Privacy

Privacy Policy

This Privacy Policy (“Privacy Policy”*) describes how Frappe Technologies Pvt. Ltd. (“Frappe”, “Company”, “We”, “Us”* and *“Our”) collects, stores, uses, shares, transfers, modifies, erases, and otherwise, processes (“Processing”) your (“User”, *“You”* and *“Your”*) personally identifiable information (“Personal Information”) on the FrappeHR website at https://frappehr.com/ (“Website”), for services offered by Frappe on the Website (“Service(s)”), and applications or software distributed by Frappe for the purpose of interacting with the Website or Services if such applications or software explicitly state the applicability of this Privacy Policy (*“Application(s)”).

Please read this Privacy Policy carefully to ensure that You understand it. Please contact Us if You do not understand any portion of this Privacy Policy. By using the Website, Applications, or Services, You confirm that You have read and understood this Privacy Policy, and agree to the Processing of Your Personal Information in accordance with this Privacy Policy.

This Privacy Policy may be updated from time to time in order to provide up-to-date information regarding Our privacy practices. For more information, please see the section titled “Changes in this Privacy Policy” below.

Scope of the Privacy Policy

This Privacy Policy is applicable to the Processing of Your Personal Information if it is collected during Your use of the Website or Applications, or if such Processing is associated with Services offered on or through the Website or Applications.

This Privacy Policy does not govern the processing of non-personal or anonymized information by Frappe. This Privacy Policy does not apply to data collected on third party websites, apps, or services, or the use of Frappe’s platform and services by third parties for the collection of information, even if such third parties are Frappe’s partners and display Frappe branding on their websites, apps, or services. Data collected by third parties is subject to their own privacy policies and practices.

Who is a User?

A User refers to any person who uses or visits the Website or Application.

Rights of a User

As a User, You have the rights mentioned below available to You. The rights below are subject to the section on “Exercising Your Rights” below. Frappe undertakes to respond to Your requests within a period of thirty (30) days, or shorter duration if required by applicable law.

1. Right to Access You have a right to request a copy of Your Personal Information held by Us. You can access Your Personal Information by visiting https://frappehr.com/request-data/new.

2. Right to Rectification* You have a right to request for rectification of incomplete or inaccurate Personal Information. We provide the ability for You to edit information about yourself within Your account on the Website. If You are unable to edit any Personal Information yourself, please contact Us at support@erpnext.com with the subject line *“Data Subject Request: Right to Rectification”.

3. The Right to Erasure We may retain Your Personal Information as long as necessary for the provision of Services to You. Subject to “Exercising Your Rights” below, You may, at any time, request for the erasure of Your Personal Information by visiting https://frappehr.com/request-for-account-deletion/new . However, if You do so:

Except as mentioned below, We may irrevocably delete Your account, and any or all associated Personal Information. You may irrevocably lose any active subscriptions, progress, usage information, or any other applicable account information;
We may retain some of Your Personal Information as necessary for our legitimate interests, such as fraud detection and prevention and enhancing safety;
We may retain and use Your Personal Information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations.

4. The Right to Data Portability You may request copies of Personal Information that You have provided to Us, in a structured, commonly used, and machine-readable format, by visiting support@erpnext.com. You also have the right to transmit this information to another controller, where feasible.

5. The Right to Object* In situations where We Process Your Personal Information on the ground of Our legitimate interests, You may object to the Processing of such Personal Information by contacting Us at support@erpnext.com with the subject line *“Data Subject Request: Right to Object”. All direct marketing communications such as promotional emails sent by Us contain instructions for opting out of such communications.

6. The Right to not be subjected to Automated Decision Making We do not use automated decision-making processes at this time.

Exercising your Rights

In case of an inability to exercise any right by following the instructions provided above, please contact Us at support@erpnext.com with the subject line “Data Subject Request”.
Prior to or during the processing of Your requests, We may ask You to provide information necessary to establish Your identity, the applicable law, and/or confirm the action requested by You. In case You do not provide the necessary information, Frappe may refuse to process Your request.
We may, in certain circumstances and where allowed by applicable law, decline to process requests that are manifestly unfounded or repetitive; that are impossible or require disproportionate technical effort; that negatively affect the privacy of others; that is contrary to applicable law, Frappe’s legal obligations, or order by law enforcement, government, or judicial authority; that are subject to a legal dispute; or that are otherwise overridden by Our legitimate interests.
Where allowed by applicable law and believed necessary by Frappe, such as in case of manifestly repetitive requests, Frappe reserves the right to charge for the exercise of certain rights.
In case you are unsatisfied with the resolution of Your complaint or request, You have the right to complain to Your local supervisory authority. However, we request that You first reach out to Our grievance officer listed at the end of this document for a speedy resolution of Your concerns.

How do we collect Information?

Categories of Information We collect:

1. Information Manually Provided by You We assure You that the personal information provided by You is strictly limited to the ones that we require to facilitate Your user experience of our services. These include but are not limited to the information that is manually provided by You, while performing the following activities :

(i) Your contact information like Your name, email address.

(ii) In the event of You writing an email to us, Your email address

We may also collect other personal/non-personal information that we may require to interact with or provide services to/ for the products and services requested by You

2. Information that is automatically collected The following information is automatically collected when You interact with the FrappeHR website to ensure proper quality and smooth operation of the services provided :

(i) IP Address

(ii) Domain names

(iii) Type of browser

(iv) Referring website or page

FrappeHR may also consider the above information for analytical purposes to further improve upon the Website, Applications and Services.

Email Communication

Frappe is yet to start with sending out marketing and promotional emails but in the event that it starts and a User wishes to opt-out of the email communication for marketing and promotional purposes, they may send us an email to support@erpnext.com

Purposes for which we collect or Process Your Personal Information

To administer and maintain Your FrappeHR account
To provide our Services.
To communicate with You, such as for responding to Your communications, and sending notices under Our terms of service, this privacy policy, and other legal documentation.
For direct marketing, including sending information about Our products and services.
To address Your grievances, complaints, and suggestions.
To fulfil our legal obligations and regulatory compliances
To perform Our duties, protect Our rights, and fulfil Our responsibilities as per Our contract with You, such as under Our terms of service.

Collection Use and Disclosure of Your Personal Data

We follow a consent-based model so far as the collection of personal information is concerned, You shall be notified of the purpose for which the data is being collected and a confirmation to this effect shall be given by You. An additional consent shall be taken in cases where the collected data is used for purposes other than the ones it was collected and consented for. Consent to such data collection is presumed when you continue to use our services and freely supply us with them for a stated purpose.

An exception to the above is when the data falls under the following circumstances:

i. Available on a public forum disclosed to a public authority ii. A necessity for legal investigation and proceedings or requirements iii.Used for the purposes of evaluation, managing, terminating FrappeHR membership iv. Used for business transactions

Retention and Storage

We decide the period of retention of Your data or information in accordance with the following criteria:-

Backups: Backups may be retained in accordance with the information provided on this page.On an Account deletion request by the User, Frappe shall be deleting all the backups of the User. The responsibility to procure the backup solely depends on the Customer before generating the Account deletion request to Frappe and terminating the Agreement. Backups can only be procured by the Customer only in case the Customer has an Active account and will not be processed unless required for disaster recovery or on before account deletion purposes or if we are legally compelled to do so.
Provision of Our service to You: We retain the information and data in Your account for at least as long as You have an active account with Us, and is immediately disposed of when Your account is terminated unless You request for deletion of the information from Your account in accordance with the ‘Right to Erasure’ provided above. All such requests are subject to other criteria mentioned in this section, as mentioned below.

Your data and information may be stored in locations across the world to ensure its reliability and availability. At this time, all offsite backups are stored in India. Frappe is located in India, and regardless of where You or Your data are located, Our personnel in India require access to the data to provide Our services to You. Frappe is subject to Indian laws and regulations, including but not limited to the possibility of requests for access to data by law enforcement authorities in certain circumstances. As of the date of the last update to this Privacy Policy, Frappe has not received any such request for access to data. The data can be retained for as long as it is necessary for proper execution of the legal obligations. For instance, when required by the law or when obeying a judicial order.

Information Security

We ensure that the information entrusted to us by You is granted adequate protection. In an attempt to augment the security needs of the personal data that We collect, store and process, We are now an ISO 27001 and 9001 certified company. You can come across the certificates here.

To prevent an event of unauthorised access to Your FrappeHR Account, and the sensitive information associated with it, we request you to kindly note the following:

(i) The accessibility of your password, computer/laptop/electronic device through which it can be accessed.

(ii) That you sign out of Your FrappeHR account when using a shared electronic device.

Changes in the policy

As We are constantly improving Our services and expanding our business, We retain the right to modify this privacy policy at any time. In the event We make any material changes, We will notify our registered users about the change by sending an email to the email address specified in Your account, by means of a notice on the Website, and/or through other reasonable means prior to the change becoming effective. The changes will be effective at least 14 days after the new policy has been notified to You or posted on the Website. Our latest Privacy Policy can always be found on our Website. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have are any question regarding this Privacy Policy or any enquiry about your personal data, you can reach out to us at support@erpnext.com and CC legal@erpnext.com

FOR USERS IN EU AND UK REGION

If You are located in the European Union or the United Kingdom, You may exercise Your rights by contacting Our local representative: Prighter. We value Your privacy and Your rights as a data subject and have therefore appointed Prighter as our privacy representative and Your point of contact. Prighter gives You an easy way to exercise Your privacy-related rights (e.g. requests to access or erase personal data). If You want to contact us via our representative Prighter or make use of Your data subject rights, please visit the following website, https://prighter.com/q/17949637227 or you can contact Prighter directly by post, their registered addresses for the EU and UK region are provided as under:-

If the User is based out of EU region, the User can send their data subject request by Postal mail at Prighter’s registered office at, Schellinggasse 3/10, 1010 Vienna, Austria or can generate a data subject request via https://prighter.com/q/17949637227

If the User is based out of UK region, the User can send their data subject request by Postal mail at Prighter’s registered office at, 20 Mortlake Mortlake High Street, London, SW14 8JN, United Kingdom or can generate a data subject request via https://prighter.com/q/17949637227