Privacy & Policies

At NGA Human Resources (‘NGA HR’), we truly care about upholding our reputation for excellence. A major part of that commitment includes a focus on protecting the privacy, security and integrity of the information we handle on behalf of our clients, in
conjunction with our affiliates, partners and third-party suppliers. At NGA HR we are passionate not only about protecting our clients’ personal and confidential data but also about that of our own employees as well. On this page, you can find our important
policies and more transparency on how NGA HR collects, uses, retains and discloses your personally identifiable information (personal data).

NGA HR Privacy Notice

Product-specific sections in this Privacy Notice provide additional information that is or may be relevant to the particular NGA HR products. The NGA HR group of companies (hereinafter referred to ‘us’,
‘we’, ‘our’) is committed to protecting and respecting the individual’s (‘you’, ‘your’) right to privacy. Our privacy notice reflects current global privacy principles and standards when processing your personal data. This Privacy Notice applies to personal
data we obtain through our websites, our affiliates’ websites (if any), products, services (e.g. Marketing) and/or web-based applications (collectively, the ‘Services’). A separate privacy notice may apply when you use the services of a Partner or a Third
Party, linked to our Services. When you access or use our Services, you acknowledge that you have read and understand its content. We may update the content of this page, or other privacy policies, at any time as we deem appropriate. Where changes are
material, we will post them here and, if changes are likely to affect you personally, we will attempt to contact you directly. It is important that you check from time to time this Privacy Notice to ensure that you have reviewed the most current version
of this Notice. How We Collect Personal Data We may collect information either directly from you (e.g. through this website, events, web conferences, your correspondence with us), information that is collected automatically (e.g. IP address, browser type
and version) or through other sources (such as our clients or third party providers). Why and How We Use Your Personal Data Your personal data may be processed in any of the following ways:

  • Contact you by, and processing of, information that you provide to us on any of our site(s), including information provided at the time of registering to use our site(s), subscribing to our Services, posting material, any inquiry through
    the “Contact Us” section of our site(s), an online employment application or requesting any further information on any of our Services;
  • Establish and manage NGA HR accounts including its Services;
  • Communicate changes to our Services;
  • Provide customer support, trouble-shooting, manage subscriptions and respond to requests, questions and comments;
  • Ensure that the content of our site is presented in the most effective manner for you and your computer;
  • Communicate about, and administer participation, in special events, surveys, contests, web conferences, and other offers and promotions;
  • Analyze users’ behaviour when using our Services to customize preferences, and develop new products, services and advertising;
  • Enable posting on our blog and other communication channels (such as Social Media);
  • Comply with and enforce applicable legal requirements, agreements, and policies; and
  • Any other activity consistent with this Privacy Notice.

You manage your subscriptions and you may opt-out of receiving marketing communications at any time. Specific examples of why and how we process your personal data:

  • SERVICE DELIVERY
    We process the data we collect to provide you the Services we offer, which includes using the data to improve and personalize your experience. We may also use that information to communicate with you, including for
    service provisions or product updates. We usually process information not collected directly by us, but by way of our clients, which includes general HR and payroll information. When processing data for this purpose, we rely on contractual agreements
    with our clients who are the Data Controllers of your data while NGA HR is the Data Processor. We encourage you to contact your employer for any questions on the Services that we provide to them directly.
  • IP ADDRESSES
    We may collect information about your computer that does not, by itself, identify you by name, including where available your IP address, operating system and browser type, for system administration and to report aggregate
    information to our advertisers. This is statistical data about our users’ browsing actions and patterns. The purpose of the data is to improve effectiveness of the site, to help diagnose problems and to administer the site.
  • COOKIES AND INFORMATION GATHERING TOOLS
    Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
    You can read more on Cookies here. We may also collect information during your visit to our website through automated tools, which include Web beacons (or named as web bugs), embedded web links and any other commonly used
    information gathering tools. A web bug is an object that is embedded in a web page or email and is usually invisible
    to the user but allows checking that a user has viewed the page or email. We may use the Web beacons for the purpose of email tracking and page tagging for Web analytics. In addition we might use web bugs implemented through an embedded image include tracking pixel, pixel tag, 1×1 gif, and clear
    gif that may be implemented by using JavaScript. Learn more about Cookies and how they are used here:
    www.youronlinechoices.eu/
    www.allaboutcookies.org/
  • MARKETING
    We may contact you to provide you information about our Services and offerings, or updates to them, with the information that you have provided to us, or that we have collected through third parties (e.g. external marketing
    companies, conferences). The data we collect is used for internal review and to contact you for marketing purposes and is not shared with other organizations for commercial purposes.

What Kinds of Personal Data Do We Collect
The following are examples of types of personal data that we may collect. The specific kind of information collected by us will depend on the Services provided:

  • Contact information (name, last name, email address, phone number, address, company, job title)
  • Payment information (billing address, bank account information)
  • NGA HR purchase or service history
  • Your location
  • Your interests and preferences
  • Annual revenue
  • Number of employees
  • Demographic information
  • Biometric data such as voice recordings
  • Details about your computer, devices, applications and networks (including IP address, browser characteristics, device ID, operating system, or language preferences)
  • Activities on our website (including referring URLs or dates and times of website visits)

Products and Offerings
At NGA HR we have a range of Products and Offerings. Below are some samples of our most important ones and the Personal Data we collect through them:

Payroll Exchange
Payroll Exchange is a Business Process as a Service (BPaaS) solution for global payroll in the cloud, offering organisations a seamless connection to their Global HRIS system of choice and certified Payroll Services in
188 countries. The solution offers both consistent and coherent access to payroll transactions and data in order to benefit globally compliant payroll outsourcing services based on the most suitable payroll solution for each country.

MyHRW
MyHRW is a web based multichannel service center application driven by a skill based routing system. Every step taken, document used or email sent o solve an HR issue is logged.

euHReka
euHReka is a comprehensive preconfigured HCM solutions, supporting HR, employees, managers, line managers and service center agents.

NGA cleaHRsky
NGA cleaHRsky is the industry’s first truly integrated HR-as-a-Service solution, delivering end-to-end HR, payroll and service center processes in 188 countries. It combines secure cloud technology from SAP SuccessFactors
with industry-leading HR services from NGA HR. Below are some examples of data we collect and process when you are using one of NGA HR’s Products and Offerings (including but not limited to):

  • Name – First, Middle, Family Name / Surname
  • Date, Country and Place of Birth
  • Employee ID, Job Code, Cost Center, Department, Division and Location
  • Absences from Work, Time Profile and Work Schedule
  • National Social Security Number (or equivalent)
  • Passport Number
  • Driving Licence Number
  • National Identity Card Number
  • IP Address
  • Passwords
  • Address
  • Telephone Numbers (personal and work)
  • Email Addresses (personal and work)
  • Emergency contact details
  • Work Address
  • Bank Name, Account Number and Sort Code
  • International Bank Account Number (IBAN)
  • Business Identified Codes (BIC)
  • Salary including Bonus Payments and other Financial Benefits
  • Pension Details
  • Garnishment Details
  • Diversity (e.g. Religion, Race, Ethnic, Political)
  • Trade Union Membership
  • Other types of special categories of personal data
  • Work permit
  • Disciplinary Actions and Grievances
  • Holiday Calendar, Time Profile and Work Schedule
  • Photograph
  • Passwords
  • Other data submitted by Users in open fields

Data Transfers
We are headquartered in the United Kingdom, with affiliates and subsidiaries throughout the world. The data that we collect may be processed, transferred to, and stored in our various service and data centre locations around
the world, and may be located outside of the country where the data is originally collected. This means that data protection standards may be different from the place where the data is collected (such as a destination outside the European Economic Area
(‘EEA’), a destination outside the USA, or any other destination in the world). Data may be also stored with a cloud service provider (e.g. Microsoft, Salesforce.com, Oracle, Hubspot) and therefore located across those provider’s cloud environment. However,
we deploy and enforce a standard, global operational, IT and Security control framework across our global service, data center and third-party locations. Data may also be processed by staff, operating outside any other countries where the data is collected,
who work for us as an employee or contractor or for one of our third-party suppliers (i.e. agents, service vendors, business partner and other). Such staff may be engaged in, among other things, the fulfilment of your request and the provision of any
kind of support services. By submitting your personal data to us, you agree to this transfer, storing or processing at any location in the world. We execute the appropriate legal and contractual documentation to effectuate these transfers such as data
processing and data transfer agreements or on adequacy decisions from the relevant authorities. We will take reasonable steps necessary to ensure that your data is treated securely, with appropriate technical and organizational measures, and in accordance
with this privacy notice. Our Information Security Management System is designed to maintain an appropriate level of confidentiality, integrity and availability. If you are located in the EEA or Switzerland, we provide adequate protection for the transfer
of personal data to countries outside the EEA or Switzerland through a series or intercompany data transfer agreements based on the EU Standard Contractual Clauses, authorized by the European Commission. Where we have given you (or where you have chosen)
a password which enables you to access certain parts of our website, our products or services you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Your Rights and Choices
If you would not wish us to contact you (via phone, email, SMS or any other way), nor use your data in the way described in this Privacy Notice, nor you would want us to pass your details on to third parties, please
do not hesitate to contact us at the following email address: marketing@ngahr.com. Note: If you ask us to not receive any communication from us, we will retain a copy of your email address marked with ‘do not contact’
in order to comply with your no-contact request. As an individual, you have the following rights in regards to the protection of your personal data, which you may exercise at any moment:

  • Right to be Informed
  • Right of Access
  • Right of Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights in Relation to Automated Decision Making and Profiling

Where we are the Data Processor of your data, please contact your employer, as the Data Controller to effectively exercise your rights. The exercise of these rights is free of charge for you and we have the obligation to respond to you without undue delay
upon a raised request. We may request certain confirmation that you are authorized to exercise this request or ask for proof of your identity, before responding to your request. Should we not satisfy your request, you have the right to raise a complaint
to the relevant data protection authority. A link to the relevant data protection authorities can be found here. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and any other third parties.
If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data
to these websites. We do not have and will not accept any responsibility or liability for any tracking, data collection or other activities of third parties.

Sharing of Your Personal Data
As a global business operating company, we may disclose your personal data to any member of the NGA HR group of companies, which means our subsidiaries and affiliates, our ultimate holding company and its
subsidiaries located at any place in the world. We may disclose your personal data to third parties in the following cases:

  • In the event that we sell, buy, merge, consolidate, transfer, change in control any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • In the event of re-organisation or liquidation of our company whereby in some countries such a transaction may involve, in accordance with applicable laws, the disclosure of personal data to prospective or actual purchasers, or the receipt of it from
    sellers;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or any other governmental request;
  • If we may be required to provide personal data in response to a court order, subpoena, warrant, government investigation, any procedure issued by authority, or as otherwise required by law. We also may choose to establish or exercise our legal rights
    or defend against legal claims;
  • If we believe that there is a threat to the information stored in this website, or in order to protect or defend our rights or the well-being of our users. In general, we may release certain personal data in cases where we believe that the release of
    the information is reasonably necessary to protect the rights, property, and safety of others and ourselves;
  • We may contract with any third-party supplier to provide any services for operating this website, for any requests or for the purpose of supporting our business activities. Any third party providing services to us may be allowed, on our behalf, to access
    your personal data provided by you for their proper use in connection with the specific services provided.
  • In cases where you provide us with your consent to do so. In those cases we will ask you for an explicit written consent confirmation.

How We Secure Your Personal Data
In accordance with our policies, the group is committed to protect any personal data divulged to us. We implement and will maintain appropriate security measures, technologies and procedures in order to
protect your personal data from loss, misuse, alteration or destruction. Our management team, employees and partners are required to keep personal data confidential. Unfortunately, the transmission of information via the internet (by way of an email or
other) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use
internal procedures and security features trying to prevent unauthorised access.

Data Retention Information
NGA HR is retaining information for legitimate business or for legal purposes and will not hold information for a period longer than is reasonably necessary to fulfil the purposes for which it was collected.

Children’s Privacy
We may collect a limited amount of personal data of children when providing certain benefits to our own employees in accordance with the applicable legal provisions. We may process personal data of children of our client’s
employees if this is part of the contract service provisions with our clients. Other than these examples, we do not knowingly collect personal data from children without obtaining parental consent in accordance with applicable laws and regulations. If
you believe that we have collected information from your child in error or have any other questions or concern, please notify us and we will promptly respond.

Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to marketing@ngahr.com. In addition, please do not hesitate to contact us if you suspect
any privacy or security breaches.

Safe Harbor/Privacy Shield Statement
On October 6, 2015, the European Court of Justice deemed Safe Harbor inadequate for the protection of EU citizen data, particularly in light of the access that the U.S. government had/has to data held
on servers in the U.S. NorthgateArinso, Inc. (NGAHR’s U.S. company) complied until then with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and
retention of personal information from European Union member countries and Switzerland. NGA HR relies on EU Model Clauses for the safe transfer of personal data from the EU to the US. NGA HR is currently not certified against the EU-US Privacy Shield,
replacing the EU-US Safe Harbor Framework. To read NGA’s statement on the ECJ ruling of October 6, 2015 on the Safe Harbor Framework please follow this link:
https://www.ngahr.com/faqs-regarding-invalidity-of-the-eu-us-safe-harbor-agreement/

Code Of Conduct
The NGA HR Code of Conduct document articulates ethical and behavioural guidance for all NGA HR companies. At NGA HR, we understand the great privilege and yet even greater responsibility we have in managing some of our
clients’ most sensitive assets – including their financial, HR and Payroll Data. Therefore, we make every effort to ensure that everyone at Northgate not only understands this responsibility but also embraces it with the highest standards of care and
professionalism. To read NGA HR’s entire Code of Conduct, click here:
https://www.ngahr.com/wp-content/uploads/2018/10/nga-code-conduct-2017.pdf

Anti-Corruption Policy
This document defines NGA HR’s policy on the avoidance of bribery and corruption. It is applicable globally to all companies in the NGA HR group, their employees, and business partners. It will be regularly reviewed
to ensure that it reflects any changes in applicable laws and developments in acceptable standards for the conduct of business. We are committed to maintaining the highest ethical standards and vigorously enforcing the integrity of our business practices
wherever we operate throughout the world. NGA HR will not engage in bribery or corruption of any kind. Adherence to the guidelines set out in this policy will help ensure that we comply with anti-bribery and anti-corruption laws and governmental guidance.
To read NGA HR’s entire Anti-Corruption Policy, click here:
https://www.ngahr.com/wp-content/uploads/2018/10/nga_hr_anti-corruption_policy_external.pdf

Anti-Money Laundering Policy
This document articulates operational and performance guidance for NGA HR companies, employees and business partners. To read NGA HR’s entire Anti-Money Laundering Policy, click here:
https://www.ngahr.com/wp-content/uploads/2018/10/nga_hr_anti-money_laundering_policy.pdf

Modern Slavery and Human Trafficking Statement
At NGA HR we take seriously our responsibility to help prevent the crime of modern slavery and human trafficking across our own business as well as that of our partners and suppliers. As
part of our commitment, we ensure that our workers are not being exploited, that our work environment is safe, and that all employment, health and safety and human right laws are fully adhered to. Our Code of Conduct (​https://www.ngahr.com/wp-content/uploads/2018/10/nga-code-conduct-2017.pdf)
embodies and reinforces our commitment to these and other key guiding principles, and applies to all of NGA HR as well as to our partners and suppliers. As part of our procurement process, we vet our partners and suppliers to identify and help prevent
potential modern slavery or human trafficking risks in our supply chain, and require them to ensure that they either have equivalent policies to ours or that they abide by our policies. Additionally, we have adopted and support the Ten Principles of the
UN Global Compact (https://www.unglobalcompact.org/what-is-gc/mission/principles), which derive from the Universal Declaration of Human Rights, the International
Labour Organization’s Declaration on Fundamental Principles and Rights at Work, the Rio Declaration on Environment and Development and the United Nations Convention Against Corruption.

Abridged Data Privacy Policy
This document articulates operational and performance guidance for NGA HR companies, employees and business partners. To read NGA HR’s entire Abridged Data Privacy Policy, click here:
https://ngahr.com/wp-content/uploads/2018/10/nga_hr_abriged_data_privacy.pdf

Equality, Diversity and Dignity Policy
This document articulates operational and performance guidance for NGA HR’s, employees and business partners. To read NGA HR’s entire Equality, Diversity and Dignity Policy, click here:
https://www.ngahr.com/wp-content/uploads/2018/10/nga_hr_equality_diversity_dignity_policy.pdf

Security and Compliance Standard for Outsourced Third Party Service Providers

This document articulates operational and performance requirements for NGA HR vendors, contractors, subcontractors and suppliers who handle personal data. To
read NGA HR’s Third Party Vendor Security and Compliance Standards, click here:
https://ngahr.com/wp-content/uploads/2018/10/tpv_security_standard_2017.pdf

Responsible Disclosure

NGA HR is committed to the privacy, safety and security of our customers We all
understand that the protection of customer data is a significant responsibility and requires our highest priority. We take this responsibility seriously and genuinely value the assistance of security researchers and others in the security community to
assist in keeping our systems secure. If you are a researcher and have discovered a security vulnerability in one of our products, websites or services, we’d really appreciate your help in disclosing this to us in a responsible manner. General Guidelines
We request that all researchers: Let us know as soon as possible on the discovery of potential security issues and we will make every effort to resolve the issue as quickly as possible. Provide us with a reasonable amount of time to investigate and resolve
the issue before any further disclosure is made. Make every effort to avoid privacy violations, destruction of data and interruption or degradation of service. How to report a security vulnerability? If you are an NGA HR customer Contact your NGA HR account
manager and inform them of what has been identified and they will manage the issue with the NGA HR security teams. If you are NOT an NGA HR customer You should email our security team at disclosure@ngahr.com.
Please include the following details in your report:

  • Description of the location and potential impact of the vulnerability.
  • A detailed description of any steps required to reproduce the vulnerability.
  • Your name / handle if you would like any follow up on the remediation activities.

Thanks you for your help and support.

NGA HR