Privacy and Data Protection Policy

Last Updated: For Android May 29, 2025 and for iOS May 28, 2025

1.Introduction

Centelon (“the Company”, “we”,“our”, or “us”) is committed to protecting the privacy and confidentiality of personal and employment-related data collected through the Centor mobile application (App) to be used on IOS and Android platform. This Policy explains in detail what information we collect, why we collect it, how we use it, how long we retain it, how we protect it, and what rights you have as a user.

We comply with the Applicable laws of the specific regions and follow best practices.

By downloading, installing, or using the App, you consent to the practices described in this Policy.

2.Scope and Applicability

This Policy applies to:

  • All individuals who use the Centor mobile application.
  • Employees, interns, consultants, and contractors whose data is processed for HR purposes.
  • All modules and features of the App, including Approval (timesheet, leave, CRM (POSS), Project, recruitment, Expenses, Travel and Visa), Help desk, Leave management, Timesheet management, Holiday calendar, Employee events (Birthdays and work anniversary).

It governs all data collected, processed, or stored through the App, whether automatically or manually.

3.Categories of Data We Collect

The App collects only the information necessary for legitimate HR and administrative purposes.

a)Personal and Identification Information

This includes:

  • Full name, date of birth, gender, and contact details (phone, email, address).
  • Employee ID, department, job title, and reporting structure.

b)Employment and HR Data

We collect employment-related information such as:

  • Attendance and working hours(including check-in/out details).
  • Leave records and shift schedules.
  • Performance reviews, training history, and feedback.
  • Disciplinary or compliance records(if applicable).

c)Device and Technical Information

When you use the App, certain technical details are automatically collected:

  • Device type and model, operating system version, and unique device identifiers.
  • App crash reports and performance analytics to improve stability and user experience.

d) Camera and Media Access

The App may require access to your device’s camera and gallery for raising Help desk ticket which has inbuilt functionality for uploading and capturing the images.

Note: Images or documents capture dare encrypted and stored securely on company servers or approved cloud systems. Camera access is only used when required within the App and cannot be used secretly or without user interaction. Only for Help desk to raise/ create a ticket the image capture or image upload functionality is there

e)Notifications

The App may send push notifications or in-app messages to inform you about attendance or leave status.

4.Purpose of Collecting and Using Data

We collect and use data for the following legitimate HR, administrative, and operational purposes:

  • Employment and HR Management: To maintain accurate employee records, manage attendance, leaves, and internal communication.
  • Legal and Statutory Compliance: To comply with applicable labor laws, taxation, provident funds, or social welfare requirements.
  • Security and Authentication: To verify user identity, prevent unauthorized access, and ensure system integrity.
  • Biometric login: is used to login to the app through Android fingerprint login, iOS fingerprint and face ID login.
  • Internal Communication: To send HR updates, policy notifications, and reminders.
  • Performance and App Improvement: To analyze app usage and enhance usability, stability, and user experience.
  • Record Retention and Audit: To maintain historical records for audit, compliance, or legal purposes.

We do not use your personal data for marketing, advertising, or unrelated commercial purposes.

5.Data Retention

  • Your personal and employment data is stored for as long as you are employed or associated with the Company.
  • After termination or resignation, data may be retained for a legally mandated period to comply with labor and financial regulations.
  • Attendance, payroll, and compliance records are generally retained for up to 7 years, unless law requires longer retention.
  • Once the retention period expires, the data will be securely deleted, anonymized, or archived.

6.Legal Basis for Processing

We process data under the following legal grounds:

  • Consent: For optional permissions such as camera or location access.
  • Contractual necessity: To fulfill obligations under your employment or consultancy agreement.
  • Legal compliance: To satisfy statutory reporting or labor law requirements.
  • Legitimate business interest: To maintain efficient HR operations and secure systems.

7.Data Protection and Security

To protect your information from unauthorized access, misuse, loss, or alteration, we implement comprehensive security safeguards, including:

  • Encryption (SSL/TLS) for data transmission and storage.
  • Biometric Login
  • Regular data backups and disaster recovery mechanisms.
  • Audit trails and monitoring of access logs.
  • Employee confidentiality agreements and periodic security awareness training.

Despite these measures, no system is entirely immune to security risks; however, we take every reasonable step to mitigate them.

8.Child Safety & Minor Data Protection

  • Protection of Minors: The App is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal data from minors except as permitted under applicable law.
  • Parental/Guardian Consent: Where the App may involve minors(e.g., interns under 18 or dependents in HR programs), explicit consent from a parent or legal guardian will be obtained before collecting or processing any personal information.
  • Limited Data Collection: Only essential information required for HR, administrative, or legal purposes is collected from minors. Sensitive data such as contact information is collected only when strictly necessary and with parental approval.
  • Security Measures: All data collected from minors are protected with the same security standards as adult data, including encryption, role-based access control, and restricted storage.
  • Right to Delete: Parents or legal guardians may request deletion of a minor’s personal data at any time, subject to any legal obligations for retention.
  • Communication: Any notifications or communications intended for minors will be directed through the parent or guardian where applicable.

9.Data Sharing and Disclosure

Your data may be shared only with:

  • Internal departments (HR, Finance, IT, Administration)for legitimate HR functions.
  • Government agencies or regulators, if required by law, court order, or statutory process.
  • Group entities or affiliates, if operations are centralized, under equivalent data protection safeguards.

The Company does not sell, rent, or trade your personal data to any third party.

10.Cross-Border Data Transfer

If your organization uses cloud services or systems hosted outside India, your data may be transferred to secure servers located in other jurisdictions.
All such transfers are done in compliance with the applicable Data Protection Act and are protected by standard contractual safeguards ensuring equivalent data protection.

11.Your Data Protection Rights

Asa user, you have the following rights:

  • Right to Access: Obtain a copy of your personal data held by the Company.
  • Right to Correction: Request updates or corrections to inaccurate or outdated information.
  • Right to Withdraw Consent: Revoke permission for optional features (e.g., camera or location).
  • Right to Deletion: Request deletion of data that is no longer necessary or legally required.
  • Right to Restrict Processing: Ask the Company to temporarily suspend data usage.
  • Right to Data Portability: Request export of your data in a structured format (where applicable).
  • The users may be required to verify their identity before the Company processes their request, to avoid unauthorized access

You may exercise these rights by contacting through the email id operations@centelon.com.

12.Data Breach Management

In case of any unauthorized access, data loss, or breach occurs:

  • The incident will be immediately investigated by our IT and compliance teams.
  • Corrective measures will be taken to secure systems and minimize damage.
  • Affected users and regulatory authorities will be notified promptly, as required by law.

13.Governance and Accountability

The Company ensures ongoing compliance through:

  • Appointment of a Data Protection Officer (DPO).
  • Periodic privacy impact assessments and data audits.
  • Defined grievance redressal and escalation mechanisms.
  • Regular training of HR and technical staff handling employee data.

14.Updates to This Policy

We may revise this Policy from time to time to reflect legal updates or operational changes. The revised version will be posted within the App and on our website, and the “Last Updated” date will be changed accordingly. Continued use of the App implies acceptance of the updated terms.

15. Contact Information For any privacy or data protection concerns, please contact: operations@centelon.com

Centelon Logo White

Centelon is a diversified group, focused on technology and technology-impacted businesses targeted at governments, and businesses across various industry verticals.

HomeAbout UsBusinessesProductsIncubation
InvestmentAcquisitionNewsroomCareersContact Us
Terms of ServicePrivacy Policy

2025 Centelon PTY Ltd.  All rights reserved