How ECCP handles personal data in Office Management System

1. Who controls the data

ECCP is the organization responsible for employee and workplace records processed in this system. Questions or requests should be sent to HR, Operations, or the assigned system administrator unless a formal Data Protection Officer contact is published internally.

2. Data we process

• Identity and employment data: name, employee code, email, department, position, reporting manager, employment status, hire date, and profile photo.
• Contact and profile data: mobile number, date of birth, timezone, and employee-maintained profile details.
• Government identifiers: SSS, PhilHealth, Pag-IBIG, and TIN, stored encrypted at rest where supported by the application.
• Workflow data: leave, overtime, offset, cash advance, reimbursement, liquidation, attachments, approval decisions, comments, printable slips, balance ledgers, and request history.
• Attendance data: biometric mappings, imported or device-supplied time logs, manual corrections, DTR summaries, and audit records.
• Security and system data: authentication records, two-factor settings, recovery controls, reCAPTCHA and SSO settings, notifications, email delivery metadata, device/browser session signals, and audit-friendly timestamps.

3. Why we process data

The system is used to administer HR, attendance, payroll-adjacent approvals, accounting requests, workplace policy access, security controls, and legally or operationally required records. Processing may be based on employment administration, legitimate operational interests, contractual obligations, legal obligations, consent where appropriate, or other lawful bases that apply to the organization.

4. Who can access data

Access is role-based. Employees can generally view their own records. Reporting managers can review requests for direct reports. HR, Operations, Accounting, and authorized administrators can access records needed for their function. The application includes permissions, scoped queues, and private attachment downloads to reduce unnecessary access.

5. Integrations and service providers

The system may use email delivery, Google SSO, Google Calendar for approved leave visibility, reCAPTCHA, biometric attendance devices, server hosting, backups, and storage services. These providers may process limited data required to deliver those services. Integrations should be enabled only after the organization confirms the appropriate contracts, safeguards, and configuration.

6. Cookies and local storage

OMS uses essential cookies and browser storage for login sessions, CSRF protection, remember-me authentication when selected, two-factor and security flows, saved interface preferences, and the one-time cookie notice choice. Optional third-party cookies may be introduced only when integrations such as Google sign-in, Google Calendar, or reCAPTCHA are enabled. Choosing Reject optional keeps required security/session cookies but declines optional cookies controlled by the application.

7. Security controls

The application supports account passwords, Google SSO, two-factor authentication, recovery codes, administrator 2FA reset controls, encrypted sensitive profile fields, private file downloads, role-based permissions, audit-style ledgers, and configurable security settings. Security also depends on server hardening, HTTPS, backups, access reviews, and operational procedures outside the application code.

8. Retention

Records are retained for employment, accounting, audit, dispute, tax, payroll, security, and operational purposes according to company policy and applicable law. Administrators should define retention schedules for HR records, attachments, attendance logs, notifications, security logs, and backup copies.

9. Employee rights and requests

Depending on applicable law, employees may request access, correction, restriction, deletion, portability, objection, or review of how their personal data is handled. Some records may need to be retained where required for employment, accounting, legal, or security reasons. Requests should be reviewed by HR or the designated privacy contact before changes are made.

10. International access and transfers

If the system, backups, or integrations are hosted or accessed outside the employee location, the organization should confirm the applicable transfer safeguards, vendor terms, and regional compliance requirements before production use.

11. Updates

This policy may be updated when modules, integrations, legal requirements, or internal policies change. Material changes should be communicated to employees through an appropriate company channel.