मेनू टॉगल करा
अधिक
    बंद करा

    Privacy and Policy of Maha eHRMS

    PRIVACY POLICY FOR USE OF THE MAHA eHRMS PORTAL AND MOBILE APPLICATION

    (Updated in accordance with the Digital Personal Data Protection Act, 2023; Digital Personal Data Protection Rules, 2025; Information Technology Act, 2000; Maharashtra State Data Policy, 2024; and the Maharashtra Public Records Act, 2005)

    Introduction

    Maha eHRMS (Maharashtra Electronic Human Resource Management System) is the official e-HRMS platform developed and maintained by the General Administration Department (GAD), Government of Maharashtra, in collaboration with the Finance Department, Information Technology Department, and the National Informatics Centre (NIC), Government of India, as the system integrator. The platform is designed to digitize and automate employee service-related processes from recruitment to retirement, serving as a centralized and secure database for all State Government employees.

    This Privacy Policy governs the collection, processing, storage, and protection of personal data within Maha eHRMS, comprising the mobile application and web portal. The platform is committed to safeguarding personal information in compliance with applicable laws and policies, ensuring lawful, fair, and transparent data governance by defining the purpose of data collection, its storage and processing, and the rights and choices available to employees. By accessing or using Maha eHRMS, the User or Employee acknowledges and consents to the collection, usage, and disclosure of personal information as outlined in this Privacy Policy.

    Data We Collect

    We collect several categories of data required for official government purposes through the Maha eHRMS portal, as described below:

    • Personal Information: This includes information that identifies the employee, such as name, Sevaarth ID, date of birth, contact details (mobile number and email address), address, identity document details, family details etc.

    • Service Book Data (Employment Records): The Maha eHRMS system digitizes your official service book or employment record. This includes details of your government service such as appointments, transfers, promotions, training courses, leave history, pension nominations, disciplinary actions, and other service events. In short, all information that would traditionally be in your physical service book (from recruitment to retirement) are stored on the Maha eHRMS system.

    • Usage Logs and Technical Data: When you access the Maha eHRMS portal or mobile application, certain technical information is automatically recorded. This includes Internet Protocol (IP) address, device specifications, browser type, operating system, timestamps of access, and details of pages or features utilized. Such data is collected exclusively to monitor system performance, enhance
      functionality, and diagnose technical issues. This information is not used to personally identify individuals, except where necessary to investigate security incidents, including unauthorized access attempts or potential threats to system integrity.

    • Cookies and Similar Technologies: The Maha eHRMS portal uses cookies and related technologies to optimize user experience and system functionality. Cookies are small text files stored on your browser or device. They are utilized for purposes such as maintaining session continuity, preserving user preferences, and collecting analytical data regarding navigation patterns. For example, cookies may record the pages accessed or features used, enabling us to improve platform performance and usability. These cookies and associated analytics do not directly identify you by name and are never employed for advertising purposes. You may manage or delete cookies through your browser settings; however, certain features of the portal may not function as intended if cookies are disabled.

    • Transaction Data: In the course of utilizing the Maha eHRMS platform, additional data may be generated or submitted as part of routine administrative processes. For example, when an employee applies for leave, updates personal information, or initiates any service-related request, the corresponding records are securely maintained within the system. The platform also records actions performed—such as submissions, approvals, or rejections—together with precise timestamps to establish comprehensive audit trails. These logs are integral to ensuring transparency, accountability, and integrity within the human resource and administrative framework and may, at times, intersect with system usage data. Data collection is strictly limited to what is necessary for the legitimate
      functions of Maha eHRMS. Should there be a requirement to collect additional personal information, we will provide prior notice or obtain explicit consent and ensure that such processing is conducted in full compliance with applicable legal requirements.

    How We Use Your Data

    Personal data collected through the Maha eHRMS portal is used to operate, authenticate, and provide secure access for applicants and employees. It supports core HR functions, ensures service accuracy, enables workflow automation, and enhances the overall user experience. The data is processed to maintain and improve the system, deliver relevant administrative and HR services, and allow users to access interactive features of the application when they choose to do so.

    • Providing HR Services: We use your personal and service book information to deliver comprehensive HR services. This includes maintaining your digital service record, displaying salary and benefits, tracking leave and attendance, recording transfers and promotions, facilitating training, and managing retirement or pension processes. In short, all HR transactions throughout your employment are supported by this data to ensure your entitlements and requests are handled efficiently and without delays—one of the core objectives of Maha eHRMS.

    • Administrative and Legal Compliance: We process and retain data to comply with applicable laws, regulations, and government policies. This may include generating reports or sharing information for audits, RTI (Right to Information) queries, or as required under laws such as the Maharashtra Public Records Act, 2005. Data retention follows prescribed legal and policy guidelines, ensuring records are maintained for as long as necessary for official and legal purposes. Using Maha eHRMS promotes transparency and accountability in administration, aligning with state initiatives and policies. If mandated by law or an authority, we will provide the required employee information in full compliance with legal requirements.

    • Improvement and Analytics: We use technical and usage data to enhance the functionality and user experience of the Maha eHRMS portal. Information such as feature usage frequency and error logs helps us diagnose issues, optimize performance, and plan new features. For example, we analyze logs to identify pages causing frequent errors or to track daily login trends. These analytics are typically aggregated and do not focus on individual users. In line with our policies, any analytics or public reporting uses anonymized data with personal identifiers removed. If data is ever used for broader analytics or policymaking, it is processed in anonymized form or with appropriate consent, as required by the Maharashtra State Data Policy, 2024.

    • Security and Fraud Prevention: Protecting your data and the system from unauthorized access is a top priority. We use login history and usage information to monitor suspicious activities and maintain system integrity. For example, IP logs may be reviewed to detect repeated failed login attempts or unusual access patterns. If any security breach attempt is detected, we investigate and take appropriate action. Under normal circumstances, these logs are used solely for technical administration and are not linked to your identity, except when required to trace and resolve security incidents.

    • Communication:Your contact information may be utilized solely for official purposes related to Maha eHRMS or your employment services. This includes transmitting notifications and confirmations to your registered email address or mobile number, such as alerts regarding leave approvals, reminders for profile updates, and critical announcements pertaining to system maintenance or policy amendments. Additionally, the application may convey birthday greetings to foster a positive organizational culture, and the Officers Directory enables authorized users to establish official communication with colleagues. We will not use your contact information for unsolicited marketing, and all communications will be strictly limited to official purposes related to the e-HRMS and your employment.

    • Personal data shall not be utilized for any purpose beyond the core functions and official requirements of Maha eHRMS without prior notification to the employee and, where applicable, obtaining explicit consent. The platform does not engage in the sale of personal data, nor is such data employed for advertising or promotional activities. All processing activities are strictly confined to the provision of efficient human resource services and administrative governance, in full conformity with applicable laws and in adherence to the principles of purpose limitation and data minimization as mandated under the Digital Personal Data Protection Act, 2023.

    Data Sharing and Disclosure

    We respect the confidentiality of your personal information and do not disclose it to any third party except in the circumstances outlined below:

    • Within Government and Authorized Personnel: Your data may be shared with relevant government departments or officials strictly on a need-to-know basis. For example, if you are transferred to another department or if a government authority requires your information to process a benefit or inquiry, only the necessary portions of your data will be shared. Such sharing will occur solely for legitimate, official purposes. All government departments and agencies in Maharashtra are obligated to handle personal data in compliance with the Digital Personal Data Protection Act, 2023 and the Maharashtra State Data Policy, ensuring that any department accessing your data protects it and uses it lawfully..

    • Service Providers and Partners: Maha eHRMS operates as a digital platform and may engage technical service providers, such as the National Informatics Centre (NIC) or other authorized IT contractors, for the purpose of system operation, maintenance, and security. In instances where external technology partners or contractors are granted access to personal data, such access is strictly limited to the performance of their contractual obligations, including activities such as software maintenance and provision of cloud infrastructure. All such entities are required to adhere to confidentiality obligations and are bound by formal legal agreements that mandate the protection of personal data. They are expressly prohibited from utilizing the data for any purpose other than the execution of assigned services. Furthermore, in accordance with applicable government policies, all consultants and agencies engaged in these activities must comply with the provisions of the Digital Personal Data Protection Act, 2023 and implement appropriate technical and organizational security measures.

    • Legal Requirements: Disclosure of personal information may occur when mandated by law, judicial order, or applicable governmental regulation. For example, if a law enforcement authority, acting in accordance with due legal process, requests specific data for the purpose of an investigation, we are legally obliged to comply. Likewise, in circumstances involving legal proceedings or the enforcement of rights—such as verification of employment history in connection with a legal claim—relevant information may be furnished.

    • Without Consent: Except as expressly provided in the circumstances outlined above, your personal data will not be disclosed to any entity outside the Government ecosystem without your prior consent. We do not sell, rent, or otherwise exchange your personal information with any third party for marketing or any other unrelated purposes. All use of your data is strictly confined to governance and administrative functions as specified in this Privacy Policy.

      • In all instances of data sharing, we maintain a comprehensive record detailing the information disclosed, the recipient, and the purpose, in accordance with governance standards. Any data shared with another entity, such as a government department, remains subject to strict confidentiality and may only be used for authorized purposes. Sensitive personal data, including biometric information, is provided with enhanced protection and, as a rule, is not shared with any unauthorized agency. Our approach ensures transparency within the government ecosystem to enable efficient service delivery while always safeguarding your privacy.

    Cookies and Analytics

    When you access the Maha eHRMS website, we utilize cookies and similar tracking technologies to improve your browsing experience and collect aggregated usage statistics.

    • What Cookies Are: Cookies are small text files stored on your device (such as a computer or smartphone) when you visit a website. They enable the website to remember certain information about your visit. For example, cookies may retain your login status so that you do not need to re-enter your credentials on every page.

    • How We Use Cookies: We use cookies and similar tracking technologies on the Maha eHRMS website to enhance functionality and gather usage insights. Cookies are small text files stored on your device to remember information about your visit, such as maintaining your login session or retaining preferences like language settings for a smoother experience. Certain cookies are essential for the website to function properly, while others support analytics by collecting aggregated, anonymous data on how employees interact with the platform—such as pages visited, time spent, and actions taken. This information is used exclusively to understand overall usage patterns and improve the system’s design, performance, and features.

    • No Third-Party Ads: Maha eHRMS does not use cookies for advertising purposes. You will not encounter third-party advertising or social media tracking cookies on our platform. All cookies implemented are strictly for essential service functionality or for internal analysis to improve user experience.

    • Your Control: You may manage cookie preferences through your web browser settings, including the ability to refuse or delete cookies. However, please note that if you disable cookies entirely, some features of Maha eHRMS (especially login and other interactive features) may not work correctly, particularly authentication and interactive features, as these rely on cookies for core operations. To ensure an optimal user experience, we recommend keeping essential cookies enabled. For non essential cookies, such as those used for analytics, opt-out options will be provided where applicable.

    • Analytics and Logs Usage: We collect certain technical and usage information, such as IP addresses, device details, and pages visited, for purposes of analytics and security. This data is processed strictly in accordance with this policy, primarily to enhance service performance and maintain platform security. Analytics reports do not include personally identifiable information; they provide aggregated insights into overall system usage. We adhere to the principle of not associating technical data with individual identities unless required for investigating security incidents. Any analytics tools employed (e.g., web analytics services) are configured to respect user privacy and will only receive the minimum data necessary for their function.

    By using our site, you consent to the use of cookies and analytics as described here. If we introduce any new type of cookie or start using a new analytics tool that collects additional data, we will update this policy and notify you if required.

    Data Security

    Maha eHRMS implements robust measures to protect personal data from unauthorized access, misuse, or loss. In line with directives issued by the Government of Maharashtra, all departments and IT systems—including Maha eHRMS—are required to comply with stringent data protection standards under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable regulations. Maha eHRMS upholds these standards by adopting comprehensive security practices that ensure the confidentiality, integrity, and availability of personal data throughout its lifecycle.

    • Secure Infrastructure: Your data is stored on secure servers operated by government-empanelled Cloud Service Providers (CSPs), such as the Maharashtra State Data Centre or other approved government cloud services. These facilities employ multiple layers of protection, including physical security and advanced cybersecurity measures, to safeguard data. In compliance with state policy, sensitive and personal data is primarily stored within the state data centre or similarly secure locations. We do not store data on unsecured systems or unauthorized cloud services.

    • Encryption and Protection: We implement strong encryption and security protocols to protect data both in transit and at rest, wherever applicable. For example, when you access the portal, the connection is secured using HTTPS to prevent interception. Passwords are stored in encrypted or hashed form, ensuring that even system administrators cannot view them directly. Additional safeguards such as firewalls, anti-malware tools, and intrusion detection systems are deployed to prevent and monitor unauthorized access attempts.

    • Access Control: Access to the Maha eHRMS portal is strictly limited to authorized personnel with valid credentials. Within the system, access is role-based, meaning officials can only view data necessary for their designated responsibilities. For instance, your department’s nodal officer (Admin/DDO) can access your service record for updates, while personnel from unrelated departments cannot. All access and updates are logged to maintain a complete audit trail. Officers, staff, and external consultants handling personal data are bound by confidentiality agreements and trained in privacy and security best practices. Any misuse of data may result in disciplinary action and legal consequences.

    • Preventive Monitoring: We continuously monitor the system for potential vulnerabilities or security breaches. Regular software updates and security patches are applied to safeguard against emerging threats. Our technical team receives real-time alerts for unusual activities and responds promptly to any suspected security incident. In the unlikely event of a data breach (unauthorized access), established protocols ensure immediate containment and mandatory notifications to affected users and relevant authorities, in accordance with applicable laws.

    • Data Protection Practices: In compliance with the Digital Personal Data Protection Act, 2023, Maha eHRMS adheres to the principles of data minimization and purpose limitation, collecting and using only the data necessary for defined functions. Wherever feasible, personal data is anonymized or de identified, especially for analytics, reporting, and performance monitoring. Identifiable data is retained solely when essential for service delivery or statutory obligations. Through anonymization techniques, the platform provides actionable insights while preserving the confidentiality of individual records.

    • Regular Audits and Compliance: The platform undergoes periodic security audits and assessments in accordance with government IT policies to ensure continued safety and reliability. We strictly adhere to security and data protection guidelines issued by central and state authorities, including prohibiting the sharing of sensitive data—such as biometric identifiers—with unauthorized parties. Additionally, we maintain a comprehensive Data Backup and Disaster Recovery plan to address unforeseen events like data center outages, ensuring uninterrupted service and preserving the integrity of data.

    In summary, we employ a wide range of technical and organizational measures to ensure the security of your data and provide a safe experience on the Maha eHRMS web portal and mobile application. Should you have any security concerns—such as suspecting that your account has been compromised—please contact us immediately using the details provided in the Contact section. Our team will take prompt and appropriate action to assist you. Please note that we will never request your password via phone or email. To safeguard your account, keep your login credentials confidential and always log out after accessing the system on a shared device.

    Your Rights

    As a user of Maha eHRMS and as the subject of your personal data, you are entitled to certain rights concerning the information we hold about you. These rights are provided in accordance with the Digital Personal Data Protection Act, 2023 and recognized privacy best practices. In simple terms, your rights include:

    • Right to Access: Employees have the right to obtain information regarding the personal data maintained about them within the Maha eHRMS platform. Upon request, a copy of relevant records—such as entries in the digital service book or contact details on file—will be provided. This right promotes transparency and enables individuals to understand how their data is processed in compliance with applicable data protection laws. Requests will be fulfilled within a reasonable timeframe, subject to identity verification and procedural requirements.

    • Right to Correction: We strive to ensure that personal data within the Maha eHRMS platform is accurate and up to date. If any errors or outdated information are identified—such as changes in contact details or discrepancies in personal or service records—employees have the right to request corrections or updates. Certain fields may be editable directly through the platform, while others may require contacting the department’s designated Nodal Officer or Drawing and Disbursing Officer (DDO). All correction requests will be verified and addressed promptly in accordance with established procedures.

    • Right to Grievance Redressal: If you have any concerns, questions, or complaints regarding the handling of your personal data, you have the right to raise a grievance and have it addressed promptly. We take privacy and data protection seriously and will respond to all complaints within a reasonable timeframe. For instance, if you believe your data has been used beyond the purposes described in this policy, or if you are dissatisfied with the outcome of exercising any of your rights, you may lodge a formal complaint with your department’s designated Nodal Officer or Drawing and Disbursing Officer (DDO), or contact the Maha eHRMS Helpdesk.

    • Right to Nominate a Representative: Under applicable law, you may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. Practically, this means that a legal heir or guardian may request access to or correction of your data for necessary purposes. If applicable, such nominations can be established through official channels. This right serves as a precautionary measure to ensure that your data rights are preserved even if you are unable to exercise them personally.

    Contact Us

    If you have any questions, concerns, or requests regarding the privacy policy or any grievance related to your personal data in Maha eHRMS, you may contact our designated officials below:

    Joint Secretary, General Administration Department (Services)
    General Administration Department, Government of Maharashtra,
    Mantralaya-Annex Building,
    Mumbai, Maharashtra (India).

    Email: ehrms-privacypolicy@mah.gov.in
    Phone:022-220245

    Alternatively, you may also contact us through Help & Support section of Maha eHRMS Portal/Mobile App or through Maha eHRMS Helpdesk. When you contact us, please include your name, designation/employee ID (if applicable), and a clear description of your request or concern. For example, if you are requesting a data correction, specify what information is wrong and what it should be. If you are making a complaint, please describe the issue you faced. This will help us address your query efficiently.

    We will acknowledge your request or complaint and endeavour to resolve it at the earliest, within the timeframes prescribed by law.

    Data Retention

    Personal data is retained only for as long as necessary to fulfil the purposes specified in this policy or as mandated by applicable laws. As Maha eHRMS manages official government service records, certain data elements must be preserved for extended periods—even beyond an employee’s retirement—in compliance with statutory record-keeping requirements. Retention timelines for various categories of data are governed by the Maharashtra State Data Policy and relevant legislation, including the Maharashtra Public Records Act, 2005.

    • Active Employment: During your employment, all personal and service-related data will be retained and updated to ensure continuity of service records and the provision of benefits.

    • After Retirement/Departure: Even after you leave service (retire, resign, etc.), your service record may be archived for a legally mandated duration. This is to support pension processing, verification of past employment, or any legal queries. Typically, service records can be required for many years post retirement for pension and audit purposes. We follow the retention schedules provided by the government for each category of record.

    • Deletion and Anonymization: Once the retention period for certain data expires and it is no longer required, we will securely delete or anonymize it across all platforms. Secure deletion ensures removal from active databases and backups, making recovery or misuse impossible. In some cases, data may be anonymized (stripped of personal identifiers) and retained for statistical or historical purposes, as anonymized data is no longer considered personal data.

    • Logs and Backups: System logs, such as access logs, are typically retained for a limited duration unless required for security analysis or compliance purposes. In general, logs are maintained for a few months to a year, unless archived as part of statutory record-keeping. Backup copies of data are stored in secure environments and managed in accordance with our backup rotation and destruction policy. While there may be a slight delay in purging data from all backup systems, we ensure that once data has expired, it is neither restored nor used, except where legally mandated.

    Maha eHRMS does not retain personal data indefinitely. Defined retention schedules are strictly followed for each category of data, in accordance with applicable laws and policies. We actively minimize privacy risks by avoiding unnecessary data storage. Employees may contact the designated support team for any specific queries regarding data retention timelines.

    Updates to this Policy

    This Privacy Policy is effective from 11th December 2025 (Version 1.0). We may revise it periodically to reflect system changes or legal requirements. If there are material changes, we will notify users via a website announcement or in-app alert. Minor updates will be reflected on the policy page with an updated effective date. Continued use of Maha eHRMS after updates indicates acceptance. If any change requires your consent by law, we will obtain it before implementation.

    How we will inform you of changes:

    If we make material changes to this Privacy Policy, we will notify users promptly through one or more of the following: a prominent announcement on the website or an in-app notification upon login. The notice will summarize key changes and link to the updated policy. Minor updates—such as clarifications that do not affect your rights or our obligations—will be reflected directly on the policy page with an updated effective date. The “last updated” date will always appear at the top for your reference.

    We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Continued use of the Maha eHRMS platform after any changes will be considered acceptance of those changes. If any update requires your consent under law (e.g., new data collection practices), we will obtain your consent before implementation.

    These Terms and Conditions are issued by the General Administration Department, Government of Maharashtra (Developer of Maha eHRMS)

    Last Updated: December 11th, 2025.