Privacy & Data Protection Policy
(Applicable to HRMS + Payroll + CLMS + Contract Labour Compliance Services)
Groniva Corporation Private Limited
Effective Date: 01-10-2025
Version: 1.0
Jurisdiction: Pune, Maharashtra, India
Grievance Officer: Mr. Vikrant Ghan (privacy@groniva.com)
A. Introduction & Scope
A.1 This Unified Privacy & Data Protection Policy (“Policy”) explains how Groniva Corporation Private Limited (“Groniva”, “We”, “Us”, “Our”) collects, processes, stores, protects, and shares data through its HRMS, Payroll, Contract Labour Management System (CLMS), Compliance Monitoring Services, mobile apps, portals, API integrations and related workforce management solutions (“Platform”).
A.2 This Policy applies to:
- Principal Employers / Enterprises
- Contractors / Sub-contractors / Vendor Partners
- Employees / Direct Staff
- Contract Workers / Gig/Outsourced Workforce
- System Administrators / HR Personnel
- Approvers / Compliance Officers
A.3 This Policy extends to all data collected during:
- Employee HR lifecycle management
- Payroll calculation & disbursement
- Labour deployment and shift allocation
- Contractor onboarding & registration
- Worker documentation (ID/KYC)
- Compliances & statutory filings support
B. Legal Basis & Regulatory Alignment
B.1 This Policy complies with:
- Information Technology Act, 2000
- IT (Reasonable Security Practices & Procedures and SPDI) Rules, 2011
- Digital Personal Data Protection (DPDP) Act, 2023 (principle-compliant)
- Indian Contract Act, 1872
- Evidence Act (for electronic records)
B.2 For Contract Labour & Workforce Compliance, it aligns with:
- Contract Labour (Regulation and Abolition) Act, 1970 (CLRA)
- Inter-State Migrant Workmen Act (ISMW Act)
- Building & Other Construction Workers (BOCW) Act, where applicable
- Factories Act / OSH Code (as applicable by state)
- Shops & Establishment Acts (State level)
- Equal Remuneration & Minimum Wages compliance
B.3 The Platform facilitates statutory compliance digitally on behalf of enterprises/contractors but does not replace legal obligations of employers or contracting entities.
C. Data Responsibility Roles (Dpdp + Labour Chain)
C.1 Under DPDP Act Principles:
| Entity |
Legal Role |
| Principal Employer / Enterprise |
Data Fiduciary / Controller |
| Contractor / Sub-Contractor |
Co-Processing Entity / Executor |
| Groniva (Platform) |
Data Processor / Technology Enabler |
C.2 For CLMS workflows:
- PE retains accountability as per labour law
- Contractor ensures worker documentary accuracy
- Groniva only facilitates secure digital processing
C.3 Groniva does not independently decide purpose of data — purpose is determined by the client (Employer/Fiduciary).
D. Categories Of Data We Process
D.1 Personal & Workforce Identity
- Name, phone, email, photograph
- Permanent & local address
- Father/mother/guardian details
D.2 Employment / Deployment
- Designation, joining date, location, contractor mapping
- Attendance & shift patterns
- Assignment history
D.3 Sensitive Personal Data (SPDI)
- Aadhaar / ID proofs (when employer/contractor uploads)
- PAN / Bank details (for payroll)
- Salary / wage details
- Emergency contacts
- PF/UAN/ESIC identifiers
D.4 Workforce Compliance
- Labour license references
- Deployment mapping under CLRA
- Muster roll, registers, digital forms
D.5 System Metadata
- IP address, device info, logs
- Login time & authentication check
- Fraud/security events
E. Purpose Of Data Collection & Use
E.1 We process data to deliver:
- HR lifecycle automation
- Payroll calculation, slips, and transfer routing
- Worker onboarding & verification
- Contractor workforce deployment
- Labour compliance registers
- Audit readiness for PE / Contractor
- Regulatory inspection documentation
- Attendance & productivity analytics
E.2 Statutory / lawful purposes:
- PF/ESIC/TDS filings through employer
- Manpower compliance reporting
- CLRA registers & contractor submissions
E.3 Platform security purposes:
- Identity/authentication
- Fraud & misuse detection
- System safety audit logs
F. Consent & User Rights
F.1 Consent is derived from:
- Employer/Contractor onboarding of workers
- Employee/worker login
- Digitally captured acceptance where applicable
F.2 Worker/Employee Rights:
| Right |
Covered? |
| Access |
✅ |
| Correction |
✅ |
| Withdrawal of consent (if not legally mandated) |
✅ |
| Deletion (post statutory term) |
✅ |
F.3 Deletion is not permitted during active statutory retention requirement (labour law supersedes).
G. Security & Storage
G.1 Security Standards
- Encrypted transmission (HTTPS/TLS)
- RBAC + Least Privilege access
- Masking of sensitive identity fields
- Audit trails & monitoring
G.2 Storage
- Primary hosting: India
- Backups follow industry-standard encryption
H. Data Sharing
H.1 We do NOT sell personal data.
H.2 Limited disclosure only to:
- Statutory authorities through employer
- Banking partner for authorised payroll
- Approved sub-processors (infra level)
H.3 Access to CLRA/Inspectors:
Provided only when employer/contractor initiates or as part of legal mandate.
I. Retention & Exit
I.1 Retention follows:
| Data Type |
Retention |
| HRMS |
Subscription life + audit period |
| Payroll |
As per tax law retention |
| CLMS |
As per labour law registers & licensing audits |
I.2 Upon client offboarding:
- Data is returned OR
- Securely purged per DPA
J. Audit & Cross-border Transfer
Cross-border transfer: only with written employer authorisation.
K. Grievance Redressal
Grievance Officer: Mr. Vikrant Ghan
Email: privacy@groniva.com
Resolution Period: up to 30 days.
L. Governing Law & Disputes
This Policy is governed by laws of India.
Jurisdiction: Pune, Maharashtra
View More Industry
