Effective starting: May 1st2021
Welcome to MY Scorecard
MY Scorecard is committed to protecting the confidentiality of information and privacy of our clients and other users of our websites and services.
All organisations that process personal data are required to comply with data protection legislation. The Data Protection Laws give individuals (known as 'data subjects') certain rights over their personal data whilst imposing
certain obligations on the organisations that process their data.
MY Scorecard considers your right to privacy and the careful handling of your personal data to be extremely important. We make every effort to ensure that the information you provide us with remains private and is only used strictly
in accordance with the policy detailed below.
into account new laws and technology, changes to our operations and practices and to make sure it remains appropriate to the changing environment. Any information we hold will be governed by the most current version of the
What this policy covers
Throughout this policy the following terms have the following meanings :
- Consent : means any freely given, specific, informed and unambiguous indication of an individual's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing
of personal data relating to him or her.
- Data Controller : means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data Processor : means an individual or organisation which processes personal data on behalf of the data controller.
- Personal Data : means any information relating to an individual who can be identified, such as by a name, an identification number, location data or an online identifier. Please refer to the section below regarding
what comprise "personal data" within the scope of MY Scorecard's services.
- Personal Data Breach : means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
- Processing : means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Profiling : means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects
concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Service : means the my-scorecard.com website operated by MY Scorecard.
- Usage Data : is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
- Cookies : are small files stored on your device (computer or mobile device).
- Data Subject : is any living individual who is the subject of Personal Data.
- The User : is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
What Information We Collect About You ?
In order to carry out our business as HR Performance Management System application provider, MY Scorecard may collect your personal information from you, including Information you provide to us.
Account & Contact Data : When you register on our website to use or download one of our products, or to subscribe to one of our services (MY Scorecard Online, Free Trial, MY Scorecard Mobile Apps, MY Scorecard Dex,
MY Scorecard Management, etc), or fill in one of our contact forms, you voluntarily give us certain information. This typically includes your name, Company name, city, industry category, email address, and sometimes your phone
number, postal address (when an invoice or delivery is required), and your business sector as well as a personal password. We never record or store credit card information from our customers, and always rely on trusted third-party
PCI-DSS-compliant payment processors for credit card processing, including for recurring payment processing.
Browser Data : When you visit our website and access our online services, we detect and store your browser language and geolocation in order to customize your experience according to your country and preferred language.
Our servers also passively record a summary of the information sent by your browser for statistical, security and legal purposes your IP address, the time and date of your visit, your browser version and platform, and the web
page that referred you to our website.
Content You Provide Through Our Websites : The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites
operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events. including but not limited
to your name, account and profile Information, contact details, qualifications, work history, your right to work in a particular country, language skills, professional qualifications and memberships, your work objectives and
other information from attachments.
Information You Provide Through Our Support Channels : The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate
yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you
are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment Information : We collect payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration.
You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
How does MY Scorecard collect your data ?
In most cases, MY Scorecard collects personal data directly from you by telephone, email or via our website, mobile app and desktop app. For example, data will be collected from you when you:
- Supply an application form.
- Fill out and submit a registration form.
- Submit any other information in connection with your application for registration.
- Directly or indirectly supply information to your Company to be registered on MYSC Application.
To the extent that you access our website or read or click on an email from us, we may also collect certain data automatically or through you providing it to us, such as a browser cookie.
MY Scorecard requires you to provide signed consent (including digital signing) to enable us to collect personal data from you or third parties. Such consent should only be given after you have read and understood this Privacy
How we use the information ?
The reason that MY Scorecard uses your personal information is so that we can provide you with our services by managing your tasks or projects related to your role. We use your personal information so that we can understand your
skills, experience and qualifications. More specifically, MY Scorecard may use your information for the following reasons :
- To provide you and/or your employer with your personal report.
- To inform you and/or employer about any relevant industry developments.
- To send you details of any events or promotions.
- To maintain and promote MY Scorecard's business relationships.
- To be able to use MY Scorecard application.
Our Legal Bases For Processing Your Data
MY Scorecard processes personal data in relation to its own staff and candidates and is a data controller for the purposes of the Data Protection Laws. MY Scorecard will only process personal data where it has a legal basis for
MY Scorecard requires that you give your consent to the processing of your personal data in relation to MY Scorecard's services and application. We believe this explicit consent is essential for both MY Scorecard and you to ensure
both parties clearly understand their rights and the intentions of all involved in the consultation process. This basis for processing is in accordance with Article 6(1)(a) of the GDPR, which states "you have given consent
to the processing of his/her personal data for one or more specific purposes".
As a HR Performance Management System application provider, it is in both MY Scorecard's interest and yours, as a user of Services, for MY Scorecard to process your information in order to provide you with the most effective
and efficient service. This basis for processing is in accordance with Article 6(1)(f) of the GDPR, which states "processing is necessary for the purposes of the legitimate interests pursued by MY Scorecard or by a third
party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data".
Whilst MY Scorecard does not require a formal contract to be signed by you, the user, we believe that there is an agreement between you and MY Scorecard for MY Scorecard to provide you with services. This agreement is made explicit
after you provide MY Scorecard with your personal information for the purposes of MY Scorecard providing you with services and after you provide your consent for MY Scorecard to hold and process your information. As such, in
accordance with Article 6(1)(b) of the GDPR, MY Scorecard processes your personal information "for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering into
Disclosure of Personal Data
MY Scorecard may disclose your personal data to third parties :
- To a professional association or registration body that has a legitimate interest in the disclosure of your personal and sensitive information.
- In order to comply with any requests from regulatory or law enforcement authorities to release such personal data if they so require.
- To share your information with other consultants within the MY Scorecard for the purposes of providing you with services in other locations.
- To utilise third party service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants
carrying out testing and development work on our IT systems) where we have an appropriate processing agreements (or similar protections) in place.
- Third party outsourced IT and document storage providers where we have an appropriate processing agreements (or similar protections) in place.
- Marketing technology platforms and suppliers.
- If MY Scorecard or its business merges with or is acquired by another business or Company, we may share personal information with the new owners of the business or Company. You would be sent notice of such event.
- To enhance our HR Performance Management System service.
Management and Security of Personal Data
MY Scorecard takes the responsibility of the management and security of your personal data extremely seriously. And in accordance with the General Data Protection Regulation, MY Scorecard, acting as a data controller and data processor,
follows the key principles of data protection. These require that personal data be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and kept up to date, every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept for no longer than is necessary for the purposes for which the personal data are processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical
or organizational measures, and that
- MY Scorecard shall be responsible for, and be able to demonstrate, compliance with the principles.
MY Scorecard will retain your personal data during the period that you and/or employer are our user wishing to use our services. Our relationship with you as a user may continue for several years but at any time, should you wish
for your data to be erased, MY Scorecard will act promptly to delete your data from all of our databases in a timely manner, with approval of your employer.
Our aim is to make sure that the personal information that we hold is accurate and up to date. We realise that information changes frequently with changes in personal circumstances. Should your details change, please contact your
employer to inform them. If you and/or your employer have created a profile with MY Scorecard through our website or apps, then you and/or your employer are able to update your personal information whenever you want. In order
to do this, log into your profile and edit the information you have submitted.
Aggregate Information About Website Visitors
MY Scorecard gathers statistics about all visitors to our websites worldwide. We only use such data in aggregate so that the information we gather does not identify individual behaviour. We use such information to monitor the most
effective parts of our websites in order for us to be able to improve our online offering for the benefit of our users.
A cookie is a simple text file that is stored on your computer or mobile device by a website's server. Each cookie is unique to your web browser. It will contain some anonymous information, such as a unique identifier and the site
MY Scorecard also uses 'analytical' cookies in order to enable us to improve the way our website functions, for example, by making sure users are able to find what they need easily.
When you visit MY Scorecard's website, upon your consent, we will access your browser cookies. We use them to remember your login details, to track overall web traffic and to access information in cache about your session in order
to assist you in the use of our website. Information such as your last search will be cached. However, this kind of information will be deleted each time you close your web browser. Most browsers will allow you to block access
to your cookies. However, by blocking MY Scorecard's access to your cookies, your use of our websites will be restricted.
Your Rights Under GDPR (General Data Protection Regulation)
Under GDPR, the data subject has certain important rights. These include (but are not limited to) the following :
1. The Right for Access to Data and Data Portability
- You have the right to receive your personal data, which you have provided to us previously, in a structured, commonly used and machine-readable format. Further you have the right to request us to transmit your personal
data to another data controller in circumstances where:
- The processing is based on your consent or a contract.
- The processing is carried out by automated means.
- Where feasible, MY Scorecard will send the personal data to a named third party upon your request.
2. The Right to Have Data Rectified
You may request MY Scorecard to rectify any inaccurate or incomplete personal data concerning yourself, with approval of your employer. If MY Scorecard has given your personal data to any third parties we will tell those third
parties that we have received a request to rectify your personal data unless this proves impossible or involves disproportionate effort. Those third parties should also rectify the personal data they hold. However, MY Scorecard
is not in a position to audit those third parties to ensure that the rectification has occurred.
3. The Right to Be Forgotten
- This refers to your right to have your personal data completely deleted from our database, including from any third parties who may have access to that data. Further, the request to "be forgotten" must be as easy as it
was to give consent, with approval of your employer.
- You may request, at any time, to have your personal data deleted completely from all MY Scorecard's databases. Upon receipt of such a request, we will ask you whether you want your personal data to be removed entirely or
whether you are happy for your details to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose data has been
erased completely so you may be contacted again by MY Scorecard should we come into possession of your personal data at a later date.
- If MY Scorecard has given the personal data to any third parties, it will tell those third parties that we have received a request to erase the personal data, unless this proves impossible or involves disproportionate effort,
with approval of your employer. Those third parties should also rectify the personal data they hold. However, MY Scorecard is not in a position to audit those third parties to ensure that the rectification has occurred.
- It should be noted that where there are legal requirements for MY Scorecard to store data for a certain period of time, related to our business, which includes elements of your personal data, we will not be able to delete
that data until after the statutory retention period.
4. The Right to Restrict The Processing of Your Data
- You have the right to ask MY Scorecard to restrict its processing of your personal data where :
- You challenge the accuracy of the personal data we are storing.
- The processing is unlawful but you oppose its erasure.
- MY Scorecard no longer needs your personal data for the purposes of the processing, but your personal data is required for the establishment, exercise or defence of legal claims.
- You have objected to processing (on the grounds of a public interest or legitimate interest) pending the verification of whether the legitimate grounds of MY Scorecard override those of the individual.
- If MY Scorecard has given your personal data to any third parties we will tell those third parties that we have received a request to restrict the personal data, unless this proves impossible or involves disproportionate
effort. Those third parties should also rectify the personal data they hold. However, MY Scorecard is not in a position to audit those third parties to ensure that the rectification has occurred.
5. The Right to Lodge a Complaint
- You have the right to object to your personal data being processed based on a public interest or a legitimate interest. You also can object to the profiling of your data based on a public interest or a legitimate interest.
- Upon receiving a claim from you and/or your employer, MY Scorecard shall cease processing unless it has compelling legitimate grounds to continue to process the personal data which override the individual's interests, rights
and freedoms or for the establishment, exercise or defence of legal claims.
- You also have the right to object to your personal data being used for direct marketing
6. The Right to Object to Automated Decision Making
- MY Scorecard will not subject individuals to decisions based on automated processing that produce a legal effect or a similarly significant effect on the individual, except where the automated decision :
- Is necessary for the entering into or performance of a contract between the data controller and the individual.
- Is authorised by law.
- The individual has given their explicit consent.
- MY Scorecard will not carry out any automated decision-making or profiling using the personal data of a child.
7. Enforcement of Rights
All requests regarding individual rights should be sent to the contact detail listed at the bottom of this policy document. MY Scorecard shall act upon any data subject access request, or any request relating to rectification,
erasure, restriction, data portability or objection or automated decision making processes or profiling within one month of receipt of the request. MY Scorecard may extend this period for two further months where necessary,
taking into account the complexity and the number of requests.
Where MY Scorecard considers that a request is manifestly unfounded or excessive due to the request's repetitive nature then we may either refuse to act upon the request or may charge a reasonable fee, taking into account the administrative
How to Access and Control Your Information ?
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
Your Choices or Your Employer Choices : You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your
information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using
settings available within the Services or your account. Where the Services are administered for you by an administrator see "Notice to End Users" below, you may need to contact your administrator to assist with your requests
first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by
law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly
to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your
rights were infringed.
Access and Update Your Information : Our Services and related documentation see my-scorecard.com on “Tutorial Video” give you the ability to access and update certain information about you from within the Service. For example,
you can access your profile information from your account and search for content containing information about you using key word searches in the Service. You can update your profile information within your profile settings
and modify content that contains information about you using the editing tools associated with that content.
Deactivate Your Account : If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in
your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact the appropriate support team (email@example.com).
Please be aware that deactivating your account does not delete your information, your information remains visible to other Service users based on your past participation within the Services.
Delete Your Information : Our Services and related documentation (see my-scorecard.com website) give you the ability to delete certain information about you from within the Service. For example, you can remove content that
contains information about you using the key word search and editing tools associated with that content, and you can remove certain profile information within your profile settings. Please note, however, that we may need to
retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request That We Stop Using Your Information : In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For
example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to
use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information
for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue
using your information, we will restrict any further use of your information until the request is honoured or the dispute is resolved, provided your administrator does not object (where applicable).
How We Transfer Information We collect internationally ?
MY Scorecard is an international Company, headquartered in Indonesia. Our databases are located in Indonesia, upon receipt of your personal information, it will be transferred quickly (and securely) to our systems hosted in Indonesia.
Further, in order to ensure that your data is secure, when we transfer data outside of Indonesia, we will only transfer to those locations where the target location is compliant with data protection legislation and by means
of transfer which have adequate safeguards applied.
Implementation of Policy
This Policy shall be deemed effective as of 1st May 2021. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
You can contact our Support Team at firstname.lastname@example.org or at the following address.