Privacy Policy

1. Introduction

OsaBox HR is a comprehensive human resources management platform that helps businesses streamline their HR operations. This Privacy Policy applies to your use of our website, platform, and services (collectively, the "Services").

As an HR platform, we process two main categories of personal data:

• Client Data: Information about our clients (businesses and organizations) and their authorized users who access our platform.
• Employee Data: Information about our clients' employees that is processed through our platform.

We act as a data controller for Client Data and as a data processor for Employee Data (where our clients are the data controllers).

2. Information We Collect

2.1 Client Data

When you register for and use our Services, we may collect the following types of information:

• Account Information: Name, email address, phone number, job title, and password.
• Business Information: Company name, address, industry, size, tax ID, and other business details.
• Payment Information: Billing address, payment method details, and transaction history.
• Usage Data: Information about how you use our Services, including login frequency, features used, and user preferences.
• Communication Data: Information contained in your communications with us, including customer support inquiries.

2.2 Employee Data

Through our platform, our clients may collect and process the following types of employee information:

• Personal Details: Name, email address, phone number, home address, date of birth, gender, identification numbers, and emergency contact information.
• Employment Details: Job title, department, employment type, work schedule, start date, salary information, performance data, and attendance records.
• Financial Information: Bank account details, tax information, payroll data, and benefit elections.
• Documentation: Resumes, qualification certificates, work permits, and other employment-related documents.

As a data processor, we process this Employee Data on behalf of our clients according to their instructions and our data processing agreement.

3. How We Collect Your Information

We collect information through various methods, including:

3.1 Direct Interactions

Information you provide when you:

• Register for an account or subscription
• Complete forms or create records within our platform
• Upload documents or other content
• Contact our customer support
• Respond to surveys or provide feedback

3.2 Automated Technologies

Information collected automatically when you use our Services:

• Usage data through cookies and similar technologies
• Device information (e.g., IP address, browser type, operating system)
• Log data (e.g., access times, pages viewed, error logs)

3.3 Third-Party Sources

We may receive information from:

• Integration partners when you connect our Services to other applications
• Service providers who help us verify information or provide additional services
• Public sources for business information

4. How We Use Your Information

4.1 Client Data

We use Client Data for the following purposes:

• Providing Services: To create and manage your account, provide our Services, process payments, and fulfill our contractual obligations.
• Communication: To communicate with you about your account, respond to inquiries, and provide customer support.
• Improvement: To analyze usage patterns, troubleshoot issues, and enhance our Services.
• Marketing: To send updates, newsletters, and promotional materials about our Services (with your consent where required).
• Security: To protect our Services, prevent fraud, and ensure the security of your account.
• Compliance: To comply with legal obligations, enforce our terms, and resolve disputes.

4.2 Employee Data

We process Employee Data solely on behalf of our clients for the purposes of providing our HR management Services, which may include:

• Managing employee records and information
• Processing payroll and benefits
• Tracking attendance and leave
• Conducting performance evaluations
• Managing documents and compliance
• Generating reports and analytics

5. Legal Basis for Processing

We rely on the following legal bases for processing personal data:

5.1 Client Data

• Contractual Necessity: Processing necessary for the performance of our contract with you.
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, preventing fraud, and marketing our Services.
• Consent: Processing based on your consent, such as for marketing communications.
• Legal Obligation: Processing necessary to comply with our legal obligations.

5.2 Employee Data

We process Employee Data as a data processor on behalf of our clients (the data controllers). Our clients are responsible for establishing the legal basis for processing their employees' data.

6. How We Share Your Information

We may share your information with the following categories of recipients:

6.1 Service Providers

We share information with third-party service providers who help us operate, provide, improve, and promote our Services, such as:

• Cloud storage and hosting providers
• Payment processors
• Communication and support tool providers
• Analytics providers
• IT and security service providers

These service providers are authorized to use your information only as necessary to provide services to us and are required to maintain the confidentiality and security of your information.

6.2 Integration Partners

If you choose to connect our Services with third-party applications or services, we may share information with those partners to facilitate the integration.

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

6.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.5 With Your Consent

We may share your information with other third parties when we have your consent to do so.

6.6 Employee Data

We process and share Employee Data solely according to our clients' instructions and our data processing agreement with them.

7. Data Retention

7.1 Client Data

We retain your information for as long as your account is active or as needed to provide you with our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7.2 Employee Data

We retain Employee Data according to our clients' instructions and our data processing agreement. After a client terminates their subscription, we may retain their data for a limited period to allow for data retrieval before permanently deleting it, unless otherwise instructed or required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, or disclosure. These measures include:

• Encryption of sensitive data
• Secure authentication mechanisms
• Regular security assessments and testing
• Access controls and logging
• Regular backups
• Employee training on data protection

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 For Client Data (where we are the data controller)

You may have the right to:

• Access: Request information about the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete information.
• Erasure: Request deletion of your personal data in certain circumstances.
• Restriction: Request restriction of processing in certain circumstances.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw your consent where processing is based on consent.

9.2 For Employee Data (where we are a data processor)

If you are an employee of one of our clients, you should contact your employer (our client) directly to exercise your rights regarding your personal information. As a data processor, we will assist our clients in fulfilling these requests as required by our data processing agreement.

9.3 How to Exercise Your Rights

To exercise your rights regarding Client Data, you can contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law.

9.4 Complaints

If you believe that our processing of your personal information infringes data protection laws, you have the right to lodge a complaint with a supervisory authority.

10. International Data Transfers

We may transfer, store, and process your information in countries other than your own. Our servers are located in various jurisdictions, including the United States and European Union.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not received an adequacy decision, we implement appropriate safeguards such as standard contractual clauses approved by the European Commission or other valid transfer mechanisms.

By using our Services, you consent to your information being transferred to our facilities and to those third parties with whom we share it as described in this Privacy Policy.

11. Cookies and Similar Technologies

Our Services use cookies and similar technologies to enhance your experience, analyze usage, and deliver content and advertisements. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site.

11.1 Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our Services.
• Analytical/Performance Cookies: Allow us to recognize and count visitors and analyze how users navigate our Services.
• Functionality Cookies: Used to recognize you when you return to our Services and to personalize content.
• Targeting Cookies: Record your visit to our Services, the pages you visited, and the links you followed.

11.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can usually find these settings in the "Options" or "Preferences" menu of your browser. You can also delete cookies that have already been set.

For more information about cookies and how to manage them, please see our Cookie Policy.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take appropriate action.

13. Third-Party Links

Our Services may contain links to third-party websites, products, or services. These third parties have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Services and welcome any feedback about these sites.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and, where required by law, by email or prominent notice within our Services.

We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

OsaBox Limited
74A, Sichizya Road
Lusaka, Zambia

Email: privacy@osabox.co

For data subjects in the European Union, we have appointed a data protection representative. You can contact our EU representative at: eu-rep@osabox.co