Effective from: June 10, 2026
Contact: [email protected]
KlavoHR is an HR technology consultancy. We help companies set up and run the systems that hire people, onboard them, pay them, and track how they are doing. Because of that work, we come into contact with some of the most personal data a business holds. This policy is written to be honest about which data, whose data, and what we are allowed to do with it.
It governs klavohr.com and every service we provide, from a single HRIS configuration to a full managed-services arrangement. Read the part that applies to you. Most readers only need one or two sections.
Three Kinds of People, Three Kinds of Data
The data we touch falls into three groups, and your rights depend on which one you belong to.
Business contacts and site visitors
If you enquire about our services, browse the site, or talk to our sales team, the data is about you and KlavoHR decides how it is used. We are the controller, and the rules below apply directly.
Employees of our clients
When a company hires us to build or run its HRIS, the employee records inside that system belong to the company, not to us. The company is the controller. We act on its written instructions as a processor. If you are one of those employees and you want your data changed or removed, your employer is the right first contact, not us.
Job candidates
Recruitment data, such as resumes and screening results, usually belongs to the hiring company. Where we handle it, we do so under that company’s direction. The same processor rules apply.
Data We Collect From Business Contacts
When you reach out through the enquiry form, request a call, or email us, we collect what you send. In practice that is your name, your work email and phone number, your job title, the company you work for, and whatever you write about your HR setup, headcount, and goals. We also keep a record of our correspondence so we can pick up where we left off.
Separately, the site logs ordinary technical data as you use it: IP address and general location, device and browser type, the pages you opened, and how you found us. This keeps the site secure and tells us which content earns its place. We do not use it to identify you personally.
Workforce and Candidate Data We Process for Clients
This is the heart of what makes an HR consultancy different, so it gets the most space.
Employee Records
During implementation, migration, or ongoing support, we are given access to data such as employee names and contact details, job and pay information, leave balances, performance notes, payroll history, organisational structures, and uploaded documents like contracts. We see this only to do the job in front of us, within the access level the client sets.
Candidate and Applicant Data
If we configure or run recruiting modules, the data can include resumes, application answers, interview notes, and screening scores. This is processed for the client’s hiring decisions, not ours.
Sensitive Information
HR systems sometimes hold special-category data: health details behind a sick-leave request, disability accommodations, union membership, or similar. We would rather not handle this at all, and we design configurations to limit our exposure to it. Where contact is unavoidable, we treat it with the highest level of restriction, access it only when a specific task demands it, and never use it for anything beyond that task.
Across all three categories, one rule holds: this data is the client’s. We do not copy it for our own files, we do not reuse it elsewhere, and we delete or hand it back when the work ends. The data processing terms in your contract override any general statement made here.
What We Use Personal Data For
The reason we hold a piece of data is tied to how we got it. Contact details from an enquiry are used to answer you and scope the work. Records from an active client let us deliver the engagement: configuring onboarding flows, migrating files, integrating payroll, running audits. Site analytics go toward fixing and improving the pages. If you opted in, we may send occasional notes on HR tech and compliance, and a single click stops them.
We do not invent new uses quietly. A purpose not covered here gets your agreement before we act on it.
AI Tools and Decisions That Affect People
We build and configure AI features for clients, including candidate screening, attrition risk scoring, personalised onboarding, and sentiment analysis of staff surveys. These touch real people in real ways, so we will not gloss over them.
Here is our position. These tools support human judgement; they do not replace it. When we set up candidate screening, it ranks and surfaces applicants for a recruiter to review, and a person makes the hiring call. We configure them so that no individual is rejected, flagged, or scored by the system alone without a human able to look at the result, explain it, and overturn it.
If you are an employee or candidate of a client and you believe an automated tool has affected a decision about you, you have the right to ask for human review and to contest the outcome. Because the client is the controller, raise it with them first; we will support their response. KlavoHR does not run any of these tools on website visitors, and we do not pool one client’s people-data to train models used for another.
Platforms and Providers We Rely On
We work inside HR platforms we did not build, and we use a handful of outside services to operate. Your data may sit with or pass through:
- HRIS and payroll platforms we implement, among them BambooHR, Workday, SAP SuccessFactors, ADP, and Gusto
- Applicant tracking, benefits, and time systems we connect during integration work
- Hosting, email, and scheduling tools we use to run the business and talk to you
Each provider operates under its own privacy terms, and where you deal with one directly, its policy applies to that relationship. We choose vendors that meet established security and compliance standards, and we bind them to use shared data only for the agreed task.
When We Disclose Data
We do not sell personal data and we do not rent contact lists. Disclosure happens in a short list of cases. We release data when a law, regulator, or court requires it. We release it to defend our legal rights or to protect people from harm. And if the company changes hands through a sale or merger, contact and client records may transfer to the buyer, who inherits obligations at least as strong as these. You would be notified of a change of that kind.
How Long Records Are Kept
Different data has different shelf lives, and HR data is bound by statute more than most.
Business-contact and enquiry records stay with us for up to two years after we last hear from you, then go. Client workforce data is governed by the contract and is returned or destroyed when the engagement closes. Some HR records, payroll and tax history in particular, carry legal retention periods that the client must observe, and where we hold such data we keep it only as long as the client’s legal duty and our agreement require. Aggregated statistics with no link back to a person may be kept indefinitely.
Keeping Data Safe
Given the sensitivity of what we touch, security is built into how we work rather than bolted on. Data moves over encrypted connections, access to a client system is restricted to the named people on that account, and permissions are removed when a project ends. Migrations run with validation checks at each stage so records arrive intact. Our team is trained on handling people-data, and we review our controls on a regular schedule.
That said, no online system is immune to risk, and claiming otherwise would be dishonest. Protect your side too: keep platform passwords strong and private, and tell us at once if you think an account has been compromised.
Cookies
Our site uses a small number of cookies. The necessary ones run security and forms and cannot be switched off without breaking the site. Analytics cookies show us, anonymously, how the pages perform. Preference cookies hold simple choices like your region. Your browser can block or clear any of them, and where consent is legally required for non-essential cookies, we ask first.
Your Rights
You can ask to see the data we hold on you, get a copy, correct it, delete it, restrict or object to its use, or pull back a consent. Email [email protected] to start. We confirm identity before acting and reply within the period your law allows. One reminder for client employees: if your data lives in a system your employer controls, your employer handles the request and we assist them.
EEA, UK, and Switzerland
We rely on a lawful basis for every processing activity: your consent, a contract with you, a legal obligation, or a legitimate interest weighed against your rights. Consent can be withdrawn whenever you like, with no effect on what was lawful beforehand. You may also lodge a complaint with your local data protection authority.
California
The CCPA and CPRA let you ask what we collected, request access or deletion, fix inaccuracies, and opt out of sale or sharing. We do not sell your data, and using your rights will never get you treated worse. Contact us and we will verify you before responding.
Data That Crosses Borders
KlavoHR and some providers work outside your home country, the United States included, where privacy law may look different. For any international transfer we apply recognised safeguards such as Standard Contractual Clauses or rely on an adequacy decision. Using the site means you are aware this can happen.
Children
This service is for businesses and is not aimed at anyone under 16. We do not knowingly gather data from children, and we delete it if we discover we have. A parent or guardian with a concern should write to [email protected].
Links We Do Not Control
Some pages point to platforms, partners, or articles run by others. Our responsibility ends at our own site. Follow a link and the destination’s own policy takes over, so check it before sharing anything there.
Updates
This policy will change as our services and the law move. New versions appear on this page with a fresh effective date, and we make a reasonable effort to highlight anything significant. Staying on the site after an update means the current version applies to you. A periodic glance is worth your time.
Contact
For any question, request, or complaint about your data or this policy, reach us directly.
Email: [email protected]