Effective Date 05.12.2025
Last Updated 05.12.2025
Privacy Contact info@harmonyats.org
This Privacy Policy explains how HarmonyHR LTD ("HarmonyHR", "we", "us", or "our") collects, uses, discloses, stores, and otherwise processes personal data in connection with HarmonyATS, our cloud software-as-a-service applicant tracking system, and our related business activities. It is intended for business users, website visitors, prospective customers, customers, suppliers, and job applicants to HarmonyHR LTD.
This Privacy Policy covers processing activities for which HarmonyHR LTD acts as a controller, such as our websites, cookies and similar technologies, contact forms, demo requests, sales and marketing activities, event registrations, supplier and customer contact management, billing administration, security and compliance operations, and recruitment for our own hiring needs.
Where a business customer uses HarmonyATS to upload, store, manage, or otherwise process applicant, candidate, employee, contractor, referee, interviewer, or similar workforce-related personal data, HarmonyHR LTD generally processes that personal data as a processor or service provider on behalf of that customer. In those cases, the customer acts as the controller or employer and is primarily responsible for deciding why and how that personal data is processed.
Unless this Privacy Policy states otherwise, the controller of personal data covered by this Privacy Policy is HarmonyHR LTD, incorporated and operating under the laws of Kyrgiz Republic, Register No. 309328-3301-ООО, having its registered office at Imeni Baltagulova st., 27, Bishkek, Kyrgiz Republic.
If you have questions about this Privacy Policy or our privacy practices, you may contact us at info@harmonyats.org.
This Privacy Policy applies to: (a) visits to our websites, landing pages, and online properties that link to this Privacy Policy; (b) requests for demos, meetings, proposals, or other sales communications relating to HarmonyATS; (c) communications with us by email, forms, chat, or other channels; (d) newsletter subscriptions, marketing communications, and event or webinar registrations, where applicable; (e) personal data relating to representatives, users, administrators, billing contacts, and other business contacts of our customers, prospects, suppliers, and partners; (f) recruitment for roles with HarmonyHR LTD; and (g) other controller-side business activities described in this Privacy Policy.
This Privacy Policy should be read together with our HarmonyATS Cookie Notice and, where relevant, the applicable customer-facing terms, data processing documentation, and any supplemental notice made available for a specific event, form, campaign, integration, or recruitment process. This Privacy Policy does not override contractual data protection terms that apply when we act as a processor or service provider for a customer.
We act as a controller when we decide the purposes and means of processing personal data for our own business operations. This includes, for example: (a) operating our websites and related pages; (b) managing cookies and similar technologies, subject to applicable consent rules; (c) responding to contact requests, demo requests, and sales inquiries; (d) sending marketing communications where permitted by law; (e) administering contracts, invoices, and business relationships; (f) managing event or webinar registrations; (g) recruiting and hiring for HarmonyHR LTD; and (h) protecting our business, systems, rights, and users.
When our B2B customers use HarmonyATS to process applicant, candidate, employee, contractor, or related workforce data, HarmonyHR LTD generally acts as a processor or service provider on behalf of those customers. In that context: (a) our customer is typically the controller or employer; (b) the customer determines the purposes and means of processing that data in HarmonyATS; (c) we process the data only to provide the HarmonyATS services, support, security, maintenance, troubleshooting, administration, and related services in accordance with our contract with the customer and applicable law; and (d) questions or requests from applicants, candidates, employees, or other workforce-related individuals should generally be directed first to the relevant customer or employer that collected the data.
This Privacy Policy does not replace our customers’ own privacy notices, internal employment notices, or our data processing addendum. If your personal data was submitted to HarmonyATS by or on behalf of one of our customers, that customer’s privacy notice and instructions will generally govern how the data is used, and our processing of that data will be governed by the applicable services agreement and data processing addendum.
We may process information such as IP address, browser type, device type, operating system, approximate location derived from IP, referral URLs, language preferences, cookie identifiers, other online identifiers, and information about how you interact with our websites or communications. Under applicable law, certain online identifiers, cookie IDs, and similar data may constitute personal data.
We may process names, business email addresses, phone numbers, company names, job titles, communication preferences, correspondence contents, meeting notes, requests, and other information you choose to provide when contacting us or interacting with our sales or support teams.
We may process information relating to prospect and customer accounts, such as company details, subscription inquiries, product interests, proposal and contract information, onboarding details, service-related communications, and the names and business contact details of customer users, administrators, managers, procurement contacts, and billing contacts.
Where applicable, we may process newsletter subscription details, event or webinar registration information, attendance information, survey responses, preferences, and records of marketing interactions.
We may process business contact information and related communications for suppliers, advisors, partners, consultants, contractors, and other third parties with whom we do business.
We may process billing contact details, invoicing details, payment status information, contract administration records, and limited financial or transaction-related information necessary to administer contracts and receive payment. Independent payment providers may process payment data under their own terms and privacy notices.
If you apply for a role with HarmonyHR LTD, we may process information contained in your application or otherwise provided during the recruitment process, such as your name, contact details, CV or resume, cover letter, employment history, qualifications, interview notes, references, compensation expectations, right-to-work information, and any other information you choose to provide. We may also process information generated during the recruitment process, such as assessment results, scheduling details, interviewer feedback, and hiring decisions.
We may process records needed to maintain security, prevent fraud or misuse, investigate incidents, enforce our agreements, protect legal rights, comply with legal obligations, and manage complaints or disputes.
For example, when you fill in a form, request a demo, contact us, subscribe to updates, attend an event, sign a contract, submit an invoice, or apply for a job.
If you are an employee, representative, recruiter, administrator, user, procurement contact, or billing contact of one of our customers, prospects, suppliers, or partners, we may receive your business contact details and related information from your organization.
We and our service providers may collect data through cookies, logs, pixels, scripts, software development kits, and similar technologies, subject to applicable law and consent requirements.
We may receive business-related contact data and professional information from public websites, professional networking platforms, event organizers, referral sources, marketing or lead-generation partners, business data enrichment providers used for B2B sales and account development, recruitment platforms, and reference or background sources where lawful and relevant.
We process website and device data to operate, secure, troubleshoot, test, maintain, and improve our websites, forms, and online services, including to monitor performance and prevent abuse. Legal basis: our legitimate interests in operating and securing our business and digital properties; where required by law, consent for non-essential cookies or similar technologies.
We process contact and communications data to respond to messages, schedule meetings, provide requested materials, and manage ongoing business communications. Legal basis: our legitimate interests in communicating with prospective and existing business contacts; and, where relevant, taking steps at your request prior to entering into a contract.
We process business contact, account administration, and billing-related data to evaluate opportunities, negotiate and manage contracts, onboard customers, administer services, provide support, manage renewals, issue invoices, collect payments, and maintain business records. Legal basis: performance of a contract; taking steps at your request before entering into a contract; and our legitimate interests in operating and administering our business relationships.
We process personal data to send product updates, newsletters, invitations, and other marketing communications where permitted by law. Legal basis: consent where required by law; otherwise our legitimate interests in promoting and growing our business and maintaining relevant business relationships. You may opt out at any time as described in Section 12.
If we organize or participate in events or webinars, we may process registration details, attendance information, follow-up communications, and, where applicable and lawful, recordings or related materials. Legal basis: our legitimate interests in running business events and following up with participants; consent where required by law for specific recordings, promotional use, or electronic marketing.
We process personal data relating to supplier, advisor, contractor, and partner contacts to evaluate, contract with, and manage third-party business relationships. Legal basis: performance of a contract; taking steps prior to entering into a contract; and our legitimate interests in operating our business.
We process recruitment data to assess candidates, communicate during the hiring process, verify information, manage interviews, make hiring decisions, establish or defend legal claims, and maintain recruitment records. Legal basis: taking steps at the request of the applicant prior to entering into an employment or contractor arrangement; compliance with legal obligations; our legitimate interests in recruiting suitable personnel; and consent where required or where an applicant voluntarily provides certain information for optional future opportunities.
We may process personal data to comply with applicable laws, regulations, court orders, lawful requests, tax and accounting requirements, sanctions or anti-fraud checks, and to establish, exercise, or defend legal claims. Legal basis: compliance with legal obligations; and our legitimate interests in protecting our rights, business, systems, and stakeholders.
We may process and disclose personal data in connection with actual or proposed mergers, acquisitions, investments, reorganizations, financings, asset sales, or similar transactions. Legal basis: our legitimate interests in carrying out corporate transactions and business planning; and, where applicable, compliance with legal obligations.
Where permitted by applicable law, we may create aggregated, anonymized, or de-identified information that no longer identifies you and use it for analytics, service administration, security, reporting, product development, and business improvement purposes. Such information is not used to identify you.
6.1 We may use cookies, pixels, tags, scripts, software development kits, local storage, and similar technologies on our websites, emails, or online services for purposes such as site functionality, security, fraud prevention, analytics, personalization, and marketing, subject to applicable law.
6.2 Certain information collected through these technologies, including cookie identifiers, IP addresses, device identifiers, and interaction data, may be personal data under GDPR, UK GDPR, or other applicable law.
6.3 Where required by law, we will request your consent before placing or using non-essential cookies or similar technologies. Essential technologies may be used without consent where permitted by law because they are necessary for the operation, security, or requested functionality of the website.
6.4 For more detailed information, please see our HarmonyATS Cookie Notice and the cookie settings or consent tool made available on the relevant website or online property.
7.1 We may disclose personal data to the following categories of recipients, to the extent reasonably necessary for the purposes described in this Privacy Policy: providers of hosting, infrastructure, website management, analytics, communications, customer relationship management, scheduling, marketing automation, event or webinar tools, recruitment administration, payment administration, document management, professional services, security services, and other operational support services.
7.2 We may also disclose personal data to lawyers, accountants, auditors, insurers, banks, payment processors, and other professional advisors where necessary for legal, financial, compliance, security, or operational purposes.
7.3 Where relevant to our business operations, we may disclose personal data to our current or future affiliates, group companies, contractors, consultants, and business counterparties, including customers, prospects, suppliers, implementation partners, resellers, referral partners, and other organizations where disclosure is reasonably necessary to manage the relevant relationship.
7.4 We may disclose personal data to courts, regulators, law enforcement, tax authorities, supervisory authorities, sanctions or export-control authorities, and other third parties where we are required or permitted to do so by law, legal process, contractual necessity, or to protect rights, safety, security, or property.
7.5 We may disclose personal data in connection with actual or contemplated corporate transactions, including to acquirers, investors, lenders, financing sources, and transaction advisors, subject to appropriate confidentiality measures.
7.6 In providing our business operations and, where applicable, our services, we may engage and replace service providers, processors, and subprocessors from time to time as our business, legal, operational, security, and technical needs evolve. We do not undertake in this Privacy Policy to maintain a separate public subprocessor list, except to the extent such disclosure is required by applicable law or by a specific customer contract.
7.7 We require service providers, processors, and subprocessors engaged by us to handle personal data subject to appropriate confidentiality, security, and data protection obligations appropriate to the nature of the services they provide.
8.1 HarmonyHR LTD is incorporated in the Kyrgiz Republic, and we or our service providers may process personal data in the Kyrgiz Republic and in other countries where we or our service providers operate.
8.2 Where personal data is transferred outside the European Economic Area, the United Kingdom, or another jurisdiction with applicable transfer restrictions, we will implement a lawful transfer mechanism where required. Depending on the circumstances, this may include the European Commission Standard Contractual Clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, an adequacy decision or adequacy regulations, or another lawful mechanism recognized under applicable law.
8.3 You may contact us at info@harmonyats.org to request more information about the safeguards we use for relevant international transfers, where required by law.
9.1 We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain business relationships, comply with legal obligations, resolve disputes, enforce agreements, and protect our rights.
9.2 The exact retention period depends on the type of data, the context in which it was collected, the sensitivity of the data, applicable legal requirements, limitation periods, and operational necessity.
9.3 By category, we generally apply the following retention logic: (a) website logs, analytics data, and similar technical records are typically retained for up to 12 months unless a longer period is reasonably required for security, abuse prevention, troubleshooting, or legal reasons; (b) contact inquiries and sales records are typically retained for up to 36 months after the last meaningful interaction unless a longer period is justified by an ongoing relationship, dispute, or legal need; (c) customer and supplier contract, account, billing, and transaction records are retained for the contract term and for 7 years thereafter, or longer where required by applicable law, tax, accounting, audit, or dispute-management requirements; (d) marketing subscription and preference records are retained until you opt out, withdraw consent, or for up to 36 months after the last meaningful interaction, and suppression records may be retained for as long as necessary to honor opt-out requests and maintain compliance records; (e) event and webinar records are typically retained for up to 24 months after the relevant event unless a longer period is justified by follow-up, legal, or compliance needs; (f) recruitment records relating to HarmonyHR LTD’s own hiring are typically retained for up to 24 months after the relevant recruitment process closes unless a longer period is required or permitted by law or based on consent for future opportunities; and (g) security, fraud, and incident records are typically retained for up to 36 months, and longer where reasonably required for investigation, legal proceedings, or compliance.
9.4 If personal data is no longer required, we will delete, anonymize, or securely isolate it in accordance with our retention practices and applicable law.
9.5 Customer data processed by us as processor within HarmonyATS is retained in accordance with our agreements with the relevant customer, that customer’s instructions, our standard deletion and backup processes, and applicable law, including any agreed export and deletion periods after termination of services.
10.1 We maintain reasonable and appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
10.2 These measures are designed with regard to the nature of the personal data processed, the risks presented by the processing, the state of the art, implementation costs, and the context and purposes of processing. However, no method of transmission, storage, or security control can guarantee absolute security.
10.3 Where HarmonyHR LTD processes customer data in HarmonyATS as a processor or service provider, our security commitments are governed primarily by the applicable customer contract, data processing addendum, and related security documentation.
10.4 We may update our security practices and related operational measures from time to time, provided that the overall level of protection is not materially degraded for the relevant processing context.
11.1 Subject to applicable law and relevant conditions or limitations, you may have rights of access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent where processing is based on consent.
11.2 You may also have the right to lodge a complaint with the supervisory authority in the country where you live, work, or where an alleged infringement occurred, including in the United Kingdom or an EU/EEA member state where applicable.
11.3 To exercise your rights, please contact us at info@harmonyats.org. We may request information necessary to verify your identity and process your request lawfully and securely.
11.4 If your personal data is contained in a HarmonyATS account operated by one of our customers, you should usually direct your request to that customer or employer first, because that organization is generally the controller for that data. We may assist our customer in responding where required by contract or law.
12.1 We may send you marketing or promotional communications where permitted by applicable law and, where required, based on your consent.
12.2 You may opt out of marketing emails at any time by using the unsubscribe link in the communication or by contacting us at info@harmonyats.org.
12.3 Even if you opt out of marketing communications, we may still send you non-promotional communications where necessary, such as service-related messages, transactional notices, legal notices, security updates, billing or contract communications, or responses to requests you have made.
12.4 We may maintain suppression records for as long as reasonably necessary to ensure that your opt-out preferences are respected and to maintain compliance records.
13.1 If you believe that our processing of your personal data infringes applicable data protection law, we encourage you to contact us first at info@harmonyats.org so that we can try to address your concerns.
13.2 You also have the right to lodge a complaint with a competent supervisory authority. For example, if UK GDPR applies to the relevant processing, you may have the right to complain to the UK Information Commissioner’s Office. If GDPR applies, you may have the right to complain to a supervisory authority in the EU or EEA member state of your habitual residence, place of work, or the place of the alleged infringement.
14.1 HarmonyATS and our websites are intended for business use and are not directed to children. We do not knowingly collect personal data directly from children through our controller-side activities. If you believe that a child has provided personal data to us inappropriately, please contact us at info@harmonyats.org so that we can take appropriate steps.
15.1 Our websites, communications, or services may contain links to third-party websites, plug-ins, or services. This Privacy Policy does not apply to the privacy practices of third parties, and we encourage you to review their privacy notices separately.
15.2 Where our websites or communications include embedded content, integrations, or third-party tools, those providers may collect information in accordance with their own notices and settings.
16.1 We may update this Privacy Policy from time to time to reflect changes in law, regulation, guidance, our processing activities, our products or services, our service providers, or our business operations.
16.2 When we make changes, we will update the "Last Updated" date above and, where required by law, provide additional notice by appropriate means, such as a website notice, account notice, email, or other communication.
16.3 The most current version of this Privacy Policy will be made available on the relevant HarmonyATS website or online property where this Privacy Policy is published.
17.1 If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise your rights where applicable, please contact: HarmonyHR LTD, Imeni Baltagulova st., 27, Bishkek, Kyrgiz Republic, Email: info@harmonyats.org.