Privacy policy MA

Valid from: 03/07/2024

Protecting your privacy

MintHR (RC: 565131, ICE: 003141172000015, Casablanca) exercises due diligence to protect your privacy. MintHR is bound by the Data Protection Principles laid down in the Moroccan Law No. 09-08 and aligns its procedures with GDPR. This Privacy Policy (Policy) sets out how we collect, use, store, and disclose your Personal Information.

Important definitions

Data Controller: The natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or are to be, processed.

Data Processor: Any natural or legal person who processes the data on behalf of the Data Controller.

Data Subject: Any living individual who is using our Service and is the subject of Personal Data.

GDPR: General Data Protection Regulation 2016/679 of the European Union

Law No. 09-08: Moroccan data protection law governing the processing of personal data.

Malabo Convention: African Union Convention on Cyber Security and Protection of Personal Data known adopted by the General Assembly of the African Union on 27 June 2014

Personal Data: any information, of any kind and regardless of its medium, including sound and image, concerning an identified or identifiable natural person.

Sensitive data: personal data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership of the data subject, or relating to their health, including genetic data.

What is our role in processing your personal data?

For our daily business operations, we are a data controller regarding the personal data of our employees and representatives of our customers, and employees of our service providers and vendors.

Before you read the following explanations, we would also like to remind you that MintHR is a Data Processor in the context of Loi Informatique et Libertés and Moroccan Law No. 09-08 in terms of providing services to entities using our MintHR human resources and other software. As a data processor, we might carry out data processing activities in the name of your data controller (your employer) regarding your personal data. Therefore, MintHR, as the Data Processor, does not have a decisive and decision-making role in the processes for the processing of your personal data, including your sensitive data and other personal data required by the service.

Who are we?

MintHR is a registered company (RC: 565131, ICE: 003141172000015) located at GHANDI MALL 9 BD GHANDI, CASABLANCA, Morocco. We are specializing in human resources management solutions, which can operate in an integrated manner or independently and provide an uninterrupted, sustainable, and secure structure.

What sort of personal information might we collect and hold?

As a Data Processor: MintHR is a SAAS (Software as a Service) company and most of its data processing activities are carried out as a data processor in the name of data controllers, especially in regard to human resources management. If your personal information is processed by your employer using our software, you can directly refer to their Privacy Policies.

As a Data Controller: As a data controller in our business operations (administrative, Human Resources, financial, and technical operations etc), MintHR may collect and process information of our own employees and partners, employees of our customers using our software, and also our vendors that we acquire services from. Depending on circumstances, the types of information as a data controller that we may collect could include:

  • Basic Personal Identifiers: Name, title, gender, and date of birth or similar.
  • Contact Information: Phone number, mobile phone number, email address, work address or similar.
  • Identification Data: User ID, user email, signature, nickname or similar.
  • Audio-visual data: Your picture and/or live videos and audio during online meetings or similar.
  • Payment Details: Billing address, credit card or debit card, customer number or account number, bank account details or similar.
  • Usage and Device Data: Technical data such as device ID, internet protocol (IP) address and city associated with the IP address, internet service provider (ISP) from your use of our technology assets (such as our software, website, and social media pages). We also use cookies to improve your use of our technology assets. You can check our Cookie Policy for more information.
  • Health Data: Medical records related to employment, records of medical visits and sick leaves and similar.

How do we collect your personal information?

As a data controller, we may collect your Personal Information in a number of ways, including:

  • Directly from you through our technology assets, phone calls to our service desks, your emails sent to our company emails, from the application forms you submitted, or the CV you have sent to us.
  • From other parties (like your employer, personal representatives, credit reporting agencies, social media sites, and our related companies).
  • From public and open sources, such as social media and websites.
  • From communication services that we both use, such as instant messaging and/or video conferencing applications.
  • From our partners and vendors.
  • When we’re required to do so by law.

Please note that if you don’t provide us with your Personal Information, we may be unable to provide you with our services, or your service provider may be unable to provide you with their services.

Legal basis for data processing

MintHR processes personal data as a data controller based on the following legal grounds in accordance with Moroccan Law No. 09-08 and GDPR:

  • Consent: We may process your personal data if you have given clear consent for us to do so for a specific purpose. This includes scenarios where you have opted-in to receive marketing communications or have consented to the processing of your personal data for specific services.
  • Contractual Necessity: We process personal data to fulfill our contractual obligations to you or to take pre-contractual steps at your request. This includes processing necessary to provide our services, respond to your inquiries, and ensure the proper functioning of our services.
  • Legal Obligation: We process personal data where necessary to comply with legal obligations, such as accounting and tax requirements, or to respond to lawful requests by public authorities, including meeting national security or law enforcement requirements.
  • Legitimate Interests: We process personal data where it is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms. These legitimate interests include improving our services, managing our business operations, ensuring IT security, and preventing fraud.

These legal bases ensure that we process personal data in a lawful, fair, and transparent manner, adhering to the principles and obligations outlined in the applicable data protection laws.

For personal data that we process as a data processor on behalf of our clients (data controllers), please contact the relevant data controller directly to understand the legal basis for their processing activities.

How do we use your personal information?

As a data controller, we may hold, use, and disclose your Personal Information as requested by you, or consented by you to:

  • Provide services to you, your employer, or your service provider.
  • Operate, protect, improve, and optimize our website, services, applications, business, and our users’ experience, such as to perform analytics.
  • Send you service, support, and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
  • Provide you with information about new services provided by us or our service providers that may be of interest or relevant to your practice or business.
  • Comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
  • Consider your employment application.

To whom we might disclose your personal information?

As a data controller, we may disclose your Personal Information to:

  • Our employees.
  • Our customer organizations.
  • Our partner organizations.
  • Our sister company.
  • Third-party suppliers and service providers (including providers for the operation of our cloud hosting services, websites, and/or our business or in connection with providing our services to you).
  • Professional advisers, dealers, and agents.
  • Payment systems operators (e.g., merchants receiving card payments).
  • Billing services.
  • Our existing or potential agents, business partners, or partners.
  • Anyone to whom our assets or businesses (or any part of them) are transferred.
  • Specific third parties authorized by you to receive information held by us.
  • Other persons, including government agencies, regulatory bodies, and law enforcement agencies, or as required, authorized, or permitted by law.

Why do we handle your personal information?

As a data controller, we may collect, hold, use, or disclose your Personal Information:

  • To carry out administrative and office functions.
  • To communicate with you about your credentials, accounts, or contracts with us.
  • To improve our products and services by understanding how you interact with our products and services, partners, suppliers, offers, marketing, websites, and apps.
  • To measure, test, analyze, or improve our products or services, partners, offers, marketing and advertisements, websites, and apps.
  • To conduct research and surveys about your experience with us.
  • To improve and protect the security of our online engagement with you.
  • To make business decisions, for example, confirming your identity, block, suspend or cancel an account according to applicable terms and conditions, or to facilitate corporate transactions.

Communications and marketing

As a data controller, we may use your Personal Information to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

Compliance with laws

We may disclose your Personal Information in special situations where we have reason to believe that doing so is necessary to identify, contact, or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities.

We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

How do we maintain the security of your information?

We use a variety of physical and electronic security measures, including restricting physical access to our offices, network firewalls, maintaining secure databases, and implementing access controls to keep Personal Information secure from misuse, interference and loss, and unauthorized access, modification, or disclosure. We use International Data Transfer Agreements (IDTA) to secure our international data transfers as a safeguard.
We have also achieved ISO 27001 certification, which ensures that we follow rigorous information security management standards.

How do we transfer your personal information abroad?

We may store your information on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. We may disclose your Personal Information overseas to our service providers who assist us in providing services to you or your employer. These transfers are strictly limited to providing services to our customers, and our service providers are contractually bound to use your information only for the purposes for which it is disclosed.

We use various international solutions, such as email delivery, domain registration, identity and access management, customer relationship management (CRM), team communication and collaboration, productivity tools and cloud storage, user behavior analytics, consent management, instant messaging, video conferencing, hosting services, visual feedback and bug tracking, and website content management. Our providers are based in the US, Austria, France, Denmark, and other countries.

 

As a data subject, if you require more information about the transfer of your data to our international service providers please reach out to us at [email protected].

How do we manage your personal information?

We specialize in providing secure human resources management software as a service as a data processor to our clients, the data controllers. When we do so, we may have access to your Personal Information as a data processor at the request and instructions of the data controller when we provide support to our clients. Our employees with this type of access are carefully controlled and all work under contractual obligations of confidentiality and in accordance with our security certifications and policies. If you wish to obtain more information about Personal Information that any of our specific clients hold on our infrastructure, you should contact them as your data controller in the first instance.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

What are your rights as a data subject?

As a data subject, and in accordance with GDPR and Moroccan Law No. 09-08, you have the rights to:

  • Transparent information, communication, and modalities for the exercise of your rights as a data subject.
  • Information and access to personal data.
  • Information to be provided where personal data are collected from the data subject.
  • Information to be provided where personal data have not been obtained from the data subject.
  • Right of access by the data subject.
  • Right to rectification.
  • Right to object or opt-out.
  • Right not to be subject to automated decision-making, including profiling.

As a data controller, we do everything to ensure that as a data subject you enjoy your data rights to their full extent, where possible. There might be legal and contractual restrictions for the enjoyment of your rights and we will provide further and detailed information when you raise a complaint or request more information from us.

As a data processor where we provide services to our customers who are the data controllers, we would like to mention that you should first contact your data controller to enjoy your data rights.

Additional information for EU residents

If you are a resident in the European Union and have provided us with your Personal Information in order for us to provide you with a service or to carry out an instruction, your Personal Information will be handled, used, and disclosed in accordance with the GDPR. For all cross-border data transfers (transfers out of the EU), we utilize International Data Transfer Agreements (IDTA) and its amendments to include the EU Commission's latest Standard Contractual Clauses, where needed, to protect your personal data in accordance with GDPR guidelines and our ISO 27001 Information Security Management System. 

Additional information for residents of african union countries

If you are a resident of a country that is a member of the African Union, your personal information will be handled, used, and disclosed in accordance with the African Union Convention on Cyber Security and Protection of Personal Data (also known as the Malabo Convention) and in line with Moroccan Law No. 09-08, which is consistent with the Malabo Convention. If you have any questions about our processing of your personal data in accordance with your national law, please feel free to reach us at [email protected].

How can you access or correct your personal information?

As a data controller, we do everything we can to make sure your Personal Information is accurate and up to date. If you identify an error or want to know more about the Personal Information we hold about you, please contact us using the links below. We may have to verify your identity to make the correction or to provide the information we hold about you.

Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why.

In cases as we perform our duties as a data processor, you should consult your employer, as the data controller, first in accordance with GDPR.

How do you complain or request more information about your personal information?

We take your privacy seriously. If you have any concerns, or you think your Personal Information is inaccurate or has been handled in a way that doesn’t comply with the law, please send an e-mail to [email protected]. It will help us if you can provide as much detail as possible about your problem.

Once we receive your complaint, we will be in touch to let you know how long it might take us to investigate. Sometimes investigations can take up to 30 days.

We will regularly update you as to the progress of your complaint. If you aren’t satisfied with our response, you may contact the Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP) at http://www.cndp.ma or your national data protection authority.

What happens if we change this policy?

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

Contact us

If you wish to contact us regarding this Privacy Policy, please contact us:

  • by email at [email protected];
  • by post at: GHANDI MALL BD GHANDI IMM 9 2EME ETG N 5, CASABLANCA, Morocco.

 

HR admininistration

Talent management

IT service management

Core HR

Gather all your HR data in a single digital place

Talent acquisition

Streamline your recruitment with our applicant tracking system

Assets management

Oversee all employees devices in one place

Time-off

Manage time-off requests from employees

Onboarding

Offer the best onboarding experience to your new hires

Software management

Keep track of all softwares used by your employees

Document management

Manage all of your administrative documents online

Training management

Keep an eye on all your employees' trainings

IT service management

Automate IT interventions and their follow-up

Expense management

Automate expense management and take control of spending

Employee engagement

Take the pulse of your employees' well being

Payroll management

Simplify compensation and payroll

HR tasks management

Improve your HR operations

Benefits

Manage your health insurance and benefits

Other features...

Employee portal

Dashboard

KPI and reports

API Integration

Events

Company's directory

Validation process

Access control

Book your demo