Privacy Policy

1. Introduction

This Privacy Policy describes how My Attendance collects, processes, stores, and protects personal data in accordance with the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”).

2. Role Under DPDP Act

Under the DPDP Act:

• The Employer/Company using My Attendance is the Data Fiduciary.
• My Attendance acts as a Data Processor, processing personal data strictly on documented instructions from the Employer.
• Employees whose data is processed are Data Principals.

3. Personal Data We Process

We process only digital personal data necessary to provide attendance management services.

A. Employee Personal Data

• Full Name
• Employee ID
• Department
• Designation
• Contact details (if provided)
• Attendance records
• Check-in / Check-out timestamps
• GPS location at time of attendance marking
• Premises validation data
• Real-time accuracy score
• Work From Home location capture
• Break/Lunch punches
• Shift allocations (start/end/grace period)
• Leave applications
• Work status
• Device binding data
• Uploaded employment documentation (as configured by employer)

B. Admin / HR Data

• Employee master records
• Department / Designation masters
• Holiday calendar
• Shift definitions
• Leave types and groups
• Attendance and overtime reports
• Premises configuration
• CSV bulk uploads

C. Super Admin Data

• Company creation data
• Country/State/City master setup
• Company logos
• Premises type creation

D. Technical Data

• IP address
• Device information

4. Purpose of Processing

Personal data is processed solely for:

• Attendance tracking
• Shift management
• Leave management
• Overtime calculation
• Reporting (daily/weekly/monthly)
• Work-from-home validation
• Device binding and security
• Notifications (shift reminders, lunch reminders, notices)
• Compliance with employment laws

5. Consent & Lawful Use

Under DPDP Act:

• Employers must obtain valid consent from employees where required, especially for GPS location tracking.
• By using the system, users acknowledge that attendance-related data is necessary for employment management.
• Employees may withdraw consent through their employer, subject to employment obligations.

6. Data Storage & Security

Since services operate within India:

• Data is stored within secure infrastructure controlled by My Attendance.

We implement:

• Encryption in transit (SSL/TLS)
• Role-based access control
• Secure authentication
• Access logging
• Device binding controls
• Regular security monitoring

7. Data Retention

Personal data is retained:

• During the service agreement period
• As required under Indian labour/tax laws
• As instructed by the Employer

8. Rights of Data Principals (Employees)

Under the DPDP Act, Data Principals have the right to:

• Access information about their personal data
• Correction and erasure of inaccurate data
• Grievance redressal
• Nominate another individual in case of incapacity

9. Data Sharing

We do not sell personal data. Data may be shared only:

• With the employer (Data Fiduciary)
• When required by law or lawful authority
• For legal compliance

10. Data Breach Notification

In case of a personal data breach, we will:

• Notify the concerned Employer promptly
• Take necessary mitigation measures
• Comply with DPDP Act breach notification requirements

11. Cookies

Web portals may use cookies for:

• Session management
• Authentication
• Performance monitoring

12. Amendments

We reserve the right to modify this Privacy Policy. Updates will be published with a revised date.

13. Contact Information

If you have questions about this Privacy Policy, contact us: