What controls are in place to protect the customer or its client's personal identifiable information (PII)?

ZingHR is hosted on Microsoft Azure Cloud Data Centre. The Data is secured in transit between an application and Azure by using HTTPs. Azure Storage Services Encryption for data at rest helps to protect the data. With this feature, the ZingHR Platform makes the Data in motion between the application and the datacentres also encrypted and decrypted and additional features of masking are provided on frontend user data screens for personally identifiable information (PII) fields which are GDPR Compliant.


Describe the control environment that ensures the segregation of customer and its client data from other client’s data?

Every customer DB instance is partitioned by SQL schema in the underlying database, users are managed through barriers and privileges. DB servers are hardened as per ZingHR hardening standards




Will you store Customer's data on company-owned devices or on personal devices?

FortiClient Advanced Endpoint Security features allow for customer data to be available and controlled through its advanced AI driven policies, where if customer data is transmitted in case of personal devices which does not happen.



Do you consider retention period and disposal or handover of Customer’s information in contract?

In contract period, Customer data retention is part of service delivery. After contract period, encrypted PII customer data is retained at zero cost to your organization for five years. However any retrieval or service request by you (Ex-Customer ) later is charged commercially for any purpose that you (customer)  might have.




What is the disposal process of Customer’s information in digital form and hard copies after termination of contract with Customer?

Answer: Details are provided in the NDA Agreement with Customer at the time of Customer Contract Sign-off.

Where customer requires digital data to be eliminated from the ZingHR Database, there is an off-line approval process.




Do you consider information transfer channel with client in contract signed with customer? i.e. Through application, email, hard copy and any other medium etc.

Public data is not covered under any agreement. Private business data for processing by ZingHR platform or the services team does consume all channels as appropriately defined/selected in the Service Agreements with/by the customer.



Is your digital information transfer channel secure?

Yes, Advanced Threat Protection is used in addition to Microsoft’s owned security protocols in O365 for email based data transfer. For application based uploads through ZingHR portal, appropriate front end security validations and communications through secure Https layer is the standard norm. Where API based Data transfer happens, data travels in an encrypted format (256 bit SSL layer Encryption).   



Do you transfer information in Hard copy (e.g. Paper) with client?
Please refer FAQ-PM-006




What is the frequency to transfer information in Hard copy?

Please refer FAQ-PM-006 


Who are the authorized persons to send and receive hard copy from your company and customer?

Please refer FAQ-PM-006 


Do you transfer hard copy with customer through your employees or mutually agreed courier service?

Please refer FAQ-PM-006


Do you track the records of hard copy received by Customer?

Please refer FAQ-PM-006 , can be done at separate commercials to be decided by the Sales Team.



What are the physical security controls implemented on information available in hard copy 1. Storage 2. Access 3. Retention period 4. Disposal? 

Hardcopy – Custom process definition with the customer – a sign-off has to be taken. 

Storage- – Custom process definition with the customer, where agreed by ZingHR in written - – a sign-off has to be taken.

Access – Access to any non-authorized resources is not given. Customer can request for access under Custom process definition with the customer – a sign-off has to be taken with separate commercials.

Retention Period – Defined in Retention and Disposal FAQ above.

Disposal – Defined in Retention and Disposal FAQ above.



Do you use any third party which store hard copy documents?

Please refer FAQ-PM-013


If yes, what are the security requirements communicated/agreed upon with the 3rd party

Custom process definition with the customer – a sign-off has to be taken with separate commercials.