Commitment to GDPR

At BizMerlinHR, we optimize business value from our products and services by adhering to necessary standards and policies. Our cloud ecosystem is capable of providing a robust and scalable structure for safe processing of your, and your customer’s data and we extend this to all our customers even outside the EU.

Our comprehensive GDPR program is supported by key privacy principles — Accountability, Privacy by Design and Default, Data Minimization, Subject Access Rights, among others.  Below are some aspects of the GDPR program at BizMerlinHR, and how our products support customers in meeting their compliance obligations.

Data collection, storage & processing

What does this mean? The organization must collect data only for the purpose it’s needed for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.

How does BizMerlinHR handle this? 

BizMerlinHR provides the convenience of enforcing your company’s defined limitations/policies through the product itself. Eg: Assistance with restriction of the use of data by turning ON/OFF certain product features.
All such requests must be made to Upon verification of the relevance and feasibility of the request, appropriate steps will be taken to fulfill the request.

Data minimization

What does this mean? Organizations must only process the personal data that they need to achieve its processing purposes.

How does BizMerlinHR handle this? 

BizMerlinHR is committed to ensuring that data collected for one purpose cannot be repurposed without further consent.

Right to rectification

What does this mean? The accuracy of personal data is integral to data protection. The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete. Individuals have the right to request that inaccurate or incomplete data be erased or rectified within 30 days.

How does BizMerlinHR handle this?

If our customer reaches out requesting the correction of their data, our products provide you the flexibility to meet this request via features within the product.

Right to portability

What does this mean? Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format. They have the right to transmit this data to another vendor/company of their choice without hindrance from the existing vendor/company.

How does BizMerlinHR handle this?

Our products directly assist our customer’s need to meet ‘right to portability’ requests from their customers. The‘customer’ data can be exported from the product by users who have appropriate access rights. For additional requests on obtaining existing data, reach out to

Limitation to storage

What does this mean? To ensure compliance, organizations must have control over the storage and movement of data. This includes implementing and enforcing data retention policies and not allowing data to be stored in multiple places.

How does BizMerlinHR handle this?

We offer the flexibility of controlling access/permissions, thus enabling unauthorized access and protection of sensitive data.

Right to be forgotten

What does this mean? Data subjects can request the erasure of all personal data concerning them. And, the company/business has the obligation to erase all personal data of that individual without undue delay.

How does BizMerlinHR handle this?

BizMerlinHR is committed to responding to our customers request the for the permanent erasure of an individual’s data from within the product.

Confidential and secure

What does this mean? The GDPR states that personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures”

How does BizMerlinHR handle this?

BizMerlinHR regularly evaluates enforcement of – security policies, utilization of dynamic access controls, identity verification of those accessing data, and implementation of protection mechanisms against a data breach. Relevant certifications include SOC II compliance. Read more about our security policies here

Accountability and liability

What does this mean? Organizations must be able to demonstrate to governing bodies that they have taken the necessary steps to protect an individual’s personal data. Be sure every step within the GDPR strategy can be pulled up as evidence

How does BizMerlinHR handle this?

BizMerlinHR maintains an audit trail to enable you to provide evidence of appropriate actions taken on an individual’s request.

Also, read our Data Processing Addendum

And find here our list of sub-Processors.