GDPR Compliance

Last Updated: June 2026

HR Khata is committed to protecting personal data and respecting privacy rights in accordance with the General Data Protection Regulation (GDPR), where applicable.

This page explains how we align our data processing practices with GDPR principles for users, customers, and organizations using our platform.

1. Scope of GDPR Compliance

This GDPR Compliance Statement applies to personal data processed by HR Khata for users and organizations located in the European Economic Area (EEA) or where GDPR requirements are otherwise applicable.

HR Khata acts primarily as a data processor for customer organizations and as a data controller for its own operational data.

2. Key GDPR Principles We Follow

HR Khata is designed to follow the core GDPR principles:

• Lawfulness, fairness, and transparency in data processing
• Purpose limitation – data is used only for intended HR and payroll functions
• Data minimization – only necessary information is collected
• Accuracy – data can be updated and corrected
• Storage limitation – data is retained only as required
• Integrity and confidentiality – strong security measures are applied
• Accountability – responsibility for compliance is maintained across processes

3. Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

• Performance of a contract with the customer
• Compliance with legal obligations
• Legitimate interests (such as system security and service improvement)
• Consent, where explicitly required

Organizations using HR Khata are responsible for ensuring a valid legal basis for employee data they upload.

4. Data Subject Rights Under GDPR

Individuals covered under GDPR have the following rights:

Right to Access

Request access to personal data stored within HR Khata systems.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”)

Request deletion of personal data, subject to legal and contractual obligations.

Right to Restrict Processing

Request limitation of how personal data is used.

Right to Data Portability

Request a copy of personal data in a structured, commonly used format.

Right to Object

Object to certain types of processing where applicable.

Requests may be submitted through the contact information provided below or via the relevant organization using HR Khata.

5. Data Processing Role

HR Khata typically processes employee data on behalf of business customers.

• The customer (employer) is the data controller
• HR Khata acts as the data processor

We process data strictly according to customer instructions and applicable agreements.

6. Data Security Measures

HR Khata implements appropriate technical and organizational measures to protect personal data, including:

• Data encryption in transit and at rest
• Role-based access controls
• Secure authentication systems
• Continuous system monitoring
• Regular security updates
• Backup and recovery systems
• Restricted internal access to sensitive data

7. International Data Transfers

HR Khata may store or process data in locations outside the EEA depending on infrastructure and service providers.

Where data is transferred internationally, we ensure appropriate safeguards such as:

• Standard contractual clauses (SCCs) where applicable
• Secure hosting environments
• Compliance with recognized data protection standards

8. Data Retention

We retain personal data only as long as necessary to:

• Provide services to customers
• Comply with legal obligations
• Resolve disputes
• Maintain system integrity

Data may be deleted or anonymized once it is no longer required.

9. Subprocessors and Third Parties

HR Khata may engage trusted third-party service providers to support platform operations such as:

• Cloud hosting
• Email and communication services
• Analytics tools
• Payment processing systems

All subprocessors are required to maintain appropriate data protection standards.

10. Data Breach Notification

In the unlikely event of a data breach affecting personal data, HR Khata will:

• Investigate and contain the issue promptly
• Notify affected customers without undue delay
• Take corrective and preventive actions
• Comply with GDPR reporting obligations where applicable

11. Data Protection by Design

HR Khata incorporates privacy and security into system design by:

• Limiting data collection
• Securing default configurations
• Applying access controls
• Regularly reviewing security practices

12. Contact for GDPR Requests

For GDPR-related questions or requests, contact:

HR Khata – Data Protection Team Email: privacy@hrkhata.com Phone: +977-XXXXXXXXXX Website: hrkhata.com

13. Updates to This Statement

We may update this GDPR Compliance Statement to reflect legal, technical, or operational changes. Updates will be posted on this page with a revised date.