HomeData Processing

Data Processing

Transparent notice of how personal data is processed within Attend Mitra.

1. Overview

This Data Processing notice explains how Attend Mitra processes personal data on behalf of organizations using the platform. It applies to data collected through web, mobile, and related services.

2. Roles (Controller vs. Processor)

Depending on the use case, the organization using Attend Mitra determines purposes and means of processing (Controller). Attend Mitra acts as a Processor, processing personal data to provide the service under instructions from the organization.

3. Types of Personal Data

Depending on your organization’s configuration, we may process identifiers, employee profile information, attendance and scheduling events, location data used for geo-verification, communication logs related to service administration, and operational/account data required to run the service.

4. Purposes of Processing

We process personal data to operate the platform; provide attendance tracking, scheduling, leave management, and payroll-ready exports; support security and compliance needs; and deliver service notifications and administrative communications.

5. Lawful Bases

Where applicable, processing is based on: (a) performance of a contract or steps prior to entering a contract; (b) legitimate interests in operating and securing the service; and (c) legal obligations that require us to process data.

6. Security Measures

We implement technical and organizational measures designed to protect data, including access controls, encryption in transit and at rest, secure authentication patterns, audit logging for administrative actions, and ongoing monitoring and improvements.

7. Sharing and Sub-processors

We may engage sub-processors to support hosting, infrastructure, communications, analytics, and security. Sub-processors are selected based on appropriate safeguards and are bound by contractual confidentiality and data protection obligations.

8. Cross-border Transfers

If data is transferred internationally, we use appropriate safeguards such as standard contractual clauses or other mechanisms required under applicable law.

9. Data Retention

We retain personal data for as long as necessary to provide the service and comply with legal obligations. Retention periods may vary based on the organization’s configuration and applicable requirements.

10. Data Subject Rights

Subject rights (such as access, correction, deletion, and objection where applicable) are typically handled by the organization using the platform. The organization can contact us to assist with rights requests and related verification.

11. Assistance with Compliance Requests

Where required, we provide reasonable assistance to support legal requests and compliance-related actions, such as responding to rights requests, facilitating audits, and maintaining required documentation.

12. Contact

For questions about this notice or assistance with compliance, contact us at info@attendmitra.com.