payroll and accounting process
Support
Book a Demo
Linkedin-in Instagram Facebook-f Twitter
payroll and accounting process

Privacy Policy

Effective Date: March 13, 2026

Hurey (“we,” “us,” or “our”), a cloud-based human resource and payroll management platform operated by Pabacus Philippines, is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website at http://hurey.ph (the “Site”) or use our services.

This Policy is formulated in accordance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR).

1. Information We Collect

We collect information that you provide to us directly, as well as information that is automatically collected when you interact with our Platform.

1.1 Personal Information Provided by You

When you inquire about our services, register for a trial, or contact support, we may collect:

  • Contact Details: Name, company name, email address, and phone number.
  • Account Credentials: Usernames and passwords used to access the Hurey portal.

1.2 Information Provided by Employers (Our Clients)

As a service provider, we process the following employee data on behalf of our corporate clients, who act as the Personal Information Controllers (PIC):

  • Identity Data: Full name, date of birth, marital status, and gender.
  • Government Identifiers: SSS, PhilHealth, Pag-IBIG, GSIS, and TIN numbers.
  • Employment Records: e-201 files, job titles, department, salary details, and performance evaluations.
  • Attendance and Biometric Data: Time-in and time-out logs and biometric data (where integrated with the employer’s biometrics hardware).
  • Financial Data: Bank account details for salary disbursement via GCash or other methods.

1.3 Automatically Collected Information

When you visit our Site, our servers automatically record:

  • Technical Data: Your IP address, browser type, operating system, and the referring website.
  • Usage Data: Pages visited, links clicked, and the date and time of your visit.
  • Cookies: We use cookies to enhance your experience and remember your preferences. Please refer to our Cookie Policy for more details.

2. How We Use Your Information

We process your data only for specified, legitimate, and declared purposes.

2.1 To Provide and Manage Our Services

  • To automate payroll calculations, wage disbursements, and 13th-month pay.
  • To manage employee leave, holiday, and HR policy repositories.
  • To facilitate real-time access to HR analytics and employee information for employers.

2.2 To Ensure Compliance

  • To compute and facilitate the remittance of mandatory contributions to SSS, PhilHealth, and Pag-IBIG.
  • To generate tax returns and BIR forms (e.g., Form 2316).
  • To maintain records as required by Philippine labor and tax laws.

2.3 To Communicate with You

  • To respond to your inquiries through our “Contact Us” or “Get Started” forms.
  • To provide technical support and send administrative notifications.

2.4 To Secure Our Platform

  • To verify identities and prevent unauthorized access to sensitive HR data.
  • To monitor and analyze platform performance to identify and mitigate technical risks.

3. Lawful Basis for Processing

We process your data based on the following legal grounds:

    • Consent: When you explicitly agree to the processing of your data for a specific purpose.
    • Contractual Necessity: When processing is required to fulfill the terms of the service agreement with our clients or the employment contract with employees.
    • Legal Obligation: When processing is necessary for compliance with labor, tax, and social security laws.
    • Legitimate Interest: When processing is necessary for the security of our platform or the establishment of legal claims.

4. Information Sharing and Disclosure

We do not sell or rent your personal information. We share data only with authorized recipients and third-party providers under strict confidentiality agreements.

4.1 Government Agencies

We disclose data to the following agencies to ensure our clients’ statutory compliance:

  • Social Security System (SSS).
  • Philippine Health Insurance Corporation (PhilHealth).
  • Home Development Mutual Fund (Pag-IBIG).
  • Bureau of Internal Revenue (BIR).

4.2 Third-Party Service Providers

We use the following providers to support our operations:

  • Microsoft Azure: Our platform is hosted on Microsoft Azure, providing secure cloud storage and infrastructure.
  • Xero: We offer integration with Xero accounting software for seamless financial management.

GCash: We integrate with GCash for payroll disbursement.

4.3 Data Sharing and Outsourcing Agreements

All transfers of data to third parties are governed by agreements that mandate compliance with the DPA and the implementation of robust security measures.

5. Data Security

We implement reasonable and appropriate organizational, physical, and technical security measures to protect your data.

  • Encryption: We use AES-256 encryption for data at rest and TLS/SSL for data in transit.
  • Access Control: Access to sensitive data is restricted to authorized personnel using role-based access control (RBAC).
  • Identity Verification: Mandatory Multi-Factor Authentication (MFA) and strong password policies are enforced.
  • Monitoring & Prevention: Data Loss Prevention (DLP) tools, regular vulnerability assessments, and automated audit logs are used to detect and block unauthorized access.
  • Disaster Recovery: Microsoft Azure provides a secure, resilient, and highly available work environment with regular data backups to ensure data integrity and availability.

6. Data Retention and Disposal

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

  • Payroll Records: Retained for at least ten (10) years in compliance with the National Internal Revenue Code.
  • Labor Records: Retained for at least three (3) years from the date of the last entry in accordance with the Labor Code.
  • Website Inquiries: Retained for two (2) years after the request has been resolved.

When data is no longer required, it is securely disposed of through digital shredding or anonymization to prevent unauthorized access or further processing.

7. Your Rights as a Data Subject

Under the DPA, you have several rights regarding your personal information:

  • Right to be Informed: You have the right to know how and why your data is being processed.
  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You may request the correction of any inaccurate or outdated information.
  • Right to Erasure or Blocking: You may request the deletion or blocking of your data if it is no longer needed for its original purpose.
  • Right to Object: You may object to the processing of your data for direct marketing or profiling.
  • Right to Portability: You may request your data in a structured, electronic format for transfer to another service provider.
  • Right to Damages: You have the right to be indemnified for harm resulting from a violation of your privacy rights.

To exercise any of these rights, please contact our Data Protection Officer at the details provided in Section 8.

7.1 Transmissibility of Rights

Pursuant to Section 17 of the Data Privacy Act of 2012, the rights of a data subject are transmissible to their lawful heirs or assigns. This legal provision ensures that the privacy of an individual’s personal data is protected even after death or in the event of physical or mental incapacity. Lawful heirs and assigns may invoke these rights—including the rights to access, rectification, and erasure—at any time to protect the information of the deceased or incapacitated individual.

For living data subjects who are incapacitated, these rights may be asserted by a duly authorized legal representative through a legal notice (e.g., via a Special Power of Attorney).

Note that this transmissibility does not apply if the processed personal data is used exclusively for scientific and statistical research where no decisions are made regarding the individual.

7.2 Privacy Impact Assessments (PIA)

In accordance with NPC Circular 2023-06 (Security of Personal Data in the Government and Private Sector) and Advisory No. 2024-04, Hurey.ph and Hurey Campus maintain a “Privacy by Design” framework through the conduct of regular Privacy Impact Assessments (PIAs). A PIA is a mandatory structured process used to evaluate and manage the impact of our systems on the privacy of students, faculty, and employees.

For systems involving cloud hosting (such as Microsoft Azure) or the deployment of Artificial Intelligence (AI) modules, the PIA is treated as a continuing requirement. These assessments are conducted:

  • Prior to Deployment: To evaluate risks to privacy, security, child safety, and ethical use before launching new products or AI features.
  • Annually: To perform periodic audits of existing controls and update the Privacy Management Program.
  • Ad Hoc: Whenever there are major updates, new vendors, or significant changes in the nature, scope, or purpose of data processing.

These assessments include mapping data flows, identifying potential risks of misuse or breaches, and recommending specific mitigation measures to ensure ongoing compliance with National Privacy Commission standards.

8. Contact Our Data Protection Officer

If you have any questions, comments, or complaints regarding our data privacy practices, please contact us at:

Data Protection Officer Hurey / Pabacus Philippines
Address: Unit B2-110A Ground Floor, BPO Bldg. 2 SM City, Clark, Pampanga 2009, PH.
Email: [email protected] / [email protected].
Phone: (045) 499 0677.

Note: This policy is subject to regular updates to align with new NPC circulars and technological advancements. Check hurey.ph/privacy regularly for the latest version.