Privacy Policy
Last updated: June 9, 2025
This Privacy Policy describes how PeopleCore HRIS ("Company", "We", "Us", or "Our") collects, uses, discloses, and protects personal data when You ("User", "You", or "Your") use our Human Resource Information System (HRIS) and related services.
By accessing or using our Service, You agree to the collection and use of information in accordance with this Privacy Policy.
I. Definitions
- Service refers to the PeopleCore HRIS platform and related services accessible via www.peoplecore.net.
- Personal Data means any information that identifies or can be used to identify an individual, including but not limited to employee records, contact details, government-issued IDs, payroll data, and performance metrics.
- Processing refers to any operation performed on Personal Data, whether automated or not, such as collection, storage, use, disclosure, or deletion.
- Client refers to the organization that has subscribed to the PeopleCore HRIS platform and whose employees' data is processed.
- Data Subject refers to the individual whose personal data is being processed (e.g., employees, applicants).
- Service Providers are third parties engaged to support the delivery of our services (e.g., cloud hosting, analytics, payroll integration).
II. Types of Data Collected
a. We may collect the following categories of Personal Data:
- Identification Data: Full name, date of birth, gender, civil status, employee ID, government-issued IDs (e.g., SSS, TIN, PhilHealth).
- Contact Information: Email address, phone number, residential address.
- Employment Information: Job title, department, employment status, work history, performance evaluations.
- Payroll and Compensation: Salary details, bank account information, tax declarations, benefits, and deductions.
- Attendance and Leave: Time logs, leave applications, overtime records.
- System Usage Data: Login timestamps, IP addresses, device information, and activity logs.
b. Usage Data
Usage Data is collected automatically when using the Service. This may include:
- IP address, browser type/version, pages visited, time/date of visit, time spent on pages
- Device information (e.g., mobile device type, OS, unique IDs)
- Diagnostic and performance data
This data helps us monitor system performance, detect issues, and improve user experience.
III. Purpose and Use of Personal Data
PeopleCore HRIS collects and processes Personal Data to deliver, maintain, and improve its services, and to fulfill legal and contractual obligations. Specifically, Personal Data may be used for the following purposes:
- Human Resource Management: To manage employee records, HR workflows, and performance evaluations.
- Payroll and Benefits Administration: To process salaries, government contributions, tax declarations, and employee benefits.
- Compliance: To ensure adherence to labor laws, tax regulations, and the Data Privacy Act of 2012.
- System Access and Account Management: To enable secure login, manage user roles, and provide personalized system features.
- Technical Support and Service Optimization: To monitor system usage, detect issues, and enhance functionality.
- Communication: To contact users via email, SMS, or in-app notifications for updates, alerts, and administrative matters.
- Marketing and Engagement: To share relevant news, offers, and service updates, unless the user opts out.
- Analytics and Reporting: To generate insights for HR decision-making and evaluate system performance.
- Business Continuity: To support mergers, acquisitions, or asset transfers where Personal Data may be involved.
- User Requests: To respond to inquiries, feedback, and support tickets.
IV. Tracking Technologies and Cookies
We use cookies and similar technologies (e.g., web beacons, Flash cookies) to:
- Authenticate users
- Store preferences
- Analyze usage patterns
- Improve system performance
Types of Cookies We Use:
Type | Description |
Essential Cookies | Required for core functionality (e.g., login, session management) |
Preference Cookies | Remember user settings (e.g., language, layout) |
Analytics Cookies | Help us understand how the system is used |
Acceptance Cookies | Track cookie consent status |
You can manage cookie preferences through your browser settings. Disabling cookies may affect system functionality.
V. Data Retention
Data Type | Retention Period |
Employee Records | Up to 5 years after separation |
Payroll and Tax Data | 10 years (BIR compliance) |
Usage Data | Shorter periods unless needed for security or compliance |
PeopleCore HRIS retains Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Retention periods vary depending on the type and purpose of the data. For example:
- Employee records may be retained for up to five (5) years after separation, in accordance with labor regulations.
- Payroll and tax-related data may be retained for ten (10) years to comply with BIR requirements.
- Usage Data is retained for shorter periods unless needed for system security, performance analysis, or legal compliance.
- Retention periods may vary depending on the type of data and its purpose
Upon termination of services or upon request, Personal Data will be securely deleted or returned, subject to applicable retention policies. PeopleCore HRIS ensures that all data retention practices comply with relevant legal and contractual obligations.
VI. Legal Basis for Processing
We process Personal Data based on:
- The Client’s legitimate interest in managing HR operations
- Compliance with legal obligations (e.g., labor laws, tax regulations)
- Consent of the Data Subject, where required
VII. Data Sharing and Disclosure
Internal and External Recipients
We may share your Personal Data with:
- Authorized personnel of the Client for HR and administrative purposes
- Service Providers (e.g., cloud hosting, analytics, payroll integration) under strict confidentiality agreements
- Affiliates and business partners to deliver integrated services and features relevant to HRIS users
Legal Disclosures
Personal Data may be disclosed to government agencies (e.g., BIR, SSS, PhilHealth) as required by law, and to legal authorities in response to court orders, subpoenas, or other lawful requests. We may also disclose data in good faith to:
- Comply with legal obligations
- Protect the rights or property of the Company
- Investigate potential wrongdoing
- Ensure user or public safety
- Defend against legal claims
Consent-Based Sharing
We may share your Personal Data::
- With other users in shared spaces (e.g., forums, dashboards) where your profile and activity may be visible
- With third parties for purposes not listed above, only with your explicit consent
VIII. Disclosure of Your Personal Data
a. Law Enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. This includes compliance with court orders, subpoenas, or other legal processes.
b. Other Legal Requirements
The Company may disclose Your Personal Data in good faith when such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users or the public
- Protect against legal liability
IX. Security of Your Personal Data
We are committed to protecting Your Personal Data. We implement appropriate technical, organizational, and physical safeguards to ensure data confidentiality, integrity, and availability. These include:
- Data encryption (in transit and at rest)
- Role-based access controls
- Regular security audits and vulnerability assessments
- Secure hosting environments
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use industry-standard practices, we cannot guarantee absolute security.
X. Children’s Privacy
Our Service is not intended for individuals under the age of 13. We do not knowingly collect Personal Data from children without verified parental consent. If you believe that a child has provided us with Personal Data without consent, please contact us immediately. We will take steps to delete such information from our systems. If consent is required under applicable law, we may request parental or guardian approval before collecting or processing a child’s data.
XI. Links to Other Websites
Our Service may contain links to third-party websites that are not operated by us. We strongly advise you to review the privacy policies of any external sites you visit. We do not control and are not responsible for the content, privacy practices, or policies of any third-party websites or services.
XII. Data Subject Rights
Data Subjects have the right to:
- Access their personal data
- Request correction or deletion
- Object to or restrict processing
- Lodge a complaint with the National Privacy Commission
Data Subjects may exercise their rights by submitting a written request via email to dataprivacy@peoplecore.net. Requests should include valid identification and specify the nature of the request (e.g., access, correction, deletion). The Company will respond within fifteen (15) business days from receipt of a complete request. Requests may also be submitted through the Client’s HR department.
XIII. Consent Management
PeopleCore HRIS obtains consent from Data Subjects prior to the collection and processing of Personal Data when such consent is legally required—particularly for optional activities such as marketing communications, participation in surveys, or sharing data with third-party partners for non-essential services.
Consent is typically acquired through electronic forms, system prompts, or written agreements, depending on the nature of the activity.
Users may withdraw their consent at any time by contacting the Data Protection Officer or using the opt-out mechanisms provided in communications. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. All consents are securely logged in audit trails to ensure accountability and compliance with the Data Privacy Act of 2012.
Processing activities related to employment, payroll, legal compliance, and system functionality are based on legal obligations or the legitimate interest of the Client and do not require separate consent.
XIV. Data Breach Notification
In the event of a data breach involving Personal Data, PeopleCore HRIS will notify affected individuals and the National Privacy Commission (NPC) within seventy-two (72) hours upon knowledge or reasonable belief that a breach has occurred. Notifications will include the nature of the breach, the data involved, potential consequences, and measures taken to address the breach. Affected individuals will be contacted via email or other appropriate channels. The Company will cooperate fully with the NPC and take all necessary steps to mitigate risks and prevent future incidents.
XV. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify Clients of significant changes and post the updated version on our website with the revised date.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
XVI. Contact Us
If you have any questions about this Privacy Policy, You can contact us:
- By email: dataprivacy@peoplecore.net
Privacy Policy Version: 1.0.1 | Effective Date: June 9, 2025