MACH-HR
MACH-HR
Sign Up
Login
Effective Date
February 3, 2026
Last Updated
April 26, 2026

MACH-HR Privacy Notice and Data Protection Policy

This policy explains how we collect, use, protect, and share personal information when providing our HR management platform to Nigerian businesses and their employees.

Quick Navigation

Introduction Information We Collect How We Use Your Data How We Protect Your Data Who We Share Data With Monitoring Technologies Data Retention Your Rights Policy Updates Refund Policy Contact Us

Important: MACH-HR is a business-to-business (B2B) platform. Your employer (the Subscribing Organization) controls what data is collected about you and how it is used. If you have questions about your personal data, your first point of contact is your employer's HR department.

1. Introduction

Machi Kunzult Ltd (“we,” “our,” or “us”) operates MACH-HR, a cloud-based Human Resource Management System (HRMS). We provide this platform to Nigerian businesses (“Subscribing Organizations”) who use it to manage their workforce.

In this relationship, your employer is the data controller — they decide what information is collected about you and why. We are the data processor— we provide the technology that enables them to do so, and we handle your data strictly according to their instructions.

MACH-HR covers payroll processing (fully compliant with Nigeria Tax Act 2025), attendance and location tracking, leave management, performance reviews, misconduct management, recruitment, salary management, loans, benefits, financial accounting, invoicing, document management, training, expense management, asset and inventory management, real-time communication, and AI-powered HR assistance — over 38 modules in total.

This policy is governed by the Nigeria Data Protection Act (NDPA) 2023. If you have any concerns about how your data is being used, please contact your employer's HR department in the first instance.

2. Information We Collect on Your Behalf

We collect personal information only as instructed by your employer. Your employer configures which data fields are used and what information is entered. Not all categories below will apply to every employee — this depends entirely on how your employer has set up the platform.

Personal & Contact Information

Your name, date of birth, gender, marital status, home address, local government area, state of origin, phone number, personal email address, next of kin details, blood group, and nationality.

Why we collect this: Used to create and maintain your employee record.

Employment Information

Your company email, department, branch, job title, employment type, employment status, start date, probation period, confirmation date, and work location.

Why we collect this: Used to manage your employment and ensure correct payroll eligibility.

Financial & Payroll Information

Your salary structure, bank name, account number, account name, bank sort code, Pension Fund Administrator name, RSA PIN, pension account number, Tax Identification Number (TIN), NHF number, loan records, declared annual rent, and life insurance premium.

Why we collect this: Used to calculate and process your salary, statutory deductions, and statutory remittances.

Identity & Verification Documents

National Identification Number (NIN), Bank Verification Number (BVN), Tax Identification Number (TIN), driver's licence number, international passport number, and guarantor details.

Why we collect this: Used for identity verification, bank account confirmation, and compliance with Nigerian financial regulations.

Attendance & Work Hours

Your clock-in and clock-out times, total work hours, overtime hours, late arrival minutes, and any location data captured at the point of attendance (see Section 6 on monitoring).

Why we collect this: Used to calculate working time, overtime, and payroll deductions for absence or late arrival.

Leave Records

Leave requests you submit, leave type, dates, supporting documents such as medical certificates, your leave balance, accruals, and carry-over.

Why we collect this: Used to manage and approve your time off.

Performance & Conduct Records

Performance review scores and comments, goals, strengths, areas for improvement, training recommendations, misconduct case records, any penalties applied, your written responses, appeal submissions and outcomes, and investigation findings.

Why we collect this: Used to manage your performance, professional development, and, where necessary, formal disciplinary processes.

Recruitment & Onboarding Records

For job applicants: CV or resume, application form details, AI-generated screening score, interview notes, offer letters, and rejection decisions.

Why we collect this: Used to manage the hiring process on behalf of your employer.

Training & Development Records

Training courses attended, certification records, skill assessments, and training budget allocation.

Why we collect this: Used to track your professional development.

Documents

Employment contracts, certificates, identification documents, and any other files your employer uploads to your employee profile.

Why we collect this: Used to maintain a complete and secure digital employee file.

3. How We Use Your Personal Data

We process your personal data only in ways your employer has configured within the platform. Below is a plain-language explanation of each processing activity.

💰 Calculating and Processing Your Salary

We use your salary structure, statutory registration numbers, declared rent, and insurance details to calculate your gross pay, apply statutory deductions under the Nigeria Tax Act 2025 (PAYE, Pension, NHF, NHIS, NSITF, ITF), and generate your payslip. Your net salary is then transferred directly to your bank account.

📍 Recording Your Attendance

When you clock in or out using the MACH-HR app, we record the time and, if your employer has enabled it, your GPS location at that moment. This data is used to calculate your work hours and determine any late arrival or absence deductions.

🏖️ Managing Your Leave

When you apply for leave, your request and any supporting documents are stored and routed through your employer's approval process. We track your leave balance, accruals, and carry-over as configured by your employer.

📊 Performance Reviews and Misconduct

Your employer uses the platform to conduct performance appraisals, set goals, and record feedback. Where a formal misconduct case is raised, all details including the incident, investigation findings, any penalty applied, and your appeal (if submitted) are stored as a permanent record. Financial penalties, if applied, are automatically deducted from your next payroll run.

🤖 Recruitment

If you apply for a job at an organization using MACH-HR, your CV and application details are stored and reviewed by the employer. An AI system may generate a suitability score to assist the employer in shortlisting candidates. This score is a tool to assist human decision-makers — it does not automatically determine any outcome.

💸 Managing Loans

If your employer offers staff loans, your loan application, guarantor details, repayment schedule, and monthly deductions are managed through the platform and processed automatically during payroll.

🧾 Invoices and Financial Records

Where your employer uses the platform for client invoicing and financial accounting, your timesheet entries and billable hours may be included in client invoices and financial reports.

📁 Document Storage

Your employment contracts, certificates, and other official documents are stored securely in your digital employee file within the platform.

💬 Communication

If your employer has enabled the real-time chat module, messages sent within the platform are stored as part of the organizational communication record.

🤖 AI-Assisted HR Support

The platform uses AI to assist HR teams with tasks such as answering HR policy questions, generating interview questions, and drafting content. Personal employee data is not shared with AI providers for training purposes.

4. How We Protect Your Personal Data

We take the security of your personal data seriously. The following technical and organisational measures are in place to protect it.

🔐

Encryption

All data is encrypted while being transmitted over the internet (TLS 1.2 or higher) and while stored in our systems (AES-256). Your payroll and financial data receives additional encryption.

🔒

Secure Access

Only authorised personnel within your organisation can access your data, based on permissions your employer has configured. Access is controlled, logged, and reviewed.

📋

Audit Trails

Every action taken on your data — who accessed it, what was changed, and when — is recorded in a tamper-proof audit log.

💾

Regular Backups

Your data is backed up automatically every day, stored in encrypted form, and can be restored in the event of a technical failure.

🛡️

Infrastructure Security

Our platform is hosted on secure, professionally managed cloud infrastructure. We conduct regular security reviews and penetration testing.

🔔

Breach Notification

If a security breach occurs that affects your personal data, your employer will be notified within 72 hours so they can fulfil their obligation to inform you.

💳

Payment Security

Salary disbursements and subscription payments are processed through Paystack and Remita, both of which operate on PCI-DSS compliant payment infrastructure.

🏢

Staff Confidentiality

All Machi Kunzult staff with access to production systems are bound by confidentiality agreements and receive data protection training.

Your employer's responsibilities: While we implement robust security on our side, your employer is responsible for ensuring that only the right people in their organisation have access to your data, and for revoking access promptly when someone leaves.

5. Who We Share Your Data With

We do not sell your personal data. We do not share it for advertising or marketing purposes. Your data is shared only in the following circumstances.

5.1 Your Employer

Your employer has access to the data they have entered about you through the platform. What each person within your employer's organisation can see is controlled by your employer — they decide who has access to what. Machi Kunzult does not determine those boundaries; your employer does.

5.2 Technology Service Providers

To operate the platform, we use a number of trusted third-party technology service providers across the following categories: payment processing, cloud infrastructure and hosting, secure file storage, transactional email delivery, real-time communication, calendar and scheduling integration, accounting integration, and AI-assisted features. All third-party providers we work with are carefully vetted, bound by data protection agreements, and are permitted to use your data only for the specific purpose of providing their service to us. None of them are permitted to use your data for their own purposes or for advertising. If you would like a full list of our current third-party processors, you may request it by contacting us at support@machi-kunzult.com.

5.3 Legal Obligations

We may be required by Nigerian law, court order, or a regulatory authority to disclose certain data. In such cases, we will disclose only the minimum data necessary and will notify your employer as soon as we are legally permitted to do so.

5.4 What We Will Never Do

  • Sell your personal data to any third party
  • Share your data with advertisers or marketing companies
  • Use your data to build profiles for any purpose outside your employer's HR management
  • Transfer your data outside Nigeria without appropriate legal safeguards
  • Allow AI providers to use your personal data for training their models

6. Monitoring Technologies

Your employer decides: All monitoring features described below are optional. They must be deliberately enabled by your employer. If you are unsure whether any of these are active in your organisation, ask your HR department.

GPS Location at Attendance

When you clock in or out, the app may record your GPS coordinates at that moment to verify your location. This is a snapshot — not continuous tracking. Your location is not monitored between clock-in and clock-out events unless your employer has enabled periodic verification checks.

Periodic Location Verification

Your employer may configure the system to periodically confirm that you remain within an approved work zone during your working hours. If enabled, these checks happen at intervals set by your employer (between every 5 minutes and every 4 hours). You will be informed by your employer if this feature is active.

Productivity and Website Activity Monitoring

If your employer has enabled the productivity monitoring module, the platform may log the websites you visit and your application usage on your work device during work hours. This feature is off by default and can only be enabled by your employer for company-managed devices. Your employer is responsible for informing you if this monitoring is active.

Biometric Data

If your employer uses biometric attendance devices (fingerprint or facial recognition), processed biometric templates — not raw biometric images — may be stored. Your employer must obtain your explicit written consent before collecting any biometric data, as required by the NDPA 2023.

7. How Long We Keep Your Data

We keep your personal data for as long as your employer's subscription is active and for any additional period required by Nigerian law. The key retention periods are:

Payroll and statutory deduction records: Minimum 7 years, as required by Nigerian tax legislation.
Your general employee record: For the full duration of your employment and for any legally required period after you leave.
Job application data (unsuccessful candidates): Deleted within 6 months of the recruitment decision, unless your employer configures a longer period.
Attendance and location data: As configured by your employer.
Audit logs of system activity: Minimum 3 years for compliance purposes.
After your employer cancels their subscription: All organisation data remains available for export for 30 days, after which it is permanently and irreversibly deleted from our systems.

8. Your Rights

Under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights in relation to your personal data. Because your employer is the data controller, you exercise these rights by contacting your employer's HR department.

Right to Access

You can request a copy of the personal data your employer holds about you in our system.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can ask for it to be corrected.

Right to Erasure

You can ask for your data to be deleted, subject to any legal requirements that oblige your employer to keep certain records (such as payroll history).

Right to Object

You can object to certain types of processing, such as monitoring, in circumstances permitted by law.

Right to Data Portability

You can ask for your personal data to be provided to you in a structured, commonly used format.

Right to Withdraw Consent

Where any processing is based on your consent (such as biometric data collection), you may withdraw that consent at any time.

How to exercise your rights: Contact your HR department directly. They are responsible for responding to your request. We cannot respond to individual data subject requests directly without authorisation from your employer.

If you are not satisfied

If you are not satisfied with how your employer handles your data rights request, you have the right to lodge a complaint directly with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

9. Updates to This Policy

When we make significant changes to this policy — such as collecting new categories of data or sharing data with new third parties — we will notify your employer at least 14 days before the changes take effect. Your employer is responsible for communicating relevant changes to you.

The “Last Updated” date at the top of this document shows when the policy was last revised. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

10. Subscription & No Refund Policy

No Refund Policy: All subscription fees paid to Machi Kunzult Ltd are strictly non-refundable. By subscribing to MACH-HR, Subscribing Organizations explicitly agree to this policy.

10.1 Why We Do Not Offer Refunds

1

Immediate Full Access

Upon payment, your organisation receives immediate, unrestricted access to all subscribed modules. The service is delivered from the moment of activation.

2

Infrastructure Committed Upfront

Subscription fees cover ongoing infrastructure costs — cloud hosting, database services, storage, communication services, and security operations — that are committed and incurred at the time of subscription.

3

Free Trial Available

We offer a 5-day free trial before any payment is required, so your organisation can fully evaluate the platform before committing.

4

Data Processing Obligations Continue

Once employee data is entered into the system, significant resources are allocated to its secure storage, encryption, backup, and compliance — regardless of whether the subscription continues.

5

Period Commitment

Subscriptions are purchased for a defined period (monthly or annually). Early cancellation does not entitle your organisation to a refund for unused time.

10.2 Scope of No-Refund Policy

This policy applies without exception to:

  • Voluntary cancellation at any time
  • Non-use or underuse of the platform or any of its modules
  • Early termination of an annual or monthly subscription
  • Dissatisfaction with features after subscription has commenced
  • Changes in business needs or organisational restructuring
  • Reduction in employee headcount after subscription purchase
  • Decision to switch to a different HR software provider

10.3 Exceptional Circumstances

While our policy is strictly no refunds, we may at our sole and absolute discretion consider service credits (not cash refunds) in the following limited circumstances only:

  • Verified platform downtime directly caused by Machi Kunzult exceeding 72 consecutive hours
  • Duplicate payments made in error, which will be corrected within 14 business days
  • Billing errors solely attributable to Machi Kunzult Ltd

Service credits have no cash value and are applied to the next billing cycle only. All such decisions are made at the sole discretion of Machi Kunzult Ltd management.

10.4 Cancellation

To cancel your subscription, contact us at support@machi-kunzult.com. Upon cancellation:

  • Platform access continues until the end of the current paid period
  • No further charges will be made after the cancellation date
  • All organisation data will be available for export for 30 days
  • No refund will be issued for the remaining unused subscription period

11. Contact Us

Machi Kunzult Ltd

Address

3rd Floor, 35 Olowu Street Ikeja, Lagos, Nigeria

Response time: within 5 business days

Nigeria Data Protection Commission

If you are not satisfied with how we or your employer handles your data rights, you may lodge a complaint with the regulatory authority:

Legal Framework

Nigeria Data Protection Act (NDPA) 2023

🔒

Our Commitment

Your personal data is entrusted to us through your employer. We take that responsibility seriously. We will never use your data beyond what is necessary to provide the HR management services your employer has subscribed to, and we will always handle it in accordance with the Nigeria Data Protection Act 2023.