Payroll and Compliance Services to its clients globally.
Ascent Consulting Services Pvt. Ltd. (referred as AscentHR) is committed to ensure data confidentiality and privacy of
all its customer. To ensure this, we have our own data center which meets all Tier-3 standards and is fully managed by
an in-house team. Service availability and continuity is supported with a robust and well-established disaster recovery
and business continuity plan. Services are delivered as SaaS. Our clients and their employees access the website hosted
in our data center.
||Information collected in soft copies or hard copies to process
||Internet facing application accessible to AscentHR clients & their employees with valid credentials
||All other information systems like business applications, Mail, SFTP, API Service made available to AscentHR clients and
Data Protection Principle
AscentHR’s data protection is customer centric and is driven by a strong leadership vision. We are committed to protect
and process the data in accordance with its responsibilities under the Information Technology Act 2008, India & EU GDPR.
We are obliged to provide clear and transparent information about our data processing activity. This is provided by this
AscentHR delivers “HR Information Systems” in the SaaS model. We offer “Payroll Processing and Compliances” as
Management Services. The type of information collected is based on the custom service agreements.
While delivering these services we collect, store, and process client “Personally Identifiable Information” (PII) &
“Payroll Related Financial Information”:
- The PII information comprises of client employee ID, Name, Date of Birth, Father/Guardian Name, Gender, Bank Account
Details, Nomination & Dependent Details, PF, ESI Numbers, Phone Number, Education & Skills and Ethnicity & Religion. The
other generic Personal Information collected are IP Address, Country Code, Unique ID, date and time stamps.
- Payroll related financial information includes employee PAN number, wage details, tax computations, statutory
deductions, gross and net payment.
- We collect minimal client information such as client name, TAN number, and address to generate statutory reports
AscentHR has implemented ISO Standards in Quality Assurances. We have implemented ISO 9001 for over 10 years and our
internal Quality Assurance process are audited and certified by TUV Nord.
Data Security & Privacy
We have implemented best of the industry practices in information security. We have implemented ISO 27001 by TUV Nord.
We have been audited for SSAE 18 Type II (SOC1 & SOC2) controls. We have implemented these standards over 10 years. We
are compliant with GDPR.
We have ensured robust network & system security, by ensuring minimum and needful exposure to public internet and
ensured encryption of data in Transit and at Rest. International standards & practices are implemented and validated by
Third party Vulnerability Assessments & Penetration Test. However, these measures do not guarantee that your information
will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. On receipt
of formal written complaint, we shall intimate the respective client and take appropriate due diligence process as
required under the agreed service agreement.
As a service organization, we are audited by CPA for design & operating effectiveness of controls as per SOC1 & SOC
- Information is collected for specified, explicit, and legitimate purposes according to the defined scope of work, which
minimises the possible use of inaccurate, incomplete or outdated data
- Access to data is controlled and is limited to authorized personnel by policies, procedures, and system design
- As part of our compliance service delivery requirement, upon client consent, we may have to disclose information to
government body to submit statutory compliances like PF, ESI, PT, LLC.
- We do not sell, trade, rent or share your personal information to any third party without your consent
- User access is limited to the specific data required for their immediate task and for the specific duration of the task.
- Establish logs and audit trails to identify users and third parties that receive personal data.
- AscentHR has appropriate technical and organisational measures in place to ensure personal data is protected from
unauthorised access, unlawful processing, accidental loss or destruction of, or damage to personal data (including the
vetting of staff).
- AscentHR ensures effective physical security controls to Site storing & processing data
- AscentHR identifies security breaches or unauthorised disclosures of personal data and shall notify the affected parties
- The data shall only reside in countries specified in the agreement and shall not be transferred or transmitted outside
the geography specified in the agreement
- AscentHR does not track activities or collect data from persons under age of 18 years.
- We shall not erase data without the consent of the client
Data Protection Authority
If you are a resident of the European Economic Area (EEA) and believe that we maintain your personal data subject to the
General Data Protection Regulation (GDPR), you may direct questions or complaints to our Data Protection Office (DPO) at
the following address.
AscentHR may hire a vendor as In-country partners or Lodgement Partners to get regional support. AscentHR shall conduct
vendor due diligence and share details to its client in advance. All vendors shall sign a Non-disclosure agreement with
AscentHR. AscentHR shall minimize the access to data, according to the scope of services.
Access to Site
The service deliverables is a managed system. User activation process is facilitated by AscentHR Internal Team or an
authorized client personnel. There is no option for online registration or de-registration of the end user. According to
the process cycle, user accounts are created by authorized personnel at AscentHR or Client. An invitation mail is sent
to employees for One-time registration & activation.
Employee de-activation is also a process controlled & managed services, where record is de-activated after a mutual
consent and signoff between authorized personnel.
Employees can ask for support on the portal query module and get support from designated support team. Support query may
include clarification on data, values computed or clarifications.
- “Human Resource Information Systems” (HRIS) is a self-driven system and employee queries are forwarded to the client’s
- Payroll & Compliance support is forwarded to AscentHR’s authorized internal team.
Employee Self Service
Employees can reset their password using the provided features to reset their password or contact the web query based
Help Desk for login Support.
We do not use any cookies to store data. Using cookies will prevent loss of data due to vulnerabilities at the end
Integration to External Links
We do not implement links to any other third party sites and services.
for significant changes to the policy. We recommend you to visit our website and view this policy periodically.
DATA PROTECTION OFFICER
Ascent Consulting Services Pvt Ltd
Maruthi Chambers, 3rd Floor
Survey No: 17/4C, 9C, Roopena Agrahara,
Hosur Road, Bangalore - 560 068
Phone : +918040099500 Ext: 3029