TalinoHRTalinoHR

Privacy Policy

Last updated: February 23, 2026

1. Introduction

TalinoHR, operated by IOL Inc., is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect personal data processed through the TalinoHR platform, in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations.

This policy applies to all users of the TalinoHR platform, including Client administrators, HR personnel, managers, and employees who access the employee self-service portal.

2. Information We Collect

Personal Information

  • Full name, date of birth, gender, civil status, and nationality
  • Home address, email address, and phone number
  • Government identification numbers: SSS, PhilHealth, Pag-IBIG (HDMF), and TIN
  • Bank account details for payroll disbursement
  • Emergency contact information

Employment Data

  • Position, department, and work location
  • Compensation details (salary, allowances, deductions)
  • Attendance and leave records
  • Performance reviews, goals, and development plans
  • Personnel actions (promotions, transfers, disciplinary records)
  • Employment history and dates

Technical Data

  • IP address and browser type
  • Access logs and session information
  • Device information used to access the platform

3. Legal Basis for Processing

Under Republic Act No. 10173, we process personal data based on the following legal grounds:

  • Consent: Users provide consent during account registration and when submitting personal information through the platform.
  • Contractual Necessity: Processing is necessary to fulfill the service agreement between TalinoHR and the Client, including payroll computation, benefits administration, and employee management.
  • Legitimate Interest: Processing for platform security, fraud prevention, service improvement, and analytics that do not override the rights of data subjects.
  • Legal Obligation: Processing required by Philippine law, including government reporting to the BIR (tax withholding), SSS (social security contributions), PhilHealth (health insurance contributions), and Pag-IBIG (housing fund contributions).

4. How We Use Your Information

We use personal data to:

  • Process payroll, compute government contributions, and generate payslips
  • Manage employee records, attendance, and leave balances
  • Facilitate performance reviews, goal tracking, and development plans
  • Process personnel actions (promotions, transfers, separations)
  • Generate government compliance reports (BIR, SSS, PhilHealth, Pag-IBIG)
  • Send platform notifications and email communications
  • Provide AI-powered analytics and assistance (without exposing personal data to AI models)
  • Respond to support tickets and user inquiries
  • Maintain platform security and audit logs

5. Data Sharing and Third Parties

We do not sell personal data. We share data only with the following categories of recipients, strictly as needed to provide the Service:

  • Mailjet: Email delivery service for platform notifications, payslip delivery, and support communications. Only email addresses and message content are shared.
  • Cloudflare R2: Secure file storage for document attachments (e.g., personnel action documents). Files are encrypted at rest.
  • Anthropic (Claude AI): Powers the AI assistant feature. No employee personal data is sent to AI models. The assistant only accesses platform knowledge base content.
  • OpenAI: Used solely for generating knowledge base embeddings for the AI assistant. No employee personal data is processed.
  • Government Agencies: SSS, BIR, PhilHealth, and Pag-IBIG as required by Philippine law for statutory contributions and tax reporting.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit using TLS/SSL for all data transmissions
  • Role-based access control (RBAC) with seven distinct permission levels
  • JWT-based authentication with secure token handling
  • Comprehensive audit logging of data access and modifications
  • Automatic PII redaction in application logs (government IDs, salary data, bank details are never logged in plaintext)
  • Single-tenant architecture ensuring complete data isolation between Clients
  • Regular security reviews and access monitoring

7. Data Retention

Personal data is retained for the duration of the Client's subscription and the employee's active employment, plus any additional period required by Philippine law:

  • Payroll records are retained as required by BIR regulations (minimum 10 years)
  • Government contribution records are retained per SSS, PhilHealth, and Pag-IBIG requirements
  • Audit logs are retained for the duration of the service agreement

Upon termination of the service agreement, Client data remains available for export for thirty (30) days, after which it is securely deleted unless retention is required by law.

8. Your Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, you have the following rights:

  • Right to Be Informed: You have the right to be informed of the collection, processing, and storage of your personal data.
  • Right to Access: You may request access to your personal data held by TalinoHR.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure or Blocking: You may request the removal or blocking of your personal data under certain conditions.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your personal data, including processing for direct marketing.
  • Right to Damages: You may claim compensation for damages sustained due to inaccurate, incomplete, outdated, or unlawfully obtained personal data.
  • Right to File a Complaint: You may file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.

To exercise any of these rights, please contact your organization's HR administrator or reach out to us directly at the contact information below.

9. Cookies and Tracking

TalinoHR uses only essential cookies required for platform functionality:

  • Authentication cookies: JWT tokens stored securely to maintain your login session.
  • Session preferences: Basic UI preferences for your browsing session.

We do not use third-party tracking cookies, advertising cookies, or analytics tracking tools that collect personal data. No data is shared with advertising networks.

10. Children's Privacy

TalinoHR is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

11. International Data Transfers

Personal data is primarily stored and processed within infrastructure located in or serving the Philippines. Some third-party service providers (such as email delivery and file storage) may process data outside the Philippines. In such cases, we ensure adequate safeguards are in place, including contractual obligations that provide a level of data protection consistent with RA 10173.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify users of material changes via platform notification or email at least thirty (30) days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Data Protection Officer

IOL Inc. has designated a Data Protection Officer (DPO) to oversee compliance with RA 10173 and handle data privacy inquiries. You may contact our DPO at:

14. National Privacy Commission

If you believe your data privacy rights have been violated and are not satisfied with our response, you may file a complaint with the National Privacy Commission (NPC):

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: