2 HRMS Privacy Policy Interpretation

In this Privacy Notice:

  • “Machi Kunzult Ltd,” “Machi Kunzult,” “we,” “us,” or “our” refers to Machi Kunzult Ltd, the B2B SaaS platform provider.

  • “HRMS” or “the Platform” refers to our Human Resource Management System software service.

  • “Subscribing Organization” or “Organization” refers to businesses that subscribe to our HRMS platform to manage their workforce. These are our direct customers and act as data controllers.

  • “Employee” or “End User” refers to individuals whose data is processed through our platform by their employer (the Subscribing Organization).

  • “Personal Information” refers to any information that identifies or can be used to identify an individual, collected and processed on behalf of Subscribing Organizations.

  • “Sensitive Personal Information” includes financial data, health information, biometric data, and government-issued IDs processed through our platform.

1.3 HRMS Privacy Standards

At Machi Kunzult, we adhere to the following privacy principles:

  • a.

    Transparency: We clearly communicate what data we collect on behalf of organizations, how we process it, and who has access to it.

  • b.

    Security First: We implement enterprise-grade security measures to protect data entrusted to us by our B2B clients.

  • c.

    Data Minimization: Our platform is designed to collect only data necessary for HR services as configured by Subscribing Organizations.

  • d.

    Legal Compliance: Our practices align with the Nigeria Data Protection Act (NDPA) 2023, serving as a compliant data processor.

  • e.

    Organizational Control: We empower Subscribing Organizations with tools to manage their employees' data according to their policies and legal obligations.

  • f.

    Purpose Limitation: We process personal data only as instructed by Subscribing Organizations and for the purposes they have defined.

  • g.

    Contractual Obligations: We maintain Data Processing Agreements with all Subscribing Organizations outlining our processing obligations.

2. Information Collected on Behalf of Organizations

Our HRMS platform is configured by Subscribing Organizations to collect various categories of employee information necessary for HR management services. Organizations determine what data to collect based on their business needs and legal requirements. The data categories available in our system include:

Important: The actual data collected for any specific employee is determined by their employer (the Subscribing Organization). Machi Kunzult provides the platform capabilities, but organizations decide which fields to use and what information to enter.

CategoryAvailable FieldsEmployee TypesPurpose
1. Normal Employee DataFull Name, Date of Birth, Gender, Marital Status, Address, Phone, Email, Emergency Contacts, Passport PhotoNormalContractEmployee profile management, communication
2. Guard-Specific Data *Org ConfiguredNIN, BVN, Beat Location, Coordinator, Verification Status, Uniform Details, Date of Joining as GuardGuardSecurity personnel management as configured by organization
3. Casual Worker Data *LimitedBasic Identification, Contact Info, Work Details (Limited statutory deductions)CasualTemporary workforce management
4. Financial & Payroll DataSalary Structure, Bank Details, Pension Fund Administrator, RSA PIN, Tax Information, Loan RecordsNormalContractPayroll processing as instructed by organization
5. Attendance & Location DataClock-in/out Times, GPS Location, Biometric Data, Work Hours, Overtime, Geofence Data, Trust ScoresAllAttendance tracking if enabled by organization
6. Performance & ProductivityPerformance Reviews, KPI Scores, URL Logs, Productivity Scores, YouTube Usage, Website ActivityNormalPerformance management if enabled by organization

3. Employee Type Specific Processing

Our platform supports different employee types, allowing Subscribing Organizations to configure appropriate data collection and processing rules:

Organization Decision: The Subscribing Organization determines which employee types to use and what data requirements apply to each type. We provide the technical capabilities; they make the policy decisions.

3.1 Guard Data Processing (When Configured)

For organizations in the security industry, our platform supports enhanced verification features for guards. Organizations can configure:

4. How We Process Data on Behalf of Organizations

As a data processor, we process personal information only as instructed by Subscribing Organizations through their use of our platform. Our processing activities include:

Processing Instructions: All data processing is performed according to the Organization's instructions as configured in our platform. Organizations control what features to enable and how employee data is used.

4.1 Payroll Processing Services

Process payroll calculations, statutory deductions, and generate payslips as configured by the Organization according to their payroll policies and Nigerian statutory requirements.

7. Data Subject Rights & Organizational Responsibilities

B2B Platform - Rights Flow

As a B2B platform, employee data rights requests should be directed to the Subscribing Organization (employer), who is the data controller. We provide organizations with the tools to fulfill these requests, but they hold the responsibility for managing employee rights.

7.1 Subscribing Organization Responsibilities (Data Controllers)

As the data controller, Subscribing Organizations have the following responsibilities to their employees:

Legal Obligations

  • Obtain employee consent where required by law
  • Provide privacy notices to employees
  • Respond to employee data rights requests
  • Ensure lawful basis for all processing

Platform Controls

  • Manage employee data through our platform
  • Export and delete employee records as needed
  • Configure data retention policies
  • Control access permissions for HR staff

7.2 Employee Data Rights (Exercised Through Employer)

Employees have rights under Nigerian Data Protection Act (NDPA) 2023, which should be exercised through their employer (the Subscribing Organization):

Right to Access

Request access to personal data from your employer's HR department

Right to Rectification

Request data corrections through your organization's HR processes

Self-Service Access

View your own data through the employee portal (if enabled by employer)

Grievance Process

Raise concerns through your employer's internal channels

Important for Employees: Since your employer (the Subscribing Organization) is the data controller, all data-related requests should be directed to your organization's HR department. We cannot directly respond to individual employee requests without authorization from the organization.

7.3 Our Role in Supporting Data Rights

As a data processor, we support Subscribing Organizations in fulfilling their data protection obligations by:

  • Providing platform tools for organizations to manage employee data requests

  • Enabling data export, correction, and deletion capabilities for organizations

  • Maintaining audit logs of data access and modifications

  • Assisting organizations with technical aspects of rights fulfillment

  • Responding to authorized data requests from organizations on behalf of employees

7.4 How to Exercise Rights

👔

For Employees

Contact your organization's HR department directly. They are responsible for handling your data rights requests and have full control over your data in our system.

🏢

For Subscribing Organizations

Contact our support team at support@machi-kunzult.com for assistance with employee data requests or platform features. Your organization administrators can also manage most requests directly through the platform.

⚖️

Regulatory Complaints

If unsatisfied with how your employer handles your data rights, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

5. Data Security and Protection Measures

As a B2B SaaS provider entrusted with our clients' employee data, we implement enterprise-grade security measures across all layers of our infrastructure:

6. Data Sharing and Sub-Processing

We do not sell or share employee data for marketing purposes. As a data processor, we only share data in the following circumstances:

6.1 Access by Subscribing Organizations

The Subscribing Organization (your employer) has full access to employee data they have entered into our system, controlled by role-based permissions they configure.

6.2 Sub-Processors (Service Providers)

We engage carefully vetted sub-processors to support platform operations. All sub-processors are bound by data protection agreements:

  • Payment Processing: Secure payment gateways for salary disbursements

  • Cloud Infrastructure: Secure hosting providers

  • Communication Services: Email and SMS providers

6.3 Legal Requirements

We may disclose data when legally required, and will notify the affected Subscribing Organization when permitted by law.

8. Monitoring Technologies (Organization Configured)

Our platform includes optional monitoring features that Subscribing Organizations can enable based on their policies:

Organization Control: All monitoring features are optional and configured by the Subscribing Organization. Employees should consult their employer's policies to understand what monitoring is enabled.

9. Updates to This Privacy Policy

We will notify Subscribing Organizations of significant changes to this policy. Organizations are responsible for communicating relevant changes to their employees.

10. Subscription & No Refund Policy

No Refund Policy: All subscription fees paid to Machi Kunzult Ltd are strictly non-refundable. By subscribing to our HRMS platform, Subscribing Organizations explicitly agree to this policy.

10.1 Why We Do Not Offer Refunds

Our no-refund policy exists for the following reasons:

1

Immediate Platform Access

Upon payment, Subscribing Organizations receive immediate, full access to our HRMS platform including all subscribed modules. The service is delivered and consumed from the moment of activation, making reversal impractical.

2

Infrastructure & Operational Costs

Subscription fees fund ongoing infrastructure, server maintenance, security operations, and support services that are provisioned and committed upon subscription activation. These costs are incurred immediately and cannot be recovered.

3

Pre-Subscription Trial & Demonstration

We offer prospective clients the opportunity to evaluate our platform through demonstrations and consultations before committing to a subscription. Organizations are encouraged to thoroughly assess the platform before purchasing.

4

Data Security & Processing Obligations

Once employee data is entered into the system, significant resources are allocated to secure storage, encryption, backup, and compliance operations. These obligations persist regardless of whether the subscription continues.

5

Subscription Period Commitment

Subscriptions are sold for defined periods (monthly, quarterly, or annually). Pricing reflects a commitment to the full subscription period, and early cancellation does not entitle the Organization to a refund for unused time.

10.2 Scope of No-Refund Policy

This policy applies to all of the following situations without exception:

  • Voluntary cancellation of subscription at any time
  • Non-use or underuse of the platform or any of its modules
  • Early termination of an annual or multi-month subscription
  • Dissatisfaction with features after subscription commencement
  • Change of business needs or organizational restructuring
  • Employee count reduction after subscription purchase
  • Switching to a different HR software provider
  • Failure to onboard staff or utilize the platform

10.3 Exceptional Circumstances

While our policy is strictly no refunds, we may at our sole and absolute discretion consider service credits (not cash refunds) in the following limited circumstances:

  • Verified extended platform downtime directly caused by Machi Kunzult exceeding 72 consecutive hours
  • Duplicate payments made in error, which will be corrected within 14 business days
  • Billing errors attributable solely to Machi Kunzult Ltd

Any credits issued are applied to the next billing cycle and have no cash value. All decisions regarding service credits are made at the sole discretion of Machi Kunzult Ltd management.

10.4 Subscription Cancellation

Subscribing Organizations may cancel their subscription at any time by contacting support@machi-kunzult.com. Upon cancellation:

  • Access to the platform continues until the end of the current paid subscription period
  • No further charges will be made after the cancellation date
  • Organization data will be available for export for 30 days post-cancellation
  • No refund will be issued for the remaining unused subscription period

11. Contact Us

Data Protection Officer

Company

Machi Kunzult Ltd

Address

3rd Floor, 35 Olowu Street
Ikeja, Lagos
Nigeria

For Organizations

Contact us for Data Processing Agreement (DPA) inquiries, platform support, or compliance assistance

For Employees

Please contact your organization's HR department for all data-related requests

Nigeria Data Protection Commission

For unresolved data protection concerns:

🔒

Committed to Data Protection

As a B2B SaaS provider, Machi Kunzult is committed to supporting our Subscribing Organizations in their data protection obligations. We maintain the highest standards of security and compliance, enabling Nigerian businesses to manage their workforce data with confidence and in full compliance with Nigerian Data Protection Act 2023.