HRMS Logo
HRMS

HRMS Privacy Notice and Data Protection Policy

Effective Date: December 7, 2025

Your privacy is important to us. This policy explains how we collect, use, protect, and share your personal information.

Quick Navigation

→ Introduction→ Information We Collect→ How We Use Your Information→ Data Security→ Data Sharing→ Your Rights→ Contact Us

1. Introduction to HRMS Privacy Policy

Machi Kunzult Ltd (“we,” “our,” or “the Company”) recognizes the critical importance of privacy and is deeply committed to protecting the personal and sensitive information of all users who access our Human Resource Management System (HRMS) platform, including employees, employers, HR administrators, and system users.

This Privacy Notice outlines the types of personal data we collect, the legal basis for processing such data, and the purposes for which it is used within our comprehensive HRMS platform that includes payroll processing, attendance tracking, leave management, performance reviews, recruitment, document management, and financial accounting.

This Privacy Notice governs the collection, use, storage, sharing, and protection of personal data when users interact with our website, web applications, mobile applications (“Apps”), application programming interfaces (“APIs”), software services, email notifications, and the HRMS platform—a comprehensive human resource management solution designed for Nigerian businesses to manage their entire workforce lifecycle with full statutory compliance.

1.1 HRMS Privacy Policy Interpretation

In this Privacy Notice:

  • “Machi Kunzult Ltd,” “Machi Kunzult,” “we,” “us,” or “our” refers to Machi Kunzult Ltd, the entity responsible for processing personal data through the HRMS platform.

  • “HRMS” or “the Platform” refers to our Human Resource Management System, including all modules such as payroll, attendance, leave, performance management, recruitment, accounting, and related services.

  • “Personal Information” refers to any information that identifies or can be used to identify an individual. This includes, but is not limited to, full name, employee ID, physical address, email address, phone number, date of birth, National Identification Number (NIN), Bank Verification Number (BVN), passport photograph, biometric data, salary information, bank account details, tax identification numbers, pension details, and employment records.

  • “Sensitive Personal Information” includes financial data (salary, bank accounts, loans), health information (HMO, medical records), biometric data (fingerprints, facial recognition), government-issued IDs (NIN, Driver’s License, International Passport), and performance evaluations.

  • “Organization” or “Employer” refers to companies and businesses that subscribe to our HRMS platform to manage their workforce.

1.2 HRMS Privacy Standards

At Machi Kunzult, we adhere to the following privacy principles:

  • a.

    Transparency: We clearly communicate what data we collect, why we collect it, how we use it, and who has access to it.

  • b.

    Security First: We implement enterprise-grade security measures including encryption, access controls, audit logs, and regular security assessments.

  • c.

    Data Minimization: We collect and store only the data necessary to provide HR services and comply with Nigerian statutory requirements (PAYE, Pension, NHF, NSITF, NHIS, ITF).

  • d.

    Legal Compliance: Our practices align with the Nigeria Data Protection Act (NDPA) 2023, labor laws, and international data protection standards.

  • e.

    User Control: We empower employees and organizations to access, update, and manage their personal data subject to legal requirements.

  • f.

    Purpose Limitation: Personal data is used only for specified, explicit, and legitimate purposes related to HR management and statutory compliance.

2. Information We Collect in Our HRMS

We collect different categories of information necessary to provide comprehensive HR management services and ensure statutory compliance:

CategoryDetails CollectedPurpose
1. Employee Personal DataFull Name, Date of Birth, Gender, Marital Status, Address, Phone Number, Email, Emergency Contacts, Passport PhotographEmployee profile management, communication, emergency response
2. Government IDs & VerificationNational Identification Number (NIN), Bank Verification Number (BVN), Driver's License, International Passport, Tax Identification Number (TIN)Identity verification, statutory compliance, fraud prevention
3. Employment InformationEmployee ID, Job Title, Department, Branch, Employment Type, Start Date, Contract Details, Reporting Line, Work ScheduleOrganizational structure, workforce management, reporting
4. Financial & Payroll DataSalary Structure, Bank Account Details, Pension Fund Administrator (PFA), RSA PIN, Tax Information, Loan Records, Allowances, Deductions, Payment HistoryPayroll processing, PAYE tax calculation, pension remittance, salary payments
5. Attendance & Time DataClock-in/Clock-out Times, Biometric Data (fingerprints, facial recognition), GPS Location Data, Work Hours, Overtime, Shift Details, Timesheet RecordsAttendance tracking, overtime calculation, project time tracking
6. Leave Management DataLeave Balances, Leave Requests, Approval Status, Leave Types (Annual, Sick, Maternity/Paternity), Leave HistoryLeave tracking, approval workflows, balance management
7. Performance & TrainingPerformance Reviews, KPI Scores, Goals, 360-degree Feedback, Training Records, Certifications, Skills AssessmentPerformance management, career development, succession planning
8. Health & Benefits DataHMO Details, Medical Records (if provided), Health Insurance Information, Benefit Enrollment, Next of Kin DetailsBenefits administration, health management, emergency contacts
9. Document RecordsEmployment Contracts, Offer Letters, Certificates, Resumes, Performance Documents, Compliance Documents, Electronic SignaturesDocument management, record keeping, compliance tracking
10. Technical & Log DataIP Address, Device Information, Browser Type, Login Times, System Usage Logs, Audit Trail, Session DataSecurity monitoring, system performance, audit compliance

2.1 Communication Records

To enhance service quality and support, we may retain records of:

  • Email correspondence with support teams

  • In-app messages and notifications

  • Phone call records (if applicable)

  • Help desk tickets and responses

  • Employee feedback and requests

2.2 Anonymized and Aggregated Data

We may collect, store, and process non-personal or anonymized data, including statistical reports (headcount, turnover rates, attendance trends), demographic analytics, and industry benchmarking data. This data cannot identify individual users and is used for service improvements and analytics.

3. Collection and Legal Basis for Processing

3.1 How We Collect Data

We collect personal information when:

  • 1.

    Organizations onboard employees to the HRMS platform

  • 2.

    Employees create accounts and complete their profiles

  • 3.

    Users clock in/out or use biometric devices

  • 4.

    Payroll is processed and statutory deductions are made

  • 5.

    Leave requests, expense claims, or loan applications are submitted

  • 6.

    Performance reviews or training activities are conducted

  • 7.

    Users communicate with support or use platform features

3.2 Legal Basis for Processing

We process personal information based on:

  • 1.

    Consent: Employees and organizations consent to data processing by using our HRMS platform and accepting our terms of service.

  • 2.

    Contractual Obligation: Processing is necessary to fulfill our service agreement with organizations and to provide HR management services to employees.

  • 3.

    Legal Compliance: We are required by Nigerian law to collect and process data for:

    • • PAYE tax calculations and remittance
    • • Pension contributions (8% employee, 10% employer)
    • • NHF contributions (2.5% of basic salary)
    • • NSITF contributions (1% employer)
    • • NHIS deductions (5% employee, 10% employer)
    • • ITF levy (1% of annual payroll)
    • • Labor law compliance and record keeping

  • 4.

    Legitimate Interest: We process data for fraud prevention, system security, service improvement, and business analytics, ensuring these interests don't override employee rights.

4. How We Use Your Information

4.1 Payroll & Statutory Compliance

Calculate salaries, process deductions, generate payslips, remit taxes and statutory contributions (PAYE, Pension, NHF, NSITF, NHIS, ITF), maintain financial records, and ensure compliance with Nigerian labor and tax laws.

4.2 Attendance & Time Management

Track employee working hours, manage clock-in/out records, process biometric authentication, calculate overtime, monitor shift adherence, and generate attendance reports.

4.3 Leave & Benefits Administration

Manage leave requests and approvals, track leave balances, process annual/sick/maternity leave, administer employee benefits, manage HMO enrollments, and handle benefit claims.

4.4 Performance Management

Conduct performance reviews, track goals and KPIs, facilitate 360-degree feedback, manage succession planning, and support employee development initiatives.

4.5 Recruitment & Onboarding

Manage job postings, track applications, facilitate interview processes, generate offer letters, conduct digital onboarding, and collect new hire documentation.

4.6 Financial Accounting

Generate financial statements (P&L, balance sheet, trial balance), maintain general ledger, track payroll expenses, manage project profitability, and provide financial analytics.

4.7 Security & Fraud Prevention

Verify user identities, detect unauthorized access, prevent fraudulent transactions, monitor system security, maintain audit trails, and protect against data breaches.

4.8 Communication & Notifications

Send payslip notifications, leave approvals, performance review reminders, system updates, and important HR announcements via email, SMS, or in-app notifications.

4.9 Analytics & Reporting

Generate HR analytics, workforce reports, compliance reports, executive dashboards, and provide insights for strategic decision-making.

4.10 Service Improvement

Analyze usage patterns, optimize platform performance, develop new features, enhance user experience, and ensure system reliability.

5. Data Security and Protection

5.1 Security Measures

We implement enterprise-grade security measures to protect your personal information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)

  • Access Controls: Role-based access with multi-factor authentication (MFA)

  • Firewalls: Advanced firewall protection and intrusion detection systems

  • Audit Logs: Comprehensive logging of all system access and data modifications

  • Regular Security Audits: Penetration testing and vulnerability assessments

  • Data Backup: Regular automated backups with disaster recovery procedures

  • Employee Training: Regular security awareness training for all staff

  • Incident Response: Dedicated security team with incident response protocols

Important: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute protection against all security threats. We continuously monitor and improve our security practices to protect your data.

5.2 Data Retention Policy

We retain data according to the following schedule:

  • Active Employee Records: Retained while employment is active plus 6 years after termination (labor law compliance)

  • Payroll & Tax Records: 6 years minimum (FIRS requirements)

  • Pension Records: 10 years (PenCom regulations)

  • Attendance Records: 3 years

  • Performance Records: 5 years

  • Audit Logs: 3 years

  • Biometric Data: Deleted within 30 days of employment termination unless required for legal proceedings

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

6.1 Within Your Organization

Your employer (the subscribing organization) has access to your employment-related data as necessary for HR management. Access is controlled based on roles (HR Admin, Manager, Employee).

6.2 Government Agencies & Regulators

We share data with relevant authorities for statutory compliance:

  • Federal Inland Revenue Service (FIRS) - PAYE tax information

  • National Pension Commission (PenCom) - Pension contributions

  • Federal Ministry of Labour and Employment - Labor compliance

  • Nigeria Social Insurance Trust Fund (NSITF)

  • National Housing Fund (NHF)

  • Industrial Training Fund (ITF)

6.3 Service Providers

We may share data with trusted third-party service providers who help us operate the platform:

  • Cloud hosting providers (data centers in Nigeria)

  • Payment processors for salary disbursement

  • SMS and email service providers for notifications

  • Biometric device manufacturers (for attendance systems)

  • Customer support tools

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.4 Legal Requirements

We may disclose information when required by law, court orders, legal proceedings, or to protect our rights, property, safety, or that of others.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity. You will be notified of any such change in ownership.

7. Your Rights and Choices

Under the Nigeria Data Protection Act (NDPA) 2023 and our privacy commitments, you have the following rights:

Right to Access

Request a copy of your personal data held in the HRMS

Right to Rectification

Update or correct inaccurate personal information

Right to Erasure

Request deletion of your data (subject to legal retention requirements)

Right to Restrict Processing

Limit how we process your data in certain circumstances

Right to Data Portability

Receive your data in a structured, commonly used format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw previously given consent at any time

Right to Lodge a Complaint

File a complaint with the Nigeria Data Protection Commission (NDPC)

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at support@machi-kunzult.com or through your organization's HR administrator. We will respond to your request within 30 days.

Note: Some rights may be limited by legal obligations. For example, we cannot delete payroll records that must be retained for tax compliance purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze platform usage, and improve our services:

  • Essential Cookies: Required for platform functionality (login sessions, security)

  • Performance Cookies: Help us understand how users interact with the platform

  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings, but disabling them may affect platform functionality.

9. International Data Transfers

Our primary data centers are located in Nigeria. If data must be transferred outside Nigeria for technical or operational reasons, we ensure:

  • The destination country has adequate data protection laws

  • Appropriate safeguards are in place (standard contractual clauses)

  • Your data remains protected to Nigerian standards

  • We obtain necessary approvals from the Nigeria Data Protection Commission

10. Children's Privacy

Our HRMS platform is designed for businesses and their employees. We do not knowingly collect information from individuals under 18 years of age. If we discover we have inadvertently collected data from a minor, we will delete it promptly. Organizations are responsible for ensuring their employees meet minimum age requirements under Nigerian labor law.

11. Third-Party Links and Services

Our platform may contain links to third-party websites or integrate with third-party services (e.g., payment gateways, email providers). We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies before providing any personal information.

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • 1.

    Notify the Nigeria Data Protection Commission within 72 hours

  • 2.

    Inform affected individuals without undue delay

  • 3.

    Describe the nature of the breach and its potential impact

  • 4.

    Outline the measures taken to address the breach

  • 5.

    Provide guidance on protective steps you can take

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We will:

  • Post the updated policy on our website with a new 'Effective Date'

  • Notify registered organizations of material changes via email

  • Display in-app notifications for significant updates

  • Maintain previous versions for reference

Your continued use of the platform after changes indicates acceptance of the updated policy. We encourage you to review this page regularly.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Data Protection Officer

Company: Machi Kunzult Ltd

Address:
3rd Floor, 35 Olowu Street
Ikeja, Lagos
Nigeria

Email: support@machi-kunzult.com

Phone: +234 201 330 9330

Nigeria Data Protection Commission

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

Nigeria Data Protection Commission (NDPC)
Website: https://ndpc.gov.ng

Your Privacy Matters

At Machi Kunzult, we are committed to protecting your personal information and maintaining your trust. This Privacy Policy represents our dedication to transparency, security, and compliance with Nigerian data protection laws. We continuously review and improve our practices to ensure your data remains secure.

↑ Back to Top