Privacy Policy

This Privacy Policy applies to the OneHRM HR & Payroll platform and mobile application, operated by Pukat Technology Pvt Ltd, a subsidiary of MobilityOne Sdn Bhd (“we”, “us”, or “our”).

We respect your privacy and are committed to protecting the personal information processed through our SaaS platform, Android application, IOS application, and all services provided under the OneHRM ecosystem. This Privacy Policy explains how we collect, use, disclose, and protect information belonging to our customers and the employees who use our services (“Users”).

Introduction

This Notice describes the data we process on behalf of our customers as part of the OneHRM HR & Payroll Services (“Services”). It also explains your rights regarding the access, correction, and deletion of your personal information.

About the Company and Personal Information We Collect

Our customers and their authorized users may input or upload data into our system (“Customer Data”), which may include an individual’s:

  • Name, email address, phone number
  • Employee ID, designation, department, business unit
  • Work location, cost center, and supervisor details
  • Leave, attendance, claims, payroll-related data
  • Uploaded documents or images (medical certificates, receipts, HR-related files)
Personal Information Collected Through the Mobile App
Location Information

The OneHRM mobile app may collect precise GPS location only for attendance-related purposes, and only if this feature is enabled by your employer:

  • Office IN / Check-In – location is captured when you mark attendance IN.
  • Office OUT / Check-Out – location is captured when you mark attendance OUT.

We do not use location data for advertising, marketing, tracking across other apps, or selling to third parties. Location is used strictly for HR and attendance purposes as configured by your employer.

Images & File Uploads

If enabled by your employer, the OneHRM mobile app allows you to upload images or documents from your mobile device for HR purposes, including but not limited to:

  • Leave applications (e.g., medical certificates, supporting documents)
  • Claims reimbursement (e.g., receipts, invoices)
  • Profile photo uploads
  • Other HR-related submissions as determined by your employer

These uploads are stored securely and are accessible only to authorized HR personnel and system administrators, in accordance with your employer’s policies.

Device & Technical Data
  • Device model and operating system version
  • IP address
  • Usage logs (such as feature usage and timestamps)
  • Crash logs (to help diagnose issues and improve stability)
Retention of Personal Information

We retain personal information as long as required to provide the Services, meet legal obligations, resolve disputes, or enforce agreements. Your employer may also configure retention periods according to their internal HR and compliance policies.

Transfers of Personal Information

We comply with applicable data protection laws, including the Malaysian Personal Data Protection Act 2010 (PDPA), where relevant. Data may be securely stored or transferred to data centers as selected by your employer or as required to deliver the Services.

How We Collect Personal Information
  • Information provided directly by your employer or HR department
  • Information you enter into the app (e.g., leave/claim details, profile data)
  • GPS location captured during office IN/OUT or Check-In/Check-Out (if enabled by your employer)
  • Files, photos, receipts uploaded by you (if enabled by your employer)
  • Data created automatically through app usage (logs, diagnostics)
Customer Responsibilities

Your employer (the Customer) is responsible for:

  • Obtaining any necessary consents from employees as required by law
  • Ensuring that personal information provided to us is accurate, complete, and up to date
  • Configuring which features (such as GPS attendance or file uploads) are enabled for your use
How We Use Personal Information
To Provide the Services
  • Employee attendance tracking (including GPS location for office IN/OUT where enabled)
  • Payroll processing and HR administration
  • Identity verification when logging in
  • Operating, maintaining, and improving the OneHRM platform
  • Responding to support issues and troubleshooting errors
To Secure the Services
  • Detecting and preventing fraud and unauthorized access
  • Monitoring suspicious or unusual account activity
  • Identifying and addressing security vulnerabilities
Legal Compliance & Legitimate Interests
  • Complying with applicable laws and regulations
  • Audit, compliance, and reporting obligations
  • Protecting our rights, property, and the safety of users and systems
Data Sharing & Disclosure

We do not sell or rent your personal information. We may disclose personal information:

  • To your employer or HR department, in line with their HR policies
  • To service providers (such as hosting and infrastructure providers) who help us deliver the Services
  • When required by law, regulation, or legal process
  • When necessary to protect our legal rights or the rights of others

Our personnel and any third-party service providers who have access to personal information are bound by confidentiality obligations and may only use the data as instructed by us or as required by law.

Mobile App Permissions

The OneHRM mobile app may request the following permissions:

  • Location – used only to capture your location at the time of office IN/OUT or Check-In/Check-Out, if your employer has enabled GPS-based attendance. No location is collected when you submit leave or claims.
  • Camera – to capture photos for HR purposes, such as profile image, leave documents, or claim receipts (if your employer has enabled these features).
  • Storage / Photos / Media – to upload or download HR-related documents and images (if enabled by your employer).
  • Notifications – to send HR-related alerts, such as approvals, announcements, reminders, and payroll notifications.

You may disable these permissions through your device settings. However, disabling certain permissions (e.g., Location for attendance) may limit or disable related features in the app.

Third-Party Services / SDKs

We may use third-party platforms and SDKs to support the Services, such as:

  • Analytics and crash reporting tools (e.g., Firebase Crashlytics)
  • Cloud hosting providers (e.g., cloud infrastructure selected by us or your employer)
  • Email and SMS gateway providers for notifications and authentication

These third parties process data on our behalf and are not permitted to use your personal information for their own advertising or marketing purposes.

Cookies & Analytics

Our web-based Services may use cookies and similar technologies to:

  • Maintain and manage login sessions
  • Remember user preferences
  • Improve system performance and reliability
  • Generate aggregated, anonymized usage statistics for service improvement

You may control cookies via your browser settings, but some features may not function correctly if cookies are disabled.

Tracking Disclosure

The OneHRM app does not track users across third-party websites or applications for advertising purposes. We do not use advertising identifiers to profile you or to serve targeted ads.

Data & Account Deletion

You may request deletion of your account or personal data (where allowed by your employer’s policies) by contacting:

Email: support@onehrm.com.my

Upon receiving a valid request, and subject to approval from your employer where applicable:

  • Your account may be deactivated or deleted, as permitted by your employer’s HR policies.
  • We will delete or anonymize personal data that we are not legally required to retain.
  • Once deleted or anonymized, the data cannot be restored.
Security Measures

We maintain industry-standard administrative, technical, and physical safeguards to protect personal information from unauthorized access, use, alteration, or disclosure. While we strive to protect your data, no method of transmission or storage is completely secure.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. The updated version will be posted on this page with a revised “last updated” date where applicable. We encourage you to review this Policy periodically.