Privacy Policy
Last updated: May 2026
Company: HR Forte Systems Pte. Ltd.
UEN: 201715194C
Address: 109 North Bridge Road, #07-22 Funan, Singapore 179097
General contact: ask@hrforte.com
Data Protection Officer: dpo@hrforte.com
HR Forte Systems Pte. Ltd. (“HRF”, “HR Forte”, “we”, “us”, or “our”) is a native software-as-a-service company providing a cloud-based HR, payroll, workforce management, compliance, and AI-assisted software platform. We respect privacy and are committed to protecting personal data responsibly, transparently, and in accordance with applicable data protection laws, including the Singapore Personal Data Protection Act 2012, the EU General Data Protection Regulation (“GDPR”) where it applies, and other applicable privacy, employment, payroll, tax, and statutory recordkeeping laws.This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal data when individuals use or interact with the HR Forte SaaS platform, including our web application, mobile application, HR and payroll modules, employee self-service features, APIs, integrations, AskGenie AI features, support channels, and related platform functionality, collectively referred to in this Privacy Policy as the “Platform”.
This Privacy Policy is written for website visitors, customer representatives, customer administrators, employees, contractors, applicants, end users, and other individuals whose personal data may be processed through the Platform. If you use HR Forte through your employer or another organisation, that organisation may be primarily responsible for deciding how and why your personal data is processed through the Platform.
1. Scope and Roles
HR Forte is a business-to-business SaaS platform, not a professional outsourcing, advisory, payroll agency, or managed HR services provider. Our software enables customers to manage HR, payroll, time attendance, leave, claims, employee self-service, e-signature, compliance workflows, and AI-assisted guidance through a cloud-based platform. Because the Platform is used in different ways, HR Forte may act either as a data controller or as a data processor, depending on the processing activity.
| Role | When this applies | What it means |
| HR Forte as data controller | We act as controller when we decide why and how personal data is processed, such as when managing our website, demo bookings, sales enquiries, customer account administration, billing, operational platform notices, security monitoring, marketing preferences, and our own legal compliance. | We are responsible for providing privacy information, identifying lawful bases, handling applicable privacy rights, and complying with controller obligations. |
| HR Forte as data processor | We act as processor when we process personal data on behalf of a customer, such as an employer, payroll provider, group company, or authorised administrator using the Platform to manage employees, payroll, leave, claims, attendance, documents, workflows, or customer-configured AskGenie use cases. | The customer normally decides the purposes and means of processing. We process data according to the customer’s documented instructions, the SaaS subscription agreement, applicable data processing terms, platform configuration, and applicable law. |
| Customer as data controller | This usually applies when an employer or organisation uses the Platform to process employee, contractor, payroll, tax, statutory, HR, attendance, claims, leave, document, or compliance data. | The customer is responsible for informing its employees and users about its own processing activities and for responding to privacy rights requests unless otherwise agreed or required by law. |
If you are an employee, contractor, applicant, or end user whose organisation uses HR Forte, you should first contact your employer or organisation for questions about how your HR, payroll, employment, attendance, leave, claims, tax, or statutory data is handled in the Platform. If you contact us directly about data that we process as processor, we may refer or forward your request to the relevant customer unless applicable law requires us to respond directly.
2. Personal Data We Collect
The personal data we process depends on how the Platform is used, the country in which the relevant HR or payroll activity occurs, the customer’s configuration, and the modules enabled by the customer.
| Category | Examples |
| Account and contact data | Name, work email address, phone number, company name, job title, user role, login credentials, billing contact details, and customer administrator information. |
| Identity and employment data | Employee ID, national ID or statutory identifiers where required, passport or work pass information where relevant, employment status, job title, department, reporting line, employment dates, contract type, and work location. |
| Payroll and statutory data | Salary, allowances, benefits, deductions, bonuses, commissions, overtime, tax details, statutory contribution information, bank or payment details where required for payroll, payslip data, payroll history, and related compliance records. |
| Time, attendance, leave, and claims data | Clock-in and clock-out records, timesheets, shift schedules, work location data where enabled, leave balances, leave applications, medical certificates or claim attachments where submitted, expense claims, approvals, and workflow history. |
| Document and e-signature data | Documents uploaded to or generated by the Platform, signatory details, signature status, audit trails, timestamps, and related metadata. |
| Technical and usage data | IP address, browser type, device identifiers, operating system, log data, session information, access timestamps, error reports, security events, feature usage, and analytics data. |
| Support and communications data | Support tickets, emails, chat messages, call notes, onboarding communications, training records, feedback, and platform issue details. |
| Marketing and website data | Demo requests, newsletter or event preferences, campaign interaction data, website usage data, cookie identifiers, and communication preferences. |
| AskGenie inputs and outputs | Prompts submitted by users, system context required to generate responses, generated responses, feedback, usage metrics, and related audit or safety logs. |
| Sensitive or special category data | Health-related documents, medical leave information, disability-related accommodation data, union-related data, biometric data if specifically enabled, precise location data if enabled, government identifiers, or other sensitive data where processed under customer instructions or applicable law. |
Users should avoid submitting unnecessary sensitive personal data into free-text fields, support messages, document uploads, or AskGenie prompts unless it is required for a legitimate HR, payroll, compliance, or platform support purpose.
3. How We Collect Personal Data
We may collect personal data directly from you when you create an account, use the Platform, submit website forms, book a demo, contact support, subscribe to communications, participate in training, use AskGenie, or otherwise communicate with us.We may also receive personal data from your employer, payroll provider, group company, authorised customer administrator, system administrator, integration partner, or another organisation that has instructed us to process data through the Platform. In addition, data may be generated automatically when you use our website or Platform, including through logs, cookies, analytics tools, security monitoring, and customer-approved integrations.
4. Purposes and Lawful Bases for Processing
Where the GDPR or similar laws apply, we rely on one or more lawful bases for each processing activity. These may include performance of a contract, compliance with legal obligations, legitimate interests, consent, protection of vital interests, or other lawful bases permitted by applicable law. Where we rely on legitimate interests, we consider whether our interests are overridden by the rights and freedoms of the individuals concerned.
| Processing purpose | Typical data categories | Lawful basis where GDPR applies | Legitimate interest, where relevant |
| Providing, operating, and maintaining the Platform | Account, employment, payroll, time, attendance, leave, claims, document, technical, and usage data | Contract performance, legal obligation, legitimate interests, and, where HR Forte acts as processor, customer instructions | Delivering a secure and functional HR and payroll SaaS platform. |
| Managing user accounts, authentication, permissions, and access controls | Account, role, technical, and security data | Contract performance, legal obligation, legitimate interests | Protecting accounts, preventing unauthorised access, and maintaining auditability. |
| Processing HR, payroll, statutory, tax, leave, attendance, claims, e-signature, and employee self-service workflows | Employment, payroll, statutory, attendance, leave, claims, document, and workflow data | Legal obligation, contract performance, legitimate interests, and customer instructions | Supporting customers’ HR, payroll, workforce administration, and compliance workflows through the Platform. |
| Providing customer support, onboarding, training, and operational platform communications | Account, support, communications, technical, and usage data | Contract performance, legitimate interests | Helping users resolve platform issues, adopt the Platform, and receive operational updates. |
| Billing, account administration, procurement, and contract management | Account, contact, billing, contract, usage, and payment-related data | Contract performance, legal obligation, legitimate interests | Managing customer relationships, invoicing, collection, procurement checks, and accounting. |
| Security, fraud prevention, misuse prevention, monitoring, logging, and incident response | Technical, usage, security, account, and communications data | Legal obligation, legitimate interests | Protecting the Platform, users, customers, and data from abuse, unauthorised access, and security incidents. |
| Product analytics, performance improvement, debugging, and platform development | Technical, usage, support, feedback, and aggregated or anonymised data | Legitimate interests, contract performance, consent where required | Improving platform reliability, usability, performance, and customer experience. |
| AskGenie AI features, including product navigation, workflow help, and general HR or payroll information | AskGenie inputs and outputs, usage metrics, account context, and customer-configured data where enabled | Contract performance, legitimate interests, customer instructions, consent where required | Providing AI-assisted platform guidance, improving quality, monitoring safety, and preventing misuse. |
| Marketing, events, newsletters, and demo follow-ups | Contact, marketing preference, website, and communication data | Consent where required, legitimate interests | Sharing relevant product updates, resources, and event information with business contacts. |
| Legal compliance, audits, dispute resolution, enforcement, and regulatory response | Account, contract, billing, employment, payroll, statutory, support, security, and communications data | Legal obligation, legitimate interests | Complying with laws, defending rights, responding to lawful requests, and maintaining evidence. |
| Protecting vital interests in exceptional cases | Relevant account, contact, employment, location, health, or emergency-related data where applicable | Vital interests | Responding to urgent situations affecting health, safety, or life. |
Where processing is based on consent, you may withdraw consent at any time through the relevant feature, cookie settings, unsubscribe link, account setting, or by contacting us. Withdrawal of consent does not affect processing that occurred before withdrawal, and it does not affect processing that relies on another lawful basis.
5. Special Category and Sensitive Personal Data
Because the Platform supports HR, payroll, leave, attendance, claims, and compliance workflows, it may process sensitive data or special category data where customers configure the Platform to do so, where users upload such data, or where applicable employment, payroll, tax, social security, immigration, health, workplace safety, or statutory laws require it. Where the GDPR applies, special category data is processed only where an Article 9 condition applies, such as employment, social security, and social protection obligations, explicit consent where appropriate, establishment or defence of legal claims, substantial public interest where recognised by law, occupational health where applicable, or another permitted condition under applicable law. Where HR Forte acts as processor, the customer is responsible for identifying the applicable legal basis and special category condition for its own processing, unless otherwise required by law.
6. AskGenie AI Features
AskGenie is an AI-powered informational assistant within the HR Forte Platform. It may help users with product navigation, workflow assistance, general HR, payroll, and compliance information, summaries, and user support. AskGenie is designed to support Platform users, but it does not replace professional judgment.AskGenie does not provide legal, tax, accounting, immigration, employment, or regulated professional advice. Outputs may be incomplete, inaccurate, outdated, or unsuitable for a specific country, fact pattern, or legal situation. Users must independently verify AskGenie outputs before acting on them, especially where decisions may affect payroll, tax filings, statutory contributions, employment rights, employee discipline, termination, immigration status, financial payments, or legal compliance.We may use AskGenie usage data, prompts, outputs, safety logs, and feedback to operate, secure, evaluate, debug, and improve AskGenie, subject to applicable law, customer configuration, contractual commitments, and any available opt-out or data control settings. Customers should configure AskGenie in line with their internal policies and should not instruct users to submit unnecessary sensitive personal data into prompts.
7. Automated Decision-Making and Profiling
The Platform may include automation features that help customers calculate payroll, route approvals, flag workflow items, generate reminders, produce reports, or provide informational assistance. These features are generally designed to support customer workflows rather than to make solely automated decisions with legal or similarly significant effects on individuals.Where a customer configures the Platform or an integration in a way that results in automated decisions affecting individuals, the customer is responsible for ensuring that appropriate lawful bases, notices, safeguards, human review mechanisms, and rights procedures are in place. HR Forte will provide reasonable assistance where required by contract and applicable law.
8. Disclosure of Personal Data
We do not sell personal data. We may disclose personal data only where appropriate for the purposes described in this Privacy Policy, where instructed by a customer, where required by law, or where otherwise permitted by applicable data protection laws.
| Recipient category | Purpose of disclosure |
| Customers and customer-authorised users | To make Platform data available to the organisation that controls or administers the relevant account, including employer access to employee HR, payroll, attendance, leave, claims, document, and workflow data. |
| Technology providers and subprocessors | To host, secure, support, maintain, analyse, communicate, and improve the Platform. This may include cloud infrastructure, database hosting, storage, backup, support desk tooling, email, SMS, analytics, monitoring, cybersecurity, billing, and AI technology providers. |
| Customer-selected integration partners | To connect the Platform with payroll aggregators, accounting systems, identity providers, payment providers, banks, statutory portals, customer systems, or other integrations selected or authorised by the customer. |
| Professional advisers, auditors, insurers, and consultants | To support legal, tax, accounting, audit, insurance, risk management, compliance, and corporate governance activities. |
| Regulators, courts, government authorities, and law enforcement | To comply with lawful requests, statutory reporting obligations, legal proceedings, investigations, enforcement actions, or regulatory requirements. |
| Corporate transaction parties | In connection with a merger, acquisition, financing, investment, restructuring, due diligence exercise, sale of business assets, or similar corporate transaction, subject to appropriate confidentiality and data protection safeguards. |
| Other parties with consent or instruction | Where you, your organisation, or another authorised party has instructed or consented to the disclosure. |
9. Subprocessors and Third-Party Technology Providers
When HR Forte acts as processor, we may engage subprocessors and third-party technology providers to operate the Platform. We remain responsible for selecting appropriate subprocessors, conducting reasonable due diligence, imposing contractual data protection obligations, and requiring subprocessors to process personal data only for authorised purposes.
| Subprocessor or provider type | Typical platform function | Typical data involved |
| Cloud hosting and infrastructure providers | Hosting, compute, networking, storage, database, backup, and disaster recovery infrastructure. | Account data, customer data stored in the Platform, technical data, logs, and backups. |
| Security, monitoring, and logging providers | Threat detection, vulnerability monitoring, audit logs, error monitoring, uptime monitoring, and incident response support. | Technical data, log data, security events, IP addresses, and usage metadata. |
| Support desk and customer communication tools | Support case management, user assistance, onboarding, issue tracking, and customer communications. | Contact data, support tickets, communications data, screenshots or attachments submitted by users. |
| Email, SMS, and notification providers | Account notifications, authentication messages, operational alerts, product communications, and user messaging. | Contact data, message metadata, and communication content where applicable. |
| Analytics and performance tools | Product analytics, website analytics, error analysis, performance measurement, and feature improvement. | Website data, usage data, technical data, and aggregated or pseudonymised metrics where possible. |
| Billing and payment tools | Invoicing support, payment processing, account reconciliation, and billing administration. | Billing contact data, customer account details, invoice information, and payment-related references. |
| AI and automation technology providers | AskGenie and other AI-assisted functionality, where enabled and subject to customer configuration and contractual controls. | Prompts, outputs, usage metrics, and limited contextual data required to provide the feature. |
| Professional advisers and audit support providers | Legal, audit, accounting, compliance, tax, insurance, and advisory support for HR Forte as a SaaS business. | Relevant contract, billing, compliance, security, or dispute-related data. |
HR Forte maintains a current subprocessor record containing provider names, platform function, processing locations, and relevant transfer safeguards. Customers may request the current subprocessor list by contacting ask@hrforte.com. Where required by contract or applicable law, we will provide notice of material subprocessor changes and an opportunity to object under the applicable data processing terms.
10. International Transfers
HR Forte is based in Singapore and makes the Platform available to customers operating across multiple jurisdictions. Personal data may be processed in Singapore and in other countries where HR Forte, our affiliates, customers, integration partners, technology providers, or subprocessors operate.Where personal data protected by the GDPR, UK GDPR, or similar laws is transferred internationally, we use appropriate transfer mechanisms and safeguards as required by applicable law. These may include one or more of the following:
| Transfer mechanism or safeguard | How it may apply |
| Adequacy decisions | Where the destination country, territory, sector, or organisation is recognised by the relevant authority as providing an adequate level of protection. |
| Standard Contractual Clauses or equivalent contractual clauses | Where personal data is transferred to a country without an applicable adequacy decision, we may use EU Standard Contractual Clauses, UK international data transfer terms, ASEAN model contractual clauses, Singapore contractual protections, or other equivalent contractual safeguards where appropriate. |
| Transfer impact assessments | Where required, we assess the circumstances of the transfer, applicable laws and practices in the destination country, and whether supplementary measures are needed. |
| Supplementary technical and organisational measures | These may include access controls, encryption in transit, encryption at rest where appropriate, logging, least privilege access, contractual confidentiality, vendor due diligence, and security monitoring. |
| Customer instructions and data processing terms | Where HR Forte acts as processor, cross-border transfers are handled in accordance with customer instructions, applicable data processing terms, and applicable law. |
| Derogations where permitted | In limited circumstances, transfers may rely on consent, contract necessity, legal claims, important public interest, or other derogations permitted by applicable law. |
You may request information about the safeguards relevant to your personal data by contacting ask@hrforte.com. Where HR Forte acts as processor, some transfer information may need to be requested through the relevant customer.
11. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, to operate the Platform, to comply with customer instructions, to meet legal, employment, payroll, tax, accounting, statutory, regulatory, security, audit, and dispute-resolution requirements, and to enforce our rights.The table below sets out our standard retention approach. Specific retention periods may vary where a customer configures different retention settings, where local law requires longer or shorter retention, where data is needed for litigation or investigation, or where the data has been anonymised.
| Data category | Standard retention period or criterion |
| Customer account, administrator, and contract data | Retained for the duration of the customer relationship and up to 7 years after account closure or contract termination, unless a longer period is required for legal, tax, audit, dispute, or compliance purposes. |
| Billing, invoice, accounting, and payment-related records | Retained for up to 7 years after the relevant financial year or transaction, or longer where required by applicable tax, accounting, or audit laws. |
| HR, payroll, statutory, attendance, leave, claims, employee, and document data processed for customers | Retained during the customer subscription and in accordance with customer instructions, customer-configured retention settings, and applicable employment, payroll, tax, social security, and statutory recordkeeping laws. After termination, data is returned, exported, deleted, anonymised, or archived according to the SaaS subscription agreement, usually within 90 days after completion of agreed transition or export activities unless law or contract requires otherwise. |
| Support tickets and customer communications | Retained for up to 5 years after ticket closure or last customer interaction, unless needed longer for security, legal, audit, or dispute purposes. |
| Website enquiries, demo requests, and sales communications | Retained for up to 3 years after the last meaningful interaction, unless you opt out earlier or become a customer, in which case customer account retention rules may apply. |
| Marketing contact data and preferences | Retained until you unsubscribe, object, withdraw consent where applicable, or your contact record becomes inactive. We may retain limited suppression records to respect opt-outs. |
| Technical logs, security logs, access logs, and system audit trails | Retained for up to 24 months, unless required for longer to investigate incidents, prevent fraud or misuse, support audits, or comply with legal obligations. Customer-facing audit logs may be retained for longer according to customer configuration or contract. |
| Cookies and website analytics data | Retained according to the cookie category, consent settings, browser settings, and tool configuration. Session cookies usually expire when the browser session ends, while persistent cookies may remain for the period stated in the cookie settings or cookie banner. |
| AskGenie prompts, outputs, feedback, and safety logs | Retained for up to 24 months for platform operation, quality, security, audit, and improvement purposes unless customer configuration, contract, or applicable law requires a different period. |
| Backups and disaster recovery copies | Backup copies may retain data for up to 180 days before being overwritten or securely deleted through normal backup cycles, unless isolation is needed for security, continuity, or legal purposes. |
| Legal, regulatory, dispute, investigation, or enforcement records | Retained for as long as necessary to handle the matter and for any applicable limitation period, regulatory requirement, court order, legal hold, or settlement obligation. |
| Aggregated, anonymised, or de-identified data | May be retained for longer where individuals are no longer identifiable and the data is used for analytics, benchmarking, security, product improvement, or reporting. |
When personal data is no longer required, we will delete, anonymise, de-identify, securely archive, or otherwise handle it in accordance with applicable law, customer instructions, and our internal retention procedures.
12. Security
We use technical and organisational safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, and destruction. These safeguards are selected based on the nature of the data, the risks involved, the Platform functions used, and applicable legal and contractual requirements.Safeguards may include access controls, role-based permissions, authentication measures, encryption in transit, encryption at rest where appropriate, backups, logging and monitoring, least privilege access, vulnerability management, vendor due diligence, staff confidentiality obligations, incident response procedures, and internal security policies.No system can be guaranteed completely secure. Users and customers are responsible for maintaining strong passwords, protecting login credentials, configuring appropriate access rights, promptly removing access for departed users, reviewing suspicious activity, and using the Platform in accordance with their own security obligations.
13. Cookies and Similar Technologies
We use cookies, pixels, tags, local storage, software development kits, and similar technologies on our websites and Platform. These technologies help us operate the Platform, remember preferences, analyse usage, improve performance, secure accounts, and support relevant communications.
| Cookie or technology type | Purpose | Consent approach |
| Strictly necessary cookies | Enable core website and Platform functions such as authentication, security, session management, load balancing, account access, and form submission. | These are necessary for the website or Platform to work and may not require consent where permitted by law. |
| Functional cookies | Remember preferences such as language, region, display settings, or user choices. | Used based on consent where required, or legitimate interests where permitted. |
| Analytics and performance cookies | Help us understand website and Platform usage, page performance, traffic patterns, errors, and product improvements. | Used based on consent where required. Where possible, analytics data is aggregated or pseudonymised. |
| Security and fraud prevention technologies | Detect suspicious activity, protect accounts, prevent abuse, support audit trails, and maintain platform integrity. | Used where necessary for security, legal obligations, or legitimate interests. |
| Marketing and tracking cookies | Measure campaign performance, manage business-to-business outreach, and understand interactions with HR Forte content. | Used only where permitted by law and, where required, only after consent. |
Where required, we provide a cookie banner or consent tool that allows users to accept, reject, or manage non-essential cookies. You can also manage cookies through browser settings. Blocking some cookies may affect website or Platform functionality.If we use third-party analytics, advertising, or embedded content providers, those providers may process data according to their own privacy terms where they act as independent controllers. We encourage users to review the privacy settings and policies of such providers.
14. Your Privacy Rights
Depending on where you are located, the applicable law, and whether HR Forte acts as controller or processor, you may have the following rights in relation to your personal data.
| Right | What it means |
| Right to be informed | You have the right to receive clear information about how personal data is collected and used. |
| Right of access | You may request confirmation of whether personal data about you is processed and request a copy of that data. |
| Right to rectification | You may request correction of inaccurate or incomplete personal data. |
| Right to erasure | You may request deletion of personal data in certain circumstances, such as where the data is no longer needed or where processing is based on consent that you have withdrawn. |
| Right to restriction | You may request that processing be restricted in certain circumstances, such as while accuracy is being verified or where you object to processing. |
| Right to data portability | You may request a copy of certain personal data in a structured, commonly used, machine-readable format where the right applies. |
| Right to object | You may object to processing based on legitimate interests, direct marketing, or certain other grounds. The right to object to direct marketing can be exercised at any time. |
| Right to withdraw consent | Where processing is based on consent, you may withdraw consent at any time. This does not affect processing carried out before withdrawal. |
| Right not to be subject to solely automated decisions | Where applicable, you may have rights relating to solely automated decisions that produce legal or similarly significant effects. |
| Right to complain | You may lodge a complaint with a data protection authority or regulator in your country, place of work, or place of alleged infringement. |
To exercise rights in relation to data for which HR Forte is the controller, contact ask@hrforte.com. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law. Where the GDPR applies, we generally respond within one month of receiving a valid request, unless the request is complex or numerous, in which case we may extend the period by up to two additional months and inform you of the reason for the extension.Some rights are not absolute. We may refuse, limit, or delay a request where permitted by law, including where compliance would affect the rights of others, conflict with legal obligations, compromise security, prejudice legal claims, reveal confidential information, or relate to data we process only as processor for a customer.If HR Forte processes your data as processor for your employer or another customer, we may direct your request to that customer or handle it according to the customer’s instructions. Customers are responsible for enabling and responding to rights requests for data they control, and HR Forte will provide reasonable assistance as required by contract and applicable law.
15. Direct Marketing and Communications Preferences
We may send business-to-business marketing communications, product updates, event invitations, newsletters, resources, or similar communications where permitted by law. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us at ask@hrforte.com or dpo@hrforte.com.Even if you opt out of marketing communications, we may still send non-marketing platform communications, such as security notices, account alerts, support responses, billing notices, legal updates, or operational messages relating to the Platform.
16. Children’s Privacy
The Platform is a business and employment-related SaaS platform and is not intended for direct marketing to children. We do not knowingly market the Platform directly to children. In limited circumstances, personal data relating to minors may be processed through the Platform where required for lawful employment, internship, apprenticeship, dependent benefit, statutory, tax, immigration, or similar HR and payroll administration purposes. In such cases, the relevant employer or customer is responsible for ensuring that the processing is lawful and that any required notices, consents, or safeguards are in place.
17. Third-Party Websites and Integrations
The Platform may link to or integrate with third-party websites, applications, platforms, or systems. Third-party privacy practices are governed by their own privacy policies and terms. HR Forte is not responsible for the privacy practices of third parties that act as independent controllers. Where a customer enables an integration, authorises a third-party application, or instructs HR Forte to share data with another system, that customer is responsible for ensuring that the integration is lawful, appropriate, and properly communicated to affected individuals.
18. Customer Responsibilities
Customers using the Platform are responsible for configuring the Platform lawfully, assigning appropriate access rights, ensuring user authorisations are current, providing required notices to employees and users, identifying lawful bases for customer-controlled processing, managing employee privacy rights requests, complying with employment, payroll, tax, statutory, and data protection obligations, and ensuring that customer-uploaded data is accurate and necessary.Customers should avoid uploading unnecessary sensitive data, should review role permissions regularly, and should ensure that their internal policies explain how HR Forte is used in their organisation.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Platform, legal requirements, security practices, business operations, or data processing activities. Updated versions become effective when published unless a later effective date is stated. Where changes are material, we may notify customers or users through the website, Platform, email, contract notice, or another appropriate method. Customers are responsible for communicating relevant changes to their employees or users where required.
20. Contact Us
If you have questions about this Privacy Policy, our data protection practices, or your privacy rights, please contact us.
| Contact purpose | Details |
| Company | HR Forte Systems Pte. Ltd. |
| Address | 109 North Bridge Road, #07-22 Funan, Singapore 179097 |
| General enquiries | ask@hrforte.com |
| Data Protection Officer | dpo@hrforte.com |
| Website | https://www.hrforte.com |
If your question relates to personal data controlled by your employer or another HR Forte customer, please contact that organisation first. HR Forte may need to refer your request to that organisation where we act as processor.