Solutions — Talent
Recruitment — India
Recruitment & RPO — Global
Background Verification
For Staffing Agencies
Tools
India Salary Estimator
How we collect, store, protect and handle personal and employment data when delivering EOR, payroll, recruitment and workforce management services. Written for UK, US, UAE and India-based clients.
Davzon handles sensitive employment data — salaries, tax information, personal identifiers, and statutory documents — on behalf of our clients. We take this responsibility seriously and apply consistent security standards across all operations.
We collect only the personal information required to deliver the service — nothing more. Employee data collected during onboarding is limited to what Indian statutory authorities require.
Employee and payroll data is accessible only to Davzon personnel who need it to deliver their specific role. Access is role-based and regularly reviewed. Client data is never shared across client accounts.
All data transmitted between clients, employees and Davzon systems is encrypted using industry-standard TLS protocols. Sensitive documents are never transmitted by unencrypted email.
Payroll processing runs on enterprise-grade payroll infrastructure with audit trails, error checking, and compliance validation built in. All payroll data is backed up and recoverable.
Employee records are retained for the period required by Indian statutory law — typically 8 years for payroll records, aligned with income tax and PF audit requirements. On exit, client data is securely archived or deleted on request.
In the event of a data incident affecting client or employee data, we notify affected clients promptly and take immediate remedial action. We maintain clear escalation procedures for data-related issues.
| Framework | Relevance | How Davzon Addresses It |
|---|---|---|
| India DPDP Act 2023 | Governs processing of personal data in India, including employee data | Employee data collected with documented purpose, limited to what is required, and protected under appropriate technical and organisational measures |
| UK GDPR / Data Protection Act 2018 | Applies to UK-based clients whose employee data is processed by Davzon | Davzon acts as a data processor on behalf of UK clients (the data controllers). Processing is limited to purposes defined in the service agreement. Appropriate data processing agreements are in place |
| India Income Tax Act — TDS records | Mandates retention of payroll and TDS records for statutory audit purposes | All payroll records, TDS deduction registers, and Form 16 are maintained for the statutory retention period and available for audit if required |
| India EPFO / ESIC records | Requires accurate and accessible PF and ESI contribution records | All contribution records, ECR filings, and UAN-linked data maintained in accordance with EPFO and ESIC requirements |
| UAE Labour Law (client context) | UAE-based clients have their own data obligations; Davzon does not process UAE employee data | Davzon's India operations are separate from UAE employment. UAE-based clients receive invoices and payroll reporting; no UAE employee data is processed by Davzon |
When acting as Employer of Record, the following personal data is collected from employees and processed by Davzon in order to fulfil statutory employment obligations.
UK and EU clients who require a formal Data Processing Agreement (DPA) in accordance with UK GDPR or EU GDPR can request one as part of their service agreement. Contact us at hello@davzon.com.