Roles
For the data you load into SmartPRO about your employees, you are the data controller and SmartPRO is the data processor acting on your instructions. SmartPRO does not sell personal data or use your employees' data to train models.
What personal data we process
| Category | Examples |
|---|---|
| Identity | Name, civil ID, passport number & expiry, nationality, gender, marital status |
| Contact | Email, phone, address, emergency contact |
| Employment | Contract terms, role, department, hire date |
| Financial | Salary, allowances, deductions, IBAN, bank name/code/account |
| Attendance & leave | Punches, sessions, leave balances |
| Documents | Contracts, letters, uploaded files (CVs, IDs) |
| Usage | Audit logs, session metadata |
How we protect it
- Data minimisation on read. Sensitive fields (e.g. salary, IBAN) are redacted by policy unless the viewer's role and scope permit them — see Security → Access control.
- Access control & tenant isolation. Strict RBAC and per-company scoping; auditors are read-only.
- Audit trail. Access to and changes of sensitive records are logged.
- Encryption in transit (HTTPS/HSTS) and encrypted secrets at rest. Note: employee PII is not field-encrypted at the application layer today — see the encryption table in Security.
Data-subject requests
A data subject (employee) can request access, correction, or erasure of their personal data. Route requests through the controller (the employing company), whose administrators can view and correct records in-product; deletion/export beyond in-product tooling is handled by arrangement with SmartPRO support. (Define the SLA and the export/erasure mechanism before publishing — see "open items.")
Retention
Records are retained for the life of the account and your statutory record-keeping obligations under Oman labour and tax law. Automated retention/purge schedules are not yet enforced in-product (a roadmap item); deletion is currently performed on request. Do not state a specific retention period publicly until the policy is defined and approved.
Data residency
To be confirmed. Hosting region and database location determine residency; confirm with your deployment/infrastructure owner before making any residency claim (this matters for government and regulated customers).
Subprocessors
Third parties that may process data on our behalf are listed on the Subprocessors page. Several are optional and only engaged if you enable the related feature.
Open items before this page is published
- Confirm RD 6/2022 reference, effective date, and applicability.
- Define and approve the retention schedule and the data-subject-request SLA + export/erasure mechanism.
- Confirm data residency (hosting region).
- Align this page with your signed DPA and Privacy Policy and link them here.