This Platform Privacy Policy explains how Cadena HRM Series 5. system ("we", "us", "our") processes and protects personal data when providing our Human Resources Management software platform (“Platform”).
This policy applies to all users of the Platform, including employees, candidates administrators, and authorized users of our tenants/customers (“Tenants”).
Cadena HRM Series 5. system acts primarily as a data processor when providing the Platform to Tenants.
• Tenants are data controllers and determine the purposes and means of processing personal data.
• We process personal data solely on documented instructions from Tenants and in accordance with applicable data protection laws.
Depending on the modules, features, and configurations selected by Tenants. The Platform may process the following categories of personal data • Identification information (e.g. name, personal identification number, gender, nationality) • Statutory information (e.g. tax identification number, social insurance number, health insurance number, family or dependent relationships, where applicable) • Contact information (e.g. business email address, business phone number) • Other employment-related information (e.g. education background, working experience) • Consent and privacy-related records (e.g. consent status, consent withdrawal history)
We process personal data for the following purposes:
• Providing, operating, and maintaining the Platform
• Enabling HR and workforce management functions as configured by Tenants
• Supporting consent management, data retention, and de-identification features
• Ensuring system security, availability, and performance
• Meeting legal, regulatory, and compliance obligations
Our processing activities are carried out to support the following lawful bases established by Tenants:
• Conduct of a contract with Tenants
• Compliance with legal obligations
• Legitimate interests in maintaining a secure and reliable Platform
• Consent, where required and obtained by the Tenants
We provide technical functionalities such as application programming interfaces (APIs) that allow Tenants to access, extract, or transmit personal data in line with their own configurations, permissions, and legal responsibilities.
Any sharing or disclosure of personal data through these functionalities is initiated, managed, and determined solely by the Tenants.
When necessary, we may engage trusted sub-processors to support the operation of the Platform, including hosting, security, and technical support services. All sub-processors are contractually required to maintain appropriate data protection, confidentiality, and security in compliance with applicable data protection laws.
Personal data processed through the Platform is retained in accordance with the documented instructions of Tenants in compliance with applicable data protection laws.
The Platform provides functionalities to support data retention controls and data de-identification for both HR operational purposes and legal or regulatory purposes, as determined by the Tenants.
• Once personal data is de-identified for HR purposes, such data is no longer used for business processing and is made available solely for audit, reporting, or compliance-related purposes.
• Once personal data is de-identified for legal purposes, the data is no longer used for business processing, audit, or compliance activities and is retained only in a de-identified form as required by applicable laws.
Data subjects may have certain rights under applicable data protection laws. The exercise of these rights is determined and authorized by Tenants.
Subject to the permissions and company policies of the relevant Tenants, employees may be able to:
• Access, correct, or request deletion of their personal data
• View applicable privacy policies and notices
• Give consent or withdraw previously given consent (where applicable), especially in cases where they no longer have an employment relationship with the Tenants
Subject to the permissions and recruitment policies of the relevant Tenants, candidates may be able to:
• View applicable privacy policies and recruitment-related privacy notices
• Give consent or withdraw previously given consent, where applicable, especially in cases where the candidate is no longer under consideration for employment
We implement appropriate technical and organizational measures to protect personal data, including:
• Access controls and authentication
• Encryption and secure data transmission
• Audit logging and monitoring
• Regular security assessments
Personal data processed through the Platform is determined and managed by Tenants. When personal data is transferred, stored, or accessed across national borders, these actions are carried out under the instructions of the relevant data controller and in compliance with applicable data protection laws.
We implement appropriate technical and organizational measures to safeguard personal data during international transfers. These include encryption in transit and at rest, access controls, and secure infrastructure. Our measures are designed to support data controllers in fulfilling their cross-border data protection obligations.
We may update this Platform Privacy Policy from time to time to reflect changes in legal requirements or our processing practices. Any updates will be made available through the Platform or other appropriate communication channels. Such updates apply only to personal data processed after the revised policy becomes effective, and do not override the privacy policy or instructions provided by Tenants.
If you have questions about this Platform Privacy Policy or our data protection practices, please contact:
Data Protection Officer
Email: data-protection@cadena.com.sg
Address: Aloha Building, 2nd Floor, 68 Hong Ha Street, Tan Son Hoa Ward, Ho Chi Minh City, Vietnam