Ascent Consulting Services Pvt. Ltd. (referred as AscentHR) is committed to ensure data confidentiality and privacy of all its customer. To ensure this, we have our own data center which meets all Tier-3 standards and is fully managed by an in-house team. Service availability and continuity is supported with a robust and well-established disaster recovery and business continuity plan. Services are delivered as SaaS. Our clients and their employees access the website hosted in our data center.
|Data||Information collected in soft copies or hard copies to process|
|Website||Internet facing application accessible to AscentHR clients & their employees with valid credentials|
|System||All other information systems like business applications, Mail, SFTP, API Service made available to AscentHR clients and their employees|
Data Protection Principle
AscentHR delivers “HR Information Systems” in the SaaS model. We offer “Payroll Processing and Compliances” as Management Services. The type of information collected is based on the custom service agreements.
While delivering these services we collect, store, and process client “Personally Identifiable Information” (PII) & “Payroll Related Financial Information”:
- The PII information comprises of client employee ID, Name, Date of Birth, Father/Guardian Name, Gender, Bank Account Details, Nomination & Dependent Details, PF, ESI Numbers, Phone Number, Education & Skills and Ethnicity & Religion. The other generic Personal Information collected are IP Address, Country Code, Unique ID, date and time stamps.
- Payroll related financial information includes employee PAN number, wage details, tax computations, statutory deductions, gross and net payment.
- We collect minimal client information such as client name, TAN number, and address to generate statutory reports
AscentHR has implemented ISO Standards in Quality Assurances. We have implemented ISO 9001 for over 10 years and our internal Quality Assurance process are audited and certified by TUV Nord.
Data Security & Privacy
We have implemented best of the industry practices in information security. We have implemented ISO 27001 by TUV Nord. We have been audited for SSAE 18 Type II (SOC1 & SOC2) controls. We have implemented these standards over 10 years. We are compliant with GDPR.
We have ensured robust network & system security, by ensuring minimum and needful exposure to public internet and ensured encryption of data in Transit and at Rest. International standards & practices are implemented and validated by Third party Vulnerability Assessments & Penetration Test. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. On receipt of formal written complaint, we shall intimate the respective client and take appropriate due diligence process as required under the agreed service agreement.
As a service organization, we are audited by CPA for design & operating effectiveness of controls as per SOC1 & SOC standards.
- Information is collected for specified, explicit, and legitimate purposes according to the defined scope of work, which minimises the possible use of inaccurate, incomplete or outdated data
- Access to data is controlled and is limited to authorized personnel by policies, procedures, and system design
- As part of our compliance service delivery requirement, upon client consent, we may have to disclose information to government body to submit statutory compliances like PF, ESI, PT, LLC.
- We do not sell, trade, rent or share your personal information to any third party without your consent
- User access is limited to the specific data required for their immediate task and for the specific duration of the task.
- Establish logs and audit trails to identify users and third parties that receive personal data.
- AscentHR has appropriate technical and organisational measures in place to ensure personal data is protected from unauthorised access, unlawful processing, accidental loss or destruction of, or damage to personal data (including the vetting of staff).
- AscentHR ensures effective physical security controls to Site storing & processing data
- AscentHR identifies security breaches or unauthorised disclosures of personal data and shall notify the affected parties
- The data shall only reside in countries specified in the agreement and shall not be transferred or transmitted outside the geography specified in the agreement
- AscentHR does not track activities or collect data from persons under age of 18 years.
- We shall not erase data without the consent of the client
Data Protection Authority
If you are a resident of the European Economic Area (EEA) and believe that we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our Data Protection Office (DPO) at the following address.
AscentHR may hire a vendor as In-country partners or Lodgement Partners to get regional support. AscentHR shall conduct vendor due diligence and share details to its client in advance. All vendors shall sign a Non-disclosure agreement with AscentHR. AscentHR shall minimize the access to data, according to the scope of services.
Access to Site
The service deliverables is a managed system. User activation process is facilitated by AscentHR Internal Team or an authorized client personnel. There is no option for online registration or de-registration of the end user. According to the process cycle, user accounts are created by authorized personnel at AscentHR or Client. An invitation mail is sent to employees for One-time registration & activation.
Employee de-activation is also a process controlled & managed services, where record is de-activated after a mutual consent and signoff between authorized personnel.
Employees can ask for support on the portal query module and get support from designated support team. Support query may include clarification on data, values computed or clarifications.
- “Human Resource Information Systems” (HRIS) is a self-driven system and employee queries are forwarded to the client’s HR Team.
- Payroll & Compliance support is forwarded to AscentHR’s authorized internal team.
Employee Self Service
Employees can reset their password using the provided features to reset their password or contact the web query based Help Desk for login Support.
We do not use any cookies to store data. Using cookies will prevent loss of data due to vulnerabilities at the end point.
Integration to External Links
We do not implement links to any other third party sites and services.
DATA PROTECTION OFFICER
Ascent Consulting Services Pvt Ltd
Maruthi Chambers, 3rd Floor
Survey No: 17/4C, 9C, Roopena Agrahara,
Hosur Road, Bangalore - 560 068
Phone : +918040099500 Ext: 3029