1. Introduction
PAYROLL AI LIMITED ("Payroll AI", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll verification system and related services (the "Service").
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller vs Data Processor: For customer business data and employee information processed through our Service, our customers act as data controllers and Payroll AI acts as a data processor. For our own business operations and direct relationships, Payroll AI acts as the data controller.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, phone number, company details
- Payment Information: Billing address, payment method details (processed by third-party providers)
- Employee Data: Names, employee IDs, salary information, employment details
- Communication Data: Support requests, feedback, correspondence
2.2 Information We Collect Automatically
- Usage Data: How you interact with our Service, features used, time spent
- Technical Data: IP address, browser type, device information, operating system
- Log Data: Server logs, error reports, performance metrics
- Cookies and Similar Technologies: As described in our Cookie Policy
2.3 Information from Third Parties
- Payroll System Integrations: Data imported from your existing payroll systems
- Identity Verification Services: Information to verify user identities
- Business Partners: Information from authorized business partners or vendors
3. Legal Bases for Processing
We process personal data based on the following legal grounds under UK GDPR:
Purpose | Legal Basis |
Providing the Service | Performance of contract |
Account management | Performance of contract |
Payment processing | Performance of contract |
Customer support | Performance of contract / Legitimate interests |
Security and fraud prevention | Legitimate interests |
Marketing communications | Consent / Legitimate interests |
Legal compliance | Legal obligation |
Service improvement | Legitimate interests |
4. How We Use Your Information
4.1 Service Provision
- Providing payroll verification and confirmation services
- Processing payroll complaints and HR workflows
- Managing user accounts and authentication
- Facilitating communication between employees, HR, and managers
4.2 Business Operations
- Processing payments and managing subscriptions
- Providing customer support and technical assistance
- Monitoring service performance and availability
- Conducting analytics to improve our Service
4.3 Legal and Security
- Ensuring security and preventing fraud
- Complying with legal obligations and regulatory requirements
- Investigating and resolving disputes
- Protecting rights and interests of PayrollAI and users
5. Information Sharing and Disclosure
5.1 We May Share Information With:
- Service Providers: Cloud hosting, payment processing, customer support tools
- Business Partners: Authorized integrations and third-party services
- Professional Advisors: Lawyers, accountants, auditors, and consultants
- Regulatory Bodies: When required by law or legal process
5.2 We Do Not:
- Sell personal data to third parties
- Share data for marketing purposes without consent
- Use employee payroll data for our own commercial purposes
- Disclose data except as described in this policy
6. International Data Transfers
We primarily store and process data within the UK and EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules
- Certification schemes and codes of conduct
Our primary cloud infrastructure is hosted in the UK with AWS London regions.
7. Data Security
7.1 Technical Safeguards
- Encryption of data in transit and at rest using AES-256
- Multi-factor authentication for administrative access
- Regular security assessments and penetration testing
- Automated security monitoring and incident response
7.2 Organisational Measures
- Staff training on data protection and security
- Access controls based on role and need-to-know basis
- Data processing agreements with all third-party providers
- Regular security audits and compliance reviews
7.3 Incident Response
In the event of a data breach, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay where required by law.
8. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: For the duration of your account plus 7 years for legal compliance
- Employee Payroll Data: As directed by customer data retention policies
- Support Data: 3 years from last contact
- Payment Data: 7 years for accounting and tax purposes
- Marketing Data: Until consent is withdrawn or 3 years of inactivity
- Log Data: 12 months for security and service improvement
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
9.1 Right of Access
You can request copies of your personal data and information about how we process it.
9.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data in certain circumstances.
9.4 Right to Restrict Processing
You can request that we limit how we use your personal data in specific situations.
9.5 Right to Data Portability
You can request your personal data in a structured, machine-readable format.
9.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing.
9.7 Rights Related to Automated Decision Making
You have rights regarding automated decision-making and profiling.
9.8 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
How to Exercise Your Rights: Contact us at info@payrollai.co or use our data subject request portal. We will respond within one month of receiving your request.
10. Cookies and Tracking Technologies
10.1 Types of Cookies We Use
- Essential Cookies: Necessary for the Service to function properly
- Performance Cookies: Help us understand how users interact with our Service
- Functional Cookies: Enable enhanced functionality and personalisation
- Targeting Cookies: Used for marketing and advertising (with consent)
10.2 Cookie Management
You can manage your cookie preferences through our cookie banner or browser settings. Note that disabling essential cookies may affect Service functionality.
11. Third-Party Services
Our Service integrates with various third-party services:
- Cloud Infrastructure: Amazon Web Services (AWS)
- Payment Processing: Stripe, PayPal
- Analytics: Google Analytics (anonymised)
- Customer Support: Intercom, Zendesk
- Email Services: SendGrid, Mailchimp
Each third party has their own privacy policies and data protection measures.
12. Children's Privacy
Our Service is designed for business use and is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email notification to account administrators
- Prominent notice in our Service
- Updating the "Last updated" date at the top of this policy
Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Information and Complaints
14.1 Data Protection Officer
PAYROLL AI LIMITED
Company No. 14925447, England & Wales
Data Protection Officer
Email: info@payrollai.co
14.2 Supervisory Authority
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk
14.3 EU Representative
For EU data subjects, our EU representative is:
[EU Representative Name and Address]
Email: info@payrollai.co
15. Additional Information for Business Customers
15.1 Data Processing Agreement
As our business customer, you act as the data controller for employee data processed through our Service. Our Data Processing Agreement (DPA) governs this relationship and is available upon request.
15.2 Your Responsibilities
As a data controller, you are responsible for:
- Having lawful bases for processing employee data
- Providing appropriate privacy notices to employees
- Implementing appropriate technical and organisational measures
- Handling data subject requests from your employees
- Notifying us of any relevant data protection requirements