1. Objective
The objective of this policy is to ensure that personal data processed through MintHRM is protected
in accordance with the General Data Protection Regulation (GDPR) and the Health Insurance
Portability and Accountability Act (HIPAA). This policy outlines how MintHRM collects, processes,
stores, shares, and protects personal and sensitive data.
2. Scope
This policy applies to all employees, contractors, clients, vendors, and third-party partners who
access or process personal data through MintHRM systems, including web and mobile platforms. It
covers:
- Personally Identifiable Information (PII)
- Protected Health Information (PHI)
- Employment and HR-related data
3. Policy Statement
MintHRM is committed to safeguarding the privacy and rights of data subjects. We collect and
process personal data lawfully, fairly, and transparently. All data is used strictly for the purposes
communicated to the data subjects and in line with applicable legal requirements.
4. Data Collection and Usage
- Personal data is collected only for legitimate, specific, and clearly defined purposes.
- Data includes identifiers such as names, contact details, employment data, and where applicable, health-related information under HIPAA.
- Legal bases for processing include user consent, contractual necessity, legal obligations, and legitimate interests.
- Data is not used for unrelated purposes without further consent.
- Sensitive data, especially health information, is handled under strict compliance with HIPAA guidelines.
5. Document Security Classification
All documents are classified to ensure appropriate handling:
- Public: No restrictions on access or sharing.
- Internal Use Only: Accessible only to MintHRM staff.
- Confidential: Limited to specific roles with authorization.
- Restricted / Highly Confidential: Access strictly controlled; includes sensitive personal and health data.
6. Non-Compliance
Non-compliance with this policy, whether intentional or accidental, may lead to disciplinary action,
legal consequences, and/or termination of employment or contract. Data breaches are reported
according to GDPR/HIPAA timelines and protocols.
7. Responsibilities
- Employees: Follow privacy guidelines and report any potential risks or breaches.
- Managers: Ensure team compliance and provide training.
- Data Protection Officer (DPO): Oversee policy implementation, updates, and legal compliance.
- IT and Security Teams: Maintain technical safeguards and monitor data protection systems.
8. Schedule
- Policy Review: Annually, or in response to legal or operational changes.
- Training: Conducted for all staff during onboarding and refreshed annually.
- Audits: Bi-annual privacy audits to ensure ongoing compliance with GDPR and HIPAA.
