Humanised Privacy Policy

1. General Information

In this privacy policy, “us”, “we”, “our”, “Humanised Platform” or “Humanised” means Humanised Technology Solutions (Private) Limited and our related bodies corporate including Beta

At Humanised, we are committed to safeguarding the privacy of our users’ personal information. This privacy policy applies to all personal information provided to us and all personal information stored on the website (“HPWebsite“), web application, mobile applications and Humanised Platform functionality, services and content (collectively known as “Humanised Platform”) owned or operated by us as set out in this privacy policy.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this privacy policy and any collection notices provided to you from time to time.

We may change our privacy policy from time to time by publishing changes to it on the HP Website. We encourage you to check the HP Website periodically to ensure that you are aware of our current privacy policy.

If the change to our privacy policy is significant and you have an account with us, we will let you know through your account or by email.

2. What Personal Information do we Collect

When used in this policy, the term “personal information” means any information, opinion or data that we collect about an individual where that individual is identified or where that individual is reasonably identifiable. It also includes “personal information”, “personal data” or similar terms as defined in any applicable privacy or data protection laws.

The types of personal information we may collect and hold will vary depending on your dealings with us. This information includes, but is not limited to, the following:

  • names and addresses;
  • details regarding gender and marital status;
  • dates of birth and phone numbers;
  • email details;
  • remuneration details;
  • superannuation details;
  • tax information;
  • profession, occupation or job title;
  • job qualifications and history;
  • computer IP addresses; and

any additional information relating to you that you provide to us directly through our websites or indirectly through use of the Services.

If we are providing you with additional products and services, the types of personal information we may collect may include, without limitation:

  • group certificates, payslips, and other income or earnings information;
  • proof of identity documentation, such as passports, drivers licenses and birth certificates;
  • financial information, including but not limited to, home loans, credit cards, vehicle loans and personal loans;
  • utility bills including internet services;
  • health and life insurance policy statements;
  • information relevant to your lifestyle options including but not limited to, health and fitness information, entertainment services and mobile services;
  • information relevant to your financial needs and objectives;
  • information relevant to your assets and liabilities, income and expenses;
  • information relevant to your investment preferences and attitude or tolerance to risk; and
  • any other information provided for the purposes of providing additional products and services.

Some of the personal information we collect may be sensitive or special categories of personal information including:

  • information revealing racial or ethnic origin;
  • political affiliations;
  • religious or philosophical beliefs;
  • trade union memberships;
  • biometric data; and
  • health information.

By providing this information to use, or consenting to a third party (such as your employer) providing that information to us, you consent to our collection and use of that information as set out in this privacy policy.

3. How Personal Information is Collected

We generally collect your personal information directly from you. We do this in ways including:

  • by way of dealing with you in person;
  • over the telephone;
  • through electronic communications including emails;
  • through the Humanised Platform (including details entered upon registration for use of the Humanised Platform or use of any of the services available through the Humanised Platform); and
  • through customer feedback or survey forms.

We may also collect your personal information from a third party where you have consented to the personal information being provided by the third party (for example, where an employer provides information about employees to the Humanised Platform for the purpose of using our services, or where personal information is collected by our third party service providers who are permitted to disclose that information to us). We may also collect information from you through our related bodies corporate.

From time to time, you may provide us, and we may collect from you, personal information from a third party (for example, information about employees if you are entering data on behalf of an employer). Where you provide the personal information of a third party, it is your responsibility to ensure that those persons are aware of this privacy policy, understand it and agree to accept it.

4. Purpose of Collecting, Holding, Using and Disclosing Personal Information

The primary purpose for which we collect, hold, use and disclose information about you is to enable us to perform our business activities, functions and services and to provide customer service effectively. We collect, hold, use and disclose your personal information for the following purposes:

to provide our services and support to you;

  • to personalise and customise your experience with our products and services;
  • to manage and enhance the Humanised Platform and our products and services;
  • to provide you with information about our existing and new products and services (including for direct marketing purposes as described in section 5 below);
  • to share contact details including mobile phone numbers with your employer and co-workers, where your employer has activated this feature and you have not opted out;
  • to verify your identity;
  • to investigate any complaints about, or made by, you;
  • to investigate any suspected breach of any of our terms and conditions or unlawful activity engaged in by you;
  • for any purpose we disclose to you at the time of collection; and
  • as required or permitted by any law.

In addition, we may use personal information for the following purpose where you request or authorise us:

  • to allow third parties to provide additional products and services to you;

If you do not provide us with the personal information described in this policy:

  • we may not be able to provide you with information about products and services that you requested;
  • we may not be able to provide you with the Humanised Platform or products or services you requested; and
  • we may not be unable to tailor the content of the Humanised Platform to your preferences and your experience of the Humanised Platform may therefore not be useful.

Personal information collected for marketing purposes may be communicated to a third party where you have consented to the personal information being provided to the third party (for example by agreeing to provide information for directed marketing, including but not limited to, discounts, offers and promotions).

5. Direct Marketing

We may use personal information for direct marketing reasons, including updating you on our latest products, services and news. These communications may be sent in various forms, including mail, SMS, email or through your account with us, in accordance with applicable marketing laws.

You can opt out of receiving this direct marketing at any time by using any of our unsubscribe mechanisms or by contacting

6. Disclosure of Personal Information

We may disclose your personal information to:

  • our employees, related bodies corporate, contractors or external service providers for the purposes of the operation of the Humanised Platform or our business, fulfilling requests by you, and otherwise providing products and services to you;
  • our existing or potential agents, business partners or joint venture entities or partners to enable us to perform our business activities and provide products and services to you;
  • specific third parties authorised by you to receive information held by us;
  • relevant authorities and institutions including the tax authorities, payroll providers, banks, financial institutions and superannuation providers in connection with the provision of our services or if required by law; and

the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator if required by law or we consider it necessary for the protection of our systems or for the prevention or detection of illegal activity.

7. Cookies and Statistical Analysis

We use cookies. When you use the Humanised Platform or any of our services, certain information may be recorded for statistical purposes. Such information enables us to improve our products and services. The information that may be recorded includes information regarding your:

  • server address;
  • domain name;
  • date and time of visit;
  • previous websites visited; and
  • browser type and operating system; and location data.

More information about the types of cookies we use, why, and how you can control them please read our cookie notice.

8. Storage & Security of Personal Information

To provide the Humanised Platform and our products and services, we contract with third party suppliers who store data on secure data centres .  Further details on our third party storage provider’s location and security can be found here.

While we take all reasonable steps to ensure the security of our system, we cannot provide any guarantee regarding security of the personal information and other data transmitted to the Humansied Platform or services and we will not be held responsible for events arising from unauthorised access of your personal information.

9. Do we Send Personal Information Overseas?

Personal information will be mainly hosted on third party servers in the countries as described in section 8 above. However, Humanised Platform related bodies corporate and third party service providers include those based in Australia, United Kingdom, New Zealand, Vietnam and the Philippines . As part of our processes, personal may be accessed or temporarily hosted in those countries.

Where we disclose data overseas, we take measures to ensure your information is treated in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that personal information (other than when compelled to make disclosure under local laws).

10. Links

The Humanised Platform may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website. Third party websites are responsible for informing you about their own privacy practices and policies. We encourage you to review the privacy policies on any third party websites you visit so that you understand their privacy practices.

11. Access to and Correction of your Personal Information

If you wish to access, verify or correct any of the personal information you have submitted to us, you may do so by using the available facilities on the EH Platform or by contacting us via We will provide you with access to the information which we hold about you and allow corrections to be made to this information unless an exception under the relevant privacy or data protection laws apply.

Our security procedures mean that we may request proof of identity before we provide you with access to personal information.

12. Complaints and Contact

We recognise that privacy is important and we are committed to protecting your personal information and ensuring it is only used in accordance with our privacy policy. Should you have any questions or you would like to raise a concern or complaint about how we have handled your personal information or our compliance with applicable privacy or data protection laws, please email us at

Once we receive a complaint, whether it is in writing or by verbal means, we will endeavour to commence an investigation as soon as practicable. The investigator will endeavour to determine the nature of the issue and how it occurred. We may contact you during the process to seek any further clarification if necessary. We will also contact you to inform you of the outcome of the investigation and where a breach of this privacy policy or the relevant privacy or data protection laws is found we will discuss your concerns and outline options regarding how they can be resolved. (as soon as practicable)

We will aim to ensure that all questions and concerns are resolved in a timely and appropriate manner.

If you are not satisfied with the outcome of your complaint, or require further information on privacy, you are entitled to contact the relevant privacy or data protection regulator in your jurisdiction.

Cookie Policy

1. What are Cookies?

Humanised uses a technology called “cookies” to store session information. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website’s computers and stored on your computer’s hard drive. We use both session ID cookies and persistent cookies. A “session ID cookie” expires when you close your browser. We use session ID cookies to track your session activity on our website. This cookie is only ever transmitted over HTTPS. A “persistent cookie” remains on your hard drive for an extended period of time. We use persistent cookies to determine from where you were referred to our website, as well as the last email address that you used on a form submission. Humanized may set and access Humanised cookies on your computer; cookies are required to use the Humanised website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory. Click here for more information on cookies, including how to disable them. If you disable cookies, you may still use our website, but your ability to use some areas of our website or receive accurate and relevant information may be inhibited.

2. Web Beacons / Gifs

We may from time to time employ a software technology called clear gifs (a.k.a. Web Beacons), that help us better manage content on our website by informing us what content is effective.  Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users.  In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customers’ personal information.

3. Behavioural Targeting / Retargeting

We may from time to time partner with third party ad networks to either display advertising on our websites or to manage our advertising on other websites. Our ad network partners use cookies, Web beacons and other technologies to collect non-personally identifiable information about your activities on this and other websites to provide you targeted advertising based upon your interests.

4. Third Party Cookies and Analytics

When you visit certain sections of our website and/or use our mobile application, third parties may place cookies on your computer’s browser and/or make use of web beacons to collect information.  This information may include things such as your use of the website or mobile application, device and browser information and ad data. The information generated by the cookies and web beacons about your use of the website is transmitted to those third parties.  This information is then used for the purpose of compiling statistical reports to enable us to measure and analyse the number of visits to the site and its pages, the average time spent on the site and the pages viewed; serving targeted advertising to you (including use to target advertising on other sites or applications based on your online activity); providing us with services and enhancing/improving our website, mobile application and the third party’s technology products and services.  To learn more about third-party advertising, and to opt out of certain ad-targeting activities, please visit:,, and

5. Current Third Party Providers
  1. ZoomInfo. We use ZoomInfo to execute our ABM Strategy. Learn more by visiting the ZoomInfo privacy policy page.
  2. Drift. We use Drift as a medium to talk to customers directly on our website and measure the effectiveness of campaigns. For more information on Drift cookies, visit “What is Drift’s Cookie Security and Privacy Policy?”
  3. Facebook. We use Facebook as a medium to talk to customers and to measure effectiveness of campaigns. Visit “Cookies and Other Storage Technologies” for more information.
  4. LinkedIn. We use LinkedIn as a medium to talk to customers and to measure effectiveness of campaigns. Visit LinkedIn for more information.
  5. Facebook Ads. Facebook Ads uses cookies to help us track the effectiveness of our Facebook Ad campaigns. Visit Facebook’s privacy practices to learn more. To opt-out of interest based advertising with Facebook, see About Ads and Your Online Choices.  
  6. LinkedIn Ads. LinkedIn Ads uses cookies to help us track the effectiveness of our LinkedIn Ad campaigns. Learn more at, and to learn how to opt out, visit LinkedIn’s support page.
  7. Quora Ads. Quora Ads uses cookies to help us track the effectiveness of our Quora Ad campaigns. Learn more at, and to learn how to opt out, visit Quora’s support page.
  8. Bing/Microsoft Ads. Bing Ads uses cookies to help us track the effectiveness of our Ad campaigns. Learn more at, and to learn how to opt out, visit Microsoft’s support page. Click here to opt-out of interest based advertising with Microsoft.
  9. Google Adwords (Advertising). Google AdWords uses cookies to help us track the effectiveness of our AdWords campaigns. Learn more at Google’s privacy centre, and see here to learn how they work with third party technologies.
  10. Google Analytics (Analytics). Google Analytics uses cookies to help us analyze how our users use our websites and services. You can find out more about this service and how Google uses your data at 
    1. ;and 
  11. Google Tag Manager. Web traffic tracking. Learn more by visiting the Tag Manager Overview page.  To opt out, visit the Google Analytics support page.
  12. Google Optimise. Optimize utilizes Analytics cookies to target content variants to a user and a content experiment cookie to determine a user’s participation in an experiment. See here to learn more about their privacy policy. 
  13. Capterra. We use Capterra as a medium to get feedback from our customers and measure effectiveness of campaigns. Visit “Cookie Policy” for more information. 
  14. Marketo: We use Marketo to manage registrations on our websites, to collect and store consent, and to send consent-based email communications. We also use Marketo to track web visits if you have registered on our website. Read Marketo’s privacy policy here.
  15. Marketo Munchkin. This cookie is set by Marketo. This allows a website to track visitor behavior on the sites on which the cookie is installed and to link a visitor to the recipient of an email marketing campaign, to measure campaign effectiveness. Tracking is performed anonymously until a user identifies himself by submitting a form. Learn more here. 
  16. Inspectlet. Inspectlet provides website analytics services, including the analysis of activities of visitors to this website.  Inspectlet’s authorised use of cookies and other tracking technologies enable it to have access to personal information of visitors to this website. Visit Inspectlet for more information. Access to and use of personal information is governed by Inspectlet’s Privacy Policy.
  17. Outbrain. Outbrain offers a content marketing service that aims to present users to content that they are interested in, based on their behaviour and preference. The pixel we’ve added helps with attribution and overall performance. Learn more here. 
  18. Twitter. Twitter provides real time updates from across the globe on the latest trending stories, ideas and opinions from the Twitter accounts or hashtags that you choose to follow. We make it easier for you to share our website content over Twitter. At times, we may present you with some ads on Twitter based on your engagement with our website(s). Learn more about how Twitter uses your data here. 
  19. Yahoo. The Yahoo! Dot tag assists is in campaign tracking at attribution to help optimize performance. Learn more here. 
  20. YouTube. We embed videos or insert links to videos from YouTube on our website(s). As a result, when you visit a page with content embedded from or linked to YouTube, you may be presented with cookies from YouTube.
  21.  Zendesk. We embed content and insert links to Zendesk on our website(s). As a result, when you visit a page with content embedded from or linked to Zendesk, you may be presented with cookies from Zendesk.
  22. HotJar. To function properly, Hotjar stores first-party cookies on your browser. Cookies are either set by the Hotjar script, or by visiting Hotjar’s website. HotJar does not sell your information to advertisers, third-party services, or anyone. HotJar cookies are responsible for displaying the correct content to your visitors without personally identifying anyone. 
  23. Fullstory. The FullStory recording script sets a single first-party cookie containing your fs_uid when recording activities on our site. This cookie uses our domain as the host, instead of “,” which is what distinguishes it as a first-party cookie.
  24. Optinmonster (Vendor anonymous data): Optinmonster is a conversion optimization tool that we use to create pop-ups to guide users through our website. It collects anonymised visitor behaviour information such as new and returning visitor data, number of pages visited during a session and how the visitor interacted with the Optinmonster popups. This data is stored in local cookies. For specific marketing campaigns the anonymous data is aggregated and used to evaluate the success of a campaign. The cookies are not used externally with third parties for any purpose. No personally identifiable information is stored but visitors can delete the cookies in their own browser to stop them being used. The Optinmonster privacy policy can be found here. The cookies are:

_omappvp: used for determining new vs. returning visitors

_omappvs: used to determine when a new visitor becomes a returning visitor

om-global-cookie / omGlobalSuccessCookie: used to prevent any future OptinMonster campaigns from showing on your site

om-interaction-cookie / omGlobalInteractionCookie: used to determine if a visitor has interacted with any campaign on your site

om-{id} / om-{campaignSlug}: ;used to determine if a visitor has interacted with a campaign ID of {id} / {campaignSlug} on your site

omSeen-{campaignSlug}: used to determine if a visitor has been shown a campaign by the slug

om-success-{id} / omSuccess-{campaignSlug}: used to determine if a visitor has successfully opted into a campaign with the ID of {id} / {campaignSlug} on your site

om-success-cookie / omSuccessCookie: used to determine if a visitor has successfully opted into any campaign on your site

om-{id}-closed / omSlideClosed-{campaignSlug}: used specifically with slide-in campaigns {id} / {campaignSlug} to determine if it has been closed or not by a visitor

omCountdown-{campaignSlug}-{elementId}: used for countdown elements {elementId} in campaigns {campaignSlug} to determine when it should complete

omSessionStart: used to determine the current session time of the visitor on your site

omSessionPageviews: used to determine the number of pages seen by a visitor during their browsing session on your site.

Data Processing Addendum

1. Definitions and interpretation
  1. In this Data Processing Addendum:

“Affiliates” shall mean any corporation or other business entity controlling, controlled by or under common control with Humanised. We currently do not have any affiliates;

“Applicable Laws” means all laws, regulations, orders, rules, judgments, directives, industry agreements or determinations in force from time to time applicable to a party and relevant to the Agreement or this Data Processing Addendum, including, without limitation European Data Protection Law;

“Customer” means the specific party which has entered into the Agreement with Humanised;

“Customer Personal Data” means Personal Data in respect of which Customer is the Data Controller and Humanised is the Data Processor;

“Data Controller” means the entity which alone or jointly with others determines the purposes and means of Processing of Personal Data;

“Data Processor” means an entity which Processes Personal Data on behalf of a Data Controller;

“Data Subject” has the meaning given to it in European Data Protection Law; 

“EEA” means the European Economic Area;

“European Data Protection Law” means GDPR, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), any national laws or regulations implementing the foregoing Directives, the GDPR  and any amendments to or replacements for such laws and regulations;

“GDPR” in each case to the extent applicable to the processing activities: (i) Regulation (EU) 2016/679; and (ii) Regulation (EU) 2016/679 as amended by any legislation arising out of the withdrawal of the UK from the European Union;

Humanised Technology Solutions (Private) Limited is referred to as “Humanised”, “Humanised Platform”, “we” or “us” in these Terms, which has entered into the Agreement with the Customer for the provision of Services;

“Personal Data” means any information relating to an identified or identifiable natural person and an identifiable natural person is  one  who  can  be  identified,  directly or  indirectly,  in  particular by  reference to  an identifier such as a name, an identification number, location data, an online identifier or  to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

“processing” has the meaning given to it in European Data Protection Law and “process”, “processes” and “processed” will be interpreted accordingly;

“Relevant Country” means all countries other than those (a) within the EEA and (b) countries in respect of which an adequacy finding under Article 25(6) of the European Data Protection Directive or Article 45 of the GDPR has been given; 

“Services” mean services provided by Humanised under the Agreement; 

“Standard Contractual Clauses” means the agreement executed by and between the Customer and Humanised attached hereto as Attachment 1  pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. 

“Sub-Processor” means any entity which is engaged by Humanised or by any other sub-processor of Humanised who receives Customer Personal Data for processing activities to be carried out on behalf of Customer;

  1. In this Data Processing Addendum:

    1. any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms; and
    2. references to Clauses and Schedules are, unless otherwise stated, references to the clauses of, and schedules to, this Data Processing Addendum; and
    3. references to this Data Processing Addendum or any other agreement or document are to this Data Processing Addendum or such other agreement or document as it may be varied, amended, supplemented, restated, renewed, novated or replaced from time to time.
2. Data Processing Terms
  1. The Parties acknowledge that the Customer is the Data Controller and Humanised is a Data Processor of Customer Personal Data. 
  2. This Data Processing Addendum only applies to the processing of Customer Personal Data by Humanised in connection with the Services under the Agreement. The categories of Data Subjects and types of Customer Personal Data processed are set out in  Schedule 1 hereto. Customer Personal Data is processed for the purpose of providing the Services and other purposes as identified in the “processing activities” section of  Schedule 1  hereto.  Humanised  shall process Customer Personal Data for the duration of the Agreement (or longer to the extent permitted by Applicable Law).
  3. Each party warrants that in relation to this Data Processing Addendum, it is compliant with and will remain compliant with all applicable Laws. Customers shall ensure that it has a provided notice to data subjects and that there is a valid lawful basis under European Data Protection Laws for all Customer Personal Data that is disclosed to Humanised in connection with the Agreement for the data processing activities envisaged by the Agreement and this Addendum.
  4. Notwithstanding anything to the contrary in the Agreement, in relation to Customer Personal Data, Humanised shall:

    1. process Customer Personal Data only in accordance with the Customer’s instructions as established in the Agreement or as provided in writing by the Customer from time to time, provided such instructions are reasonable and subject to Humanised’s  right to charge additional sums at its current rates should the scope of the agreed services be exceeded. Notwithstanding the foregoing, Humanised may process Customer Personal Data as required under Applicable Laws. In this situation, Humanised will take reasonable steps to inform the Customer of such a requirement before Humanised processes the data, unless the law prohibits this;
    2. notify Customer immediately, if in Humanised’s opinion, an instruction from the Customer infringes European Data Protection Law;
    3. ensure only its (or its Sub-Processors) personnel who are contractually bound to respect the confidentiality of Customer Personal Data shall have access to the same;
    4. implement appropriate technical and organizational measures to protect against unauthorized or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of Customer Personal Data and having regard to the nature of the Customer Personal Data which is to be protected and shall be as set forth in Schedule 1. Customers acknowledge that Humanised may change the security measures through the adoption of new or enhanced security technologies and authorises Humanised to make such changes provided that they do not materially diminish the level of protection. Humanised shall make information about the most up to date security measures applicable to the Services available at ïnsert security measures
    5. at the Customer’s reasonable request and at the Customer’s cost, taking into account the nature of the processing, assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, to assist with the Customer’s obligation to respond to requests from Data Subjects of Customer Personal Data seeking to exercise their rights under European Data Protection Law (to the extent that the Customer Personal Data is not accessible to the Customer through the Services provided under the Agreement);
    6. at the Customer’s reasonable request and at the Customer’s cost, taking into account the nature of processing and the information available to Humanised, assist the Customer with its obligations under Articles 32 to 36 of the GDPR; and 
    7. upon request by the Customer, delete or return to the Customer any such Customer Personal Data within the agreed period of time after the end of the provision of the Services as set out in the Agreement (or within a reasonable period of time if the Agreement is silent on this point), unless Applicable Laws requires storage of the Customer Personal Data. Unless otherwise provided in the Agreement, Humanised reserves the right to charge for such deletion or return of such Customer Personal Data. Customer acknowledges and agrees that Humanised may use Customer Personal Data for analytics, research, development and product improvement purposes.
    8. The Customer agrees that Humanised may transfer Customer Personal Data or give access to Customer Personal Data to Sub-Processors for the purposes of providing the Services or other purposes identified in the ‘Processing activities’ section of the Appendix to the Agreement, provided that Humanised complies with the provisions of this Clause. Humanised shall remain responsible for its Sub-Processor’s compliance with the obligations of this Data Processing Addendum. Humanised shall ensure that any Sub-Processors to whom Humanised transfers Customer Personal Data enter into written agreements with Humanised requiring that the subcontractor abide by terms no less protective, in any material respect, than this Data Processing Addendum. A current list of Sub-Processors approved as at the date of this Data Processing Addendum is available in the privacy policy. Humanised can at any time and without justification appoint a new Sub-processor provided that the Customer is given fifteen (15) days’ prior written notice and the Customer does not legitimately object to such changes within that timeframe. Legitimate objections must contain reasonable and documented grounds relating to a Sub-processor’s non-compliance with applicable European Data Protection Law. If Humanised is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Customer may terminate the applicable Services which cannot be provided by Humanised without the use of the objected-to new Sub-Processor by providing written notice to Humanised. Humanised will refund Customer any prepaid fees covering the remainder of the term of the Services following the effective date of termination with respect to such terminated Services.
  5. The Customer acknowledges that as part of the Services the Customer Personal Data may be located in or accessed from Australia or another Relevant Country. Where this involves Humanised or its Affiliates, the Standard Contractual Clauses in Attachment 1 of this Data Processing Addendum will apply in addition to the terms of this Data Processing Addendum. For other Sub-Processors based in Relevant Countries, the parties shall take steps to ensure that there is adequate protection for any such transfers of Customer Personal Data as defined in European Data Protection Laws. Where the Standard Contractual Clauses apply, the Customer acknowledges the following:

    1. Instructions: For the purposes of Clause 5(a) of the Standard Contractual Clauses, processing in accordance with the Agreement or as provided in writing by the Customer from time to time (subject to the data importer’s right to charge additional sums at its current rates should the scope of the agreed services be exceeded is deemed to be an instruction by the Customer to process Customer Personal Data);
    2. Sub-Processors: Pursuant to Clause 5(h) of the Standard Contractual Clauses the Customer acknowledges that data importer may engage third party Sub-processors in connection with the provision of the Services and that Humanised shall make available to the Customer the current list of all Sub-processors as set out in Clause 2.5 above. Humanised will notify the Customer of any new Sub-processors engaged by the data importer as set out in Clause 2.5 above;
    3. Copies of Sub-Processor Agreements. The Customer agrees that copies of any Sub-processor agreements that must be provided to the Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have all commercial information or clauses unrelated to the Standard Contractual Clauses or their equivalent removed by the data importer beforehand; and that such copies will be provided by the data importer in a manner to be determined in its discretion, only upon request by the Customer via email
    4. Audits: The Customer agrees that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with Clauses 2.7-2.9 below;
    5. Certification of Deletion: To the extent applicable and required, the parties agree that the certification of deletion of personal data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by the data importer only upon the Customer’s written request via email to; and

Conflict: In the event of any conflict or consistency between the body of this Data Processing Addendum and any of its Schedules (not including the Standard Contractual Clauses) and the Standard Contractual Clauses in Attachment 1, the Standard Contractual Clauses will prevail (unless this would result in the invalidity of this Data Processing Addendum under European Data Protection Laws (in which case the relevant term(s) of this Data Processing Addendum shall prevail).

  1. Humanised shall notify the Customer, without undue delay, if Humanised becomes aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data transmitted, stored or otherwise processed by Humanised (“Security Incident”) and take such steps as the Customer may reasonably require, within the timescales reasonably required by the Customer, to remedy the Security Incident and provide such further information as the Customer may reasonably require. Humanised’s assistance under this Clause 2.6 shall be chargeable, as incurred, at Humanised’s then current rates unless and to the extent that the Customer demonstrates that such assistance is required because of a failure by Humanised to comply with the obligations under this Data Processing Addendum.
  2. Humanised shall audit the security of the computers and computing environment that it uses in processing Customer Personal Data and the physical locations from which it processes Customer Personal Data (including that of its Sub-Processors). This audit: (a) will be performed at least annually; and (b) may be performed by independent third-party security professionals at Humanised’s selection and expense. 
  3. Humanised shall respond, no more frequently than annually, to any reasonable security questionnaire provided by Customer which seeks to assist Customer’s assessment of Humanised’s compliance with the security obligations under this Data Processing Addendum. Such security questionnaires may request copies of any third-party compliance certificates or audit reports (or equivalent) held by Humanised and which may be applicable to the Services. The responses to such questionnaires and any supporting evidence provided by Humanised shall be considered confidential information of Humanised. 
  4. If the Customer desires to change this instruction regarding exercising the audit right or the provision of information in order to demonstrate compliance with Article 28 of the GDPR, then the Customer has the right to change this instruction to the extent so required to ensure compliance, which shall be requested in writing via email to, provided that Humanised shall have no obligation to provide commercially confidential information.
  5. [If the Customer’s request for information or access relates to a sub-processor, or information held by a sub-processor which Humanised cannot provide to the Customer itself,  Humanised will promptly submit a request for additional information in writing to the relevant sub-processor(s). The Customer acknowledges that access to the sub-processor’s premises or to information about the sub-processor’s previous independent audit reports is subject to agreement from the relevant sub-processor, and that Humanised cannot guarantee access to that sub-processor’s premises or audit information at any particular time, or at all].
  6. The parties acknowledge and agree that any liability arising under this Addendum is subject to the liability sections of the Agreement (including as applicable Section 12 and 13 of the Humanised Platform Terms and Conditions and/or Section 7 of the Humanised Payroll Terms and Conditions ).
3. Back to Data Processing Addendum

Categories of data
The personal data transferred concern the following categories of data

This data primarily includes data relevant for HR processing including the following relating to the employee’s role:

  • Name
  • Contact information
  • Date of birth
  • Address
  • Payment token
  • Tax details
  • Signature
  • Employment history
  • Work experience information
  • Probation period
  • Employment duration information
  • Job or position title
  • Business title
  • Job type or code
  • Business site
  • Company/Supervisory
  • Cost center and region affiliation
  • Work schedule and status (full-time or part-time, regular or temporary)
  • J Information on internal project appointments
  • Accomplishment information
  • Training and development information
  • Award information
  • Survey responses
  • Feedback in course of employment
  • Pay/salary
  • Performance targets and development goals
  • Payroll data
  • Pension plan number and contributions
  • Non-salary benefits
  • Compensation
  • Mobile apps usage for purposes such as booking annual leave, logging timesheets, completing surveys, choosing benefits
  • Analytics data
  • Information on dependents and
  • beneficiaries including
  • Name and contact information (including home address; home and work telephone numbers; mobile telephone numbers
  • Date of birth
  • Gender
  • Emergency contacts
  • Beneficiary information
  • Dependent information

Special categories of data
The special categories of personal data transferred concern the following categories of data

This data primarily includes data relevant for HR processing including the following relating to the employee’s role:

  • Ethnicity
  • Religious beliefs
  • Disability information
  • Trade union membership information
  • Medical details such as health status relevant to administration of long-term disability or other medical benefit programs, medical reports, return or work/adjustment reports and workplace injury reports
  • Immigration status
  • Visa status
  • isa details
  • background checks.

This data primarily includes data relevant to the employee’s role.

Processing operations

For the provision of payroll and employment software services by Humanised to the Customer and other purposes related or incidental thereto.


We use a few different third party sub-processors to help us provide our services to you. These sub-processors process data that you input into the services, which may include personal data. Here we’ve set out some info on who these sub-processors are and what services they provide.


ZendeskUSAHelpdesk & Support
SendgridUSAEmail Delivery Service
Amazon Web Services      USACloud hosting, File Storage
TwilioUSASMS messaging
TrelloUSAProject Management
AsanaUSAProject Management
GitHubUSASource control
SisenseUSABusiness Intelligence Software
HubSpotUSAEmail Marketing
Salesforce.comUSACustomer Relationship
Management Software
LogglyUSALog management
LogDNAUSALog management
FivetranUSAETL (extract, transform, load)
Redshift (Amazon)USAData Warehousing
WebScaleAustraliaPayroll Processing
XeroNew Zealand      Payroll Processing
MYOBAustraliaPayroll Processing
Process staff payroll on time accurately with Humanised Payroll.
Leave Coming Soon
Streamline leave management and ensure happier staff and productivity boosts.
Digital Contracts Beta
Valid, compliant HR and employment contracts for Sri Lankan small businesses.
Timesheets Coming Soon
Timesheet uploads to accurately record hours worked, auto-linked to payroll.
Monitor and process expense reimbursements, auto-linked to payroll.
Small Business Guide on 12 Pay Items to Consider in The Payroll Process in Sri Lanka
A full exploration of each pay item to consider when running payroll for your staff.
Run Your Payroll in 5 Seconds Coming Soon
Process your payroll end-to-end from salary calculations to generating your bulk bank transfer file in mere seconds.
Payroll Service Companies in Sri Lanka
A comprehensive list of the island’s payroll service providers including top Chartered Accountancy firms.
Free Contract Templates
A range of HR & employment contract templates for you to download and customize as per your business’s needs.
Digital Contracts in Sri Lanka
A Valid, Legal and Accepted Electronic Document in HR and Business Agreements Locally
Cloud-Based or Desktop Payroll Software
Explore What Best Fits Your Payroll Requirement