Privacy & Policies

© 2019 NGA Human Resources, an Alight Company.

At NGA Human Resources (‘NGA HR’), we truly care about upholding our reputation for excellence. A major part of that commitment includes a focus on protecting the privacy, security and integrity of the information we handle on behalf of our clients, in conjunction with our affiliates, partners and third-party suppliers. At NGA HR we are passionate not only about protecting our clients’ personal and confidential data but also about that of our own employees as well. On this page, you can find our important policies and more transparency on how NGA HR collects, uses, retains and discloses your personally identifiable information (personal data).

NGA HR is owned and part of Alight Solutions LLC.

NGA HR Privacy Notice
Product-specific sections in this Privacy Notice provide additional information that is or may be relevant to the particular NGA HR products. The NGA HR group of companies (hereinafter referred to ‘us’, ‘we’, ‘our’) is committed to protecting and respecting the individual’s (‘you’, ‘your’) right to privacy. Our privacy notice reflects current global privacy principles and standards when processing your personal data. This Privacy Notice applies to personal data we obtain through our websites, our affiliates’ websites (if any), products, services (e.g. Marketing) and/or web-based applications (collectively, the ‘Services’). A separate privacy notice may apply when you use the services of a Partner or a Third Party, linked to our Services. When you access or use our Services, you acknowledge that you have read and understand its content. We may update the content of this page, or other privacy policies, at any time as we deem appropriate. Where changes are material, we will post them here and, if changes are likely to affect you personally, we will attempt to contact you directly. It is important that you check from time to time this Privacy Notice to ensure that you have reviewed the most current version of this Notice.

How We Collect Personal Data
We may collect information either directly from you (e.g. through this website, events, web conferences, your correspondence with us), information that is collected automatically (e.g. IP address, browser type and version) or through other sources (such as our clients or third party providers). Why and How We Use Your Personal Data Your personal data may be processed in any of the following ways:

  • Contact you by, and processing of, information that you provide to us on any of our site(s), including information provided at the time of registering to use our site(s), subscribing to our Services, posting material, any inquiry through the “Contact Us” section of our site(s), an online employment application or requesting any further information on any of our Services;
  • Establish and manage NGA HR accounts including its Services;
  • Communicate changes to our Services;
  • Provide customer support, trouble-shooting, manage subscriptions and respond to requests, questions and comments;
  • Ensure that the content of our site is presented in the most effective manner for you and your computer;
  • Communicate about, and administer participation, in special events, surveys, contests, web conferences, and other offers and promotions;
  • Analyze users’ behaviour when using our Services to customize preferences, and develop new products, services and advertising;
  • Enable posting on our blog and other communication channels (such as Social Media);
  • Comply with and enforce applicable legal requirements, agreements, and policies; and
  • Any other activity consistent with this Privacy Notice.

You manage your subscriptions and you may opt-out of receiving marketing communications at any time. Specific examples of why and how we process your personal data:

    We process the data we collect to provide you the Services we offer, which includes using the data to improve and personalize your experience. We may also use that information to communicate with you, including for service provisions or product updates. We usually process information not collected directly by us, but by way of our clients, which includes general HR and payroll information. When processing data for this purpose, we rely on contractual agreements with our clients who are the Data Controllers of your data while NGA HR is the Data Processor. We encourage you to contact your employer for any questions on the Services that we provide to them directly.
    We may collect information about your computer that does not, by itself, identify you by name, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns. The purpose of the data is to improve effectiveness of the site, to help diagnose problems and to administer the site.
    Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. You can read more on Cookies here. We may also collect information during your visit to our website through automated tools, which include Web beacons (or named as web bugs), embedded web links and any other commonly used information gathering tools. A web bug is an object that is embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. We may use the Web beacons for the purpose of email tracking and page tagging for Web analytics. In addition we might use web bugs implemented through an embedded image include tracking pixel, pixel tag, 1×1 gif, and clear gif that may be implemented by using JavaScript. Learn more about Cookies and how they are used here:
    We may contact you to provide you information about our Services and offerings, or updates to them, with the information that you have provided to us, or that we have collected through third parties (e.g. external marketing companies, conferences). The data we collect is used for internal review and to contact you for marketing purposes and is not shared with other organizations for commercial purposes.

What Kinds of Personal Data Do We Collect
The following are examples of types of personal data that we may collect. The specific kind of information collected by us will depend on the Services provided:

  • Contact information (name, last name, email address, phone number, address, company, job title)
  • Payment information (billing address, bank account information)
  • NGA HR purchase or service history
  • Your location
  • Your interests and preferences
  • Annual revenue
  • Number of employees
  • Demographic information
  • Biometric data such as voice recordings
  • Details about your computer, devices, applications and networks (including IP address, browser characteristics, device ID, operating system, or language preferences)
  • Activities on our website (including referring URLs or dates and times of website visits)

Products and Offerings
At NGA HR we have a range of Products and Offerings. Below are some samples of our most important ones and the Personal Data we collect through them:

hrX Suite
Our one umbrella product, within which there will be five modules:

hrX Access
hrX Access brings together the best HR and payroll technologies and processes for global payroll, case management and HR analytics into a single, comprehensive user experience.

hrX Assist
hrX Assist is a virtual service center application powered by machine learning and artificial intelligence

hrX Exchange
hrX Exchange is the middle layer, we provide a single point of integration between Cloud HR solutions and certified integrations to local payrolls

hrX Pay
hrX Pay allows users to access the hrX Calendar, Checklist and Documents.  hrX Pay has two concepts – the Payroll Control Center (PCC) and the Payroll Process Management (PMM)

hrX Analyze
hrX Analyze provides a rich and interactive visualization of global payroll and core HR data through a set of pre-defined and dashboards.

Built on the concept of BPaaS (Business Process as a Service), euHReka blends an application layer with extensive global preconfiguration, multi-country delivery capabilities and standardized workforce administration processes. For many years euHReka has been the underpinning platform for NGA’s HR BPO services, integrating transactional processing and call center support into a single BPaaS platform.

NGA cleaHRsky
cleaHRsky is NGA’s next generation HR as a Service cloud solution, offering an end to end administrative HR service and solution that can be further expanded with the full talent suite of SAP SuccessFactors. cleaHRsky expands the NGA Global Payroll Offering into the end to end HR process.

Below are some examples of data we collect and process when you are using one of NGA HR’s Products and Offerings (including but not limited to):

  • Name – First, Middle, Family Name / Surname
  • Date, Country and Place of Birth
  • Employee ID, Job Code, Cost Center, Department, Division and Location
  • Absences from Work, Time Profile and Work Schedule
  • National Social Security Number (or equivalent)
  • Passport Number
  • Driving Licence Number
  • National Identity Card Number
  • IP Address
  • Passwords
  • Address
  • Telephone Numbers (personal and work)
  • Email Addresses (personal and work)
  • Emergency contact details
  • Work Address
  • Bank Name, Account Number and Sort Code
  • International Bank Account Number (IBAN)
  • Business Identified Codes (BIC)
  • Salary including Bonus Payments and other Financial Benefits
  • Pension Details
  • Garnishment Details
  • Diversity (e.g. Religion, Race, Ethnic, Political)
  • Trade Union Membership
  • Other types of special categories of personal data
  • Work permit
  • Disciplinary Actions and Grievances
  • Holiday Calendar, Time Profile and Work Schedule
  • Photograph
  • Passwords
  • Other data submitted by Users in open fields

Data Transfers
We are headquartered in the United Kingdom, with affiliates and subsidiaries throughout the world. The data that we collect may be processed, transferred to, and stored in our various service and data centre locations around the world, and may be located outside of the country where the data is originally collected. This means that data protection standards may be different from the place where the data is collected (such as a destination outside the European Economic Area (‘EEA’), a destination outside the USA, or any other destination in the world). Data may be also stored with a cloud service provider (e.g. Microsoft,, Oracle, Hubspot) and therefore located across those provider’s cloud environment. However, we deploy and enforce a standard, global operational, IT and Security control framework across our global service, data center and third-party locations. Data may also be processed by staff, operating outside any other countries where the data is collected, who work for us as an employee or contractor or for one of our third-party suppliers (i.e. agents, service vendors, business partner and other). Such staff may be engaged in, among other things, the fulfilment of your request and the provision of any kind of support services. By submitting your personal data to us, you agree to this transfer, storing or processing at any location in the world. We execute the appropriate legal and contractual documentation to effectuate these transfers such as data processing and data transfer agreements or on adequacy decisions from the relevant authorities. We will take reasonable steps necessary to ensure that your data is treated securely, with appropriate technical and organizational measures, and in accordance with this privacy notice. Our Information Security Management System is designed to maintain an appropriate level of confidentiality, integrity and availability. If you are located in the EEA or Switzerland, we provide adequate protection for the transfer of personal data to countries outside the EEA or Switzerland through a series or intercompany data transfer agreements based on the EU Standard Contractual Clauses, authorized by the European Commission. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, our products or services you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Your Rights and Choices
If you would not wish us to contact you (via phone, email, SMS or any other way), nor use your data in the way described in this Privacy Notice, nor you would want us to pass your details on to third parties, please do not hesitate to contact us at the following email address: Note: If you ask us to not receive any communication from us, we will retain a copy of your email address marked with ‘do not contact’ in order to comply with your no-contact request. As an individual, you have the following rights in regards to the protection of your personal data, which you may exercise at any moment:

  • Right to be Informed
  • Right of Access
  • Right of Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights in Relation to Automated Decision Making and Profiling

Where we are the Data Processor of your data, please contact your employer, as the Data Controller to effectively exercise your rights. The exercise of these rights is free of charge for you and we have the obligation to respond to you without undue delay upon a raised request. We may request certain confirmation that you are authorized to exercise this request or ask for proof of your identity, before responding to your request. Should we not satisfy your request, you have the right to raise a complaint to the relevant data protection authority. A link to the relevant data protection authorities can be found here. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and any other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. We do not have and will not accept any responsibility or liability for any tracking, data collection or other activities of third parties.

Sharing of Your Personal Data
As a global business operating company, we may disclose your personal data to any member of the NGA HR group of companies, which means our subsidiaries and affiliates, our ultimate holding company and its subsidiaries located at any place in the world. We may disclose your personal data to third parties in the following cases:

  • In the event that we sell, buy, merge, consolidate, transfer, change in control any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • In the event of re-organisation or liquidation of our company whereby in some countries such a transaction may involve, in accordance with applicable laws, the disclosure of personal data to prospective or actual purchasers, or the receipt of it from
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or any other governmental request;
  • If we may be required to provide personal data in response to a court order, subpoena, warrant, government investigation, any procedure issued by authority, or as otherwise required by law. We also may choose to establish or exercise our legal rights
    or defend against legal claims;
  • If we believe that there is a threat to the information stored in this website, or in order to protect or defend our rights or the well-being of our users. In general, we may release certain personal data in cases where we believe that the release of
    the information is reasonably necessary to protect the rights, property, and safety of others and ourselves;
  • We may contract with any third-party supplier to provide any services for operating this website, for any requests or for the purpose of supporting our business activities. Any third party providing services to us may be allowed, on our behalf, to access
    your personal data provided by you for their proper use in connection with the specific services provided.
  • In cases where you provide us with your consent to do so. In those cases we will ask you for an explicit written consent confirmation.

How We Secure Your Personal Data
In accordance with our policies, the group is committed to protect any personal data divulged to us. We implement and will maintain appropriate security measures, technologies and procedures in order to protect your personal data from loss, misuse, alteration or destruction. Our management team, employees and partners are required to keep personal data confidential. Unfortunately, the transmission of information via the internet (by way of an email or other) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use internal procedures and security features trying to prevent unauthorised access.

Data Retention Information
NGA HR is retaining information for legitimate business or for legal purposes and will not hold information for a period longer than is reasonably necessary to fulfil the purposes for which it was collected.

Children’s Privacy
We may collect a limited amount of personal data of children when providing certain benefits to our own employees in accordance with the applicable legal provisions. We may process personal data of children of our client’s employees if this is part of the contract service provisions with our clients. Other than these examples, we do not knowingly collect personal data from children without obtaining parental consent in accordance with applicable laws and regulations. If you believe that we have collected information from your child in error or have any other questions or concern, please notify us and we will promptly respond.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to In addition, please do not hesitate to contact us if you suspect any privacy or security breaches.

Safe Harbor/Privacy Shield Statement
On October 6, 2015, the European Court of Justice deemed Safe Harbor inadequate for the protection of EU citizen data, particularly in light of the access that the U.S. government had/has to data held on servers in the U.S. NorthgateArinso, Inc. (NGAHR’s U.S. company) complied until then with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. NGA HR relies on EU Model Clauses for the safe transfer of personal data from the EU to the US. NGA HR is currently not certified against the EU-US Privacy Shield, replacing the EU-US Safe Harbor Framework. To read NGA’s statement on the ECJ ruling of October 6, 2015 on the Safe Harbor Framework please follow this link:

Code Of Conduct
The NGA HR Code of Conduct document articulates ethical and behavioural guidance for all NGA HR companies. At NGA HR, we understand the great privilege and yet even greater responsibility we have in managing some of our clients’ most sensitive assets – including their financial, HR and Payroll Data. Therefore, we make every effort to ensure that everyone at Northgate not only understands this responsibility but also embraces it with the highest standards of care and professionalism. To read NGA HR’s entire Code of Conduct, click here:

Anti-Corruption Policy
This document defines NGA HR’s policy on the avoidance of bribery and corruption. It is applicable globally to all companies in the NGA HR group, their employees, and business partners. It will be regularly reviewed to ensure that it reflects any changes in applicable laws and developments in acceptable standards for the conduct of business. We are committed to maintaining the highest ethical standards and vigorously enforcing the integrity of our business practices wherever we operate throughout the world. NGA HR will not engage in bribery or corruption of any kind. Adherence to the guidelines set out in this policy will help ensure that we comply with anti-bribery and anti-corruption laws and governmental guidance. To read NGA HR’s entire Anti-Corruption Policy, click here:

Anti-Money Laundering Policy
This document articulates operational and performance guidance for NGA HR companies, employees and business partners. To read NGA HR’s entire Anti-Money Laundering Policy, click here:

Modern Slavery and Human Trafficking Statement
At NGA HR we take seriously our responsibility to help prevent the crime of modern slavery and human trafficking across our own business as well as that of our partners and suppliers. As part of our commitment, we ensure that our workers are not being exploited, that our work environment is safe, and that all employment, health and safety and human right laws are fully adhered to. Our Code of Conduct (​ embodies and reinforces our commitment to these and other key guiding principles, and applies to all of NGA HR as well as to our partners and suppliers. As part of our procurement process, we vet our partners and suppliers to identify and help prevent potential modern slavery or human trafficking risks in our supply chain, and require them to ensure that they either have equivalent policies to ours or that they abide by our policies. Additionally, we have adopted and support the Ten Principles of the UN Global Compact (, which derive from the Universal Declaration of Human Rights, the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work, the Rio Declaration on Environment and Development and the United Nations Convention Against Corruption.

Abridged Data Privacy Policy
This document articulates operational and performance guidance for NGA HR companies, employees and business partners. To read NGA HR’s entire Abridged Data Privacy Policy, click here:

Equality, Diversity and Dignity Policy
This document articulates operational and performance guidance for NGA HR’s, employees and business partners. To read NGA HR’s entire Equality, Diversity and Dignity Policy, click here:

Security and Compliance Standard for Outsourced Third Party Service Providers
This document articulates operational and performance requirements for NGA HR vendors, contractors, subcontractors and suppliers who handle personal data. To read NGA HR’s Third Party Vendor Security and Compliance Standards, click here:

Responsible Disclosure
NGA HR is committed to the privacy, safety and security of our customers We all understand that the protection of customer data is a significant responsibility and requires our highest priority. We take this responsibility seriously and genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems secure. If you are a researcher and have discovered a security vulnerability in one of our products, websites or services, we’d really appreciate your help in disclosing this to us in a responsible manner.

General Guidelines
We request that all researchers: Let us know as soon as possible on the discovery of potential security issues and we will make every effort to resolve the issue as quickly as possible. Provide us with a reasonable amount of time to investigate and resolve the issue before any further disclosure is made. Make every effort to avoid privacy violations, destruction of data and interruption or degradation of service. How to report a security vulnerability? If you are an NGA HR customer Contact your NGA HR account manager and inform them of what has been identified and they will manage the issue with the NGA HR security teams. If you are NOT an NGA HR customer You should email our security team at Please include the following details in your report:

  • Description of the location and potential impact of the vulnerability.
  • A detailed description of any steps required to reproduce the vulnerability.
  • Your name / handle if you would like any follow up on the remediation activities.

Thanks you for your help and support.