Morganti GCC HR Privacy Policy and Data Procedures

1. Scope

This policy applies to employees, managers, HR administrators, finance users, executives, and other authorized users who access Morganti GCC HR. The application supports HR workflows such as attendance, leave, exit and entry requests, business trips, expense claims, approvals, notifications, profile information, and supporting document handling.

2. Data We Access or Collect

Depending on your role, permissions, and the features you use, we may access or collect the following data:

• Account and identity data: name, employee code, organization code, role, department, job information, email address, phone number, login credentials, and authentication tokens.
• HR profile data: employment details, leave balances, attendance records, request history, approval status, payslip or HR document references where enabled, and employee profile records.
• Request data: leave requests, missing punch requests, business trip details, expense claim details, resignation requests, bank information updates, personal data change requests, pre-approval request details, comments, approval actions, rejection reasons, and revision notes.
• Location data: approximate and precise device location, including foreground location and, where enabled and permitted by the user, background location for attendance and project geofence features.
• Camera and file data: photos, scanned documents, images, PDFs, spreadsheets, or other files that you choose to upload as supporting attachments for HR workflows.
• Notification data: device notification tokens, unread status, notification delivery metadata, and notification interaction records.
• Device and usage data: device type, operating system, app version, error logs, diagnostics, and basic usage events needed to secure, maintain, and improve the service.

3. Location Data Procedure

Morganti GCC HR uses location data only for HR attendance and project workflow functionality. Location is not used for advertising and is not sold.

• Why location is used: to verify attendance check-in and check-out near project sites, suggest nearby projects, support project geofences, auto-fill relevant location fields, and send check-in or check-out reminders.
• When location is collected: when you use attendance or project location features in the app, and, if you grant background location permission, when project geofence monitoring is active while the app is closed or not in active use.
• What location is collected: approximate location, precise GPS location, timestamp, and related project or attendance context needed to process the HR action.
• User control: you can deny or revoke location permissions from your device settings. If location permission is disabled, attendance, geofence, nearby project, and reminder features may not work correctly.

4. How We Use Data

We use collected data for the following purposes:

• Authenticate users and protect accounts.
• Provide HR, attendance, request, approval, notification, and reporting features.
• Route requests to the correct manager, HR, finance, or executive approver.
• Maintain audit records for submitted requests, approvals, revisions, and attendance actions.
• Secure the application, prevent unauthorized access, investigate errors, and improve reliability.
• Comply with applicable legal, employment, audit, and internal policy obligations.

5. Financial and HR Request Clarification

Morganti GCC HR is an employee HR workflow application. It is not a public personal loan, payday loan, earned wage access, credit, investment, cryptocurrency, or consumer financial services application.

If an employer enables internal employee financial workflows, such as expense claims, reimbursements, bank information updates, or employee advance/loan request records, those workflows are handled as internal HR and employer policy processes for authorized employees only. Morganti GCC HR does not advertise, broker, sell, or independently issue consumer loans to the public.

6. Data Sharing

We share user data only as needed to operate Morganti GCC HR and support employer HR processes:

• With authorized internal users such as HR teams, managers, finance teams, and executives based on role permissions.
• With service providers that host, secure, maintain, or support the application and backend systems.
• When required by law, regulation, audit, legal process, or enforceable government request.

We do not sell personal data.

7. Data Retention and Deletion Procedure

We retain personal data only for as long as needed to provide HR services, maintain employment and audit records, comply with legal obligations, resolve disputes, and enforce internal policies.

• Account and HR records are retained according to employer HR and legal retention requirements.
• Attendance and location-linked records are retained as part of attendance, payroll, audit, and HR compliance records.
• Uploaded attachments are retained with the HR request record unless deleted according to approved retention procedures.
• Users may request access, correction, or deletion where permitted by applicable law and employer policy.

8. Security Procedure

We use administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include authentication controls, role-based access, encrypted connections, access logging, secure backend storage, and operational monitoring.

9. User Rights and Choices

Depending on applicable law and employer policy, you may request to access, correct, update, restrict, transfer, or delete your personal data. You may also withdraw optional permissions, such as location, camera, files, or notifications, from your device settings. Some features may stop working if required permissions are disabled.

10. Third-Party Services

The app may use trusted third-party platforms and SDKs to provide maps, notifications, analytics, diagnostics, hosting, and application infrastructure. These services process data only as needed to provide the relevant app functionality or support service operations.

11. Changes to This Policy

We may update this policy when app features, legal requirements, security practices, or data procedures change. The updated version will be published on this page with a revised effective date.

12. Contact Us

If you have questions about this privacy policy, data procedures, or user data requests, contact us at:

• Email: ahamed@morganti.com.sa
• Phone: +966507196492

Please include your name, organization, employee code if applicable, and the nature of your request so we can route it correctly.