GDPR Compliance – LeSoft Fox HR

GDPR Compliance – LeSoft Fox HR 

At LeSoft, we are committed to protecting employee and candidate personal data managed through Fox HR. GDPR serves as our global standard for privacy and security practices, reinforcing our core principles of data minimization, transparency, and accountability. 

What is GDPR? 

The General Data Protection Regulation (GDPR) is a comprehensive EU law that governs the processing of personal data of individuals within the EU and EEA. It strengthens data rights and imposes strict obligations on organizations that collect, process, or store personal data. 

How Fox HR Ensures GDPR Compliance 

Data Minimization & Purpose Limitation 

We only process personal data necessary for HR functions such as recruitment, onboarding, payroll, and performance management. We never use personal information for secondary purposes without clear consent. 

Data Inventory & Access Control 

A central Information Asset Register (IAR) tracks what data is collected, where it’s stored, who can access it, and under what legal basis (e.g., employment contract, legal obligation, legitimate interest). 

Security & Encryption 

Fox HR encrypts personal data at rest and in transit using AES-256 and TLS 1.2/1.3. Our systems are designed with privacy by design and default, ensuring only the minimum necessary data is accessible based on user roles. 

Role of Data Controller and Processor 

LeSoft acts as both a data controller (for internal HR data) and a processor (when handling client HR data). We offer Data Processing Agreements (DPAs) to help our customers meet their obligations. 

Subprocessor Compliance 

All third-party subprocessors (e.g., for payroll or analytics) are assessed for GDPR readiness and contractual safeguards are in place, including Standard Contractual Clauses (SCCs). 

Breach Notification 

We maintain an internal Privacy Incident Response Policy. In the event of a personal data breach, affected clients will be notified within 72 hours, in line with GDPR Article 33. 

Data Subject Rights Support 

Fox HR enables customers to support GDPR rights, including: 

• Right to access 

• Right to rectification 

• Right to erasure (“right to be forgotten”) 

• Right to data portability 

Requests can be initiated directly through the platform or with support from our privacy team. 

DPIAs and Audits 

We regularly conduct Data Protection Impact Assessments (DPIAs) and internal audits across HR modules to identify and mitigate privacy risks associated with sensitive employee data. 

Legal Basis for Data Processing 

Fox HR processes employment data based on: 

• Performance of a contract 

• Legal obligations (e.g., tax records) 

• Legitimate interests (e.g., workforce analytics) 

• Consent, where applicable (e.g., optional surveys or biometric time logging) 

FAQs 

1. What types of employment data does Fox HR process?
   Includes identifiers, contact info, job history, payroll details, attendance logs, and in some cases, sensitive categories like health or biometrics. 
2. Who can access employee data?
   Access is strictly role-based—only authorized HR admins and managers may view specific categories of personal data. 
3. Can LeSoft help me sign a DPA?
   Yes. Organization admins can request a customized Data Processing Addendum by contacting our legal team at: [email protected]. 
4. Where can I learn more about LeSoft’s GDPR practices?
   Visit https://lesoft.com/privacy-policy/  or reach out to our Data Protection Officer.