Privacy Policy

Last Updated: March 2025

1. Introduction and Scope

Zinob Inc. Pvt. Ltd. ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal data, particularly sensitive employee information processed through our Zinob HR software platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, mobile applications, and HR management services.

This policy complies with applicable laws including the Nepal Data Protection Act (if enacted), international standards such as GDPR principles, and industry best practices for HR software providers. As an HR software provider, we recognize the sensitive nature of employee data and implement stringent protections.

2. Types of Information We Collect

A. Employee Personal Data (Processed on behalf of clients):

  • Full name, date of birth, and national ID number
  • Contact information (phone, email, residential address)
  • Employment details (designation, department, salary, contract terms)
  • Attendance and leave records
  • Performance evaluations and training records
  • Bank account details for salary processing
  • Biometric data (fingerprints) for attendance tracking (where applicable)
  • Family information and emergency contacts
  • Medical or health information (if provided for benefits administration)

B. Client Organization Data:

  • Company name, registration number, and tax ID
  • Administrative contact information
  • Organizational structure and department information
  • Billing and payment information

C. Website and Service Usage Data:

  • IP addresses and device identifiers
  • Browser type and operating system information
  • Pages visited and features accessed
  • Login timestamps and access patterns
  • Cookies and similar tracking technologies

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide HR services as contracted
  • Legal Compliance: Compliance with Nepal's labor laws, tax regulations, and employment regulations
  • Legitimate Business Interests: System security, fraud prevention, and service improvement
  • Consent: For marketing communications and optional data processing activities
  • Employee Consent: For processing employee data as authorized by the employer

4. How We Use Your Information

We use collected information for the following purposes:

  • Providing and maintaining HR management services
  • Processing payroll, benefits, and compensation
  • Managing attendance, leave, and time tracking
  • Generating HR reports and analytics
  • Ensuring compliance with Nepal labor laws and regulations
  • Maintaining system security and preventing fraud
  • Responding to inquiries and providing customer support
  • Improving our services and user experience
  • Sending service updates and administrative notifications
  • Conducting security audits and system monitoring

5. Data Retention and Deletion

We retain personal data only as long as necessary to provide services and comply with legal obligations. Retention periods vary based on data type:

  • Employee Records: Retained for the duration of employment plus 7 years (per Nepal labor law requirements)
  • Payroll Records: Retained for 7 years for tax and audit purposes
  • Attendance Records: Retained for 3-5 years depending on organizational policy
  • Account Data: Retained until account termination plus 1 year
  • Website Cookies: Retained for up to 2 years

Upon request and after contract termination, we will securely delete or anonymize personal data, except where retention is required by law.

6. Data Sharing and Disclosure

We do not sell employee data. We may share information in the following limited circumstances:

  • Service Providers: Third-party vendors assisting with hosting, payment processing, and customer support (under confidentiality agreements)
  • Legal Requirements: When required by Nepal government authorities, tax agencies, or law enforcement
  • Employer Authorization: With the client organization's authorized representatives
  • Compliance: To comply with Nepal's income tax, social security, and employment regulations
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice to affected parties)

7. Data Security Measures

We implement comprehensive security measures to protect personal data from unauthorized access, alteration, and disclosure:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Role-based access control (RBAC) limiting data access
  • Multi-factor authentication for administrative accounts
  • Regular security audits and penetration testing
  • Secure backup and disaster recovery procedures
  • Comprehensive audit logging of all data access
  • Employee training on data protection and security
  • Incident response procedures for data breaches

8. International Data Transfers

If data is transferred outside Nepal, we ensure appropriate safeguards including standard contractual clauses, adequacy decisions, or explicit consent from data subjects. All international transfers comply with applicable privacy laws.

9. Employee Rights and Data Subject Rights

Employees and data subjects have the following rights regarding their personal data:

  • Right to Access: Request access to personal data we hold
  • Right to Correction: Request correction of inaccurate data
  • Right to Deletion: Request deletion of data (subject to legal retention requirements)
  • Right to Portability: Request data in machine-readable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact your organization's HR administrator or our privacy team at [email protected].

10. Cookies and Tracking Technologies

Our website uses cookies to enhance user experience and analyze usage patterns. You can control cookie settings through your browser. Disabling cookies may limit certain website functionality.

11. Data Breach Notification

In the event of a data breach affecting personal information, we will notify affected parties and relevant authorities as required by applicable law within 72 hours of discovery, providing details of the breach, affected data, and mitigation measures.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will take steps to delete the information.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

14. Policy Updates

We may update this Privacy Policy periodically to reflect changes in practices or legal requirements. We will notify users of material changes via email or prominent website notice. Continued use of our services constitutes acceptance of updated policies.

15. Contact Information

For privacy-related inquiries, data subject requests, or to report concerns:

Privacy Officer

Zinob Inc. Pvt. Ltd.

Email: [email protected]

Phone: +977-1-5705005

Address: Kathmandu, Nepal

16. Governing Law

This Privacy Policy is governed by the laws of Nepal. Any disputes shall be subject to the exclusive jurisdiction of courts in Kathmandu, Nepal.