← Back to PayrollAI

UK GDPR Privacy Policy

Effective date: 9 June 2023 | Last revised: 8 June 2025

PAYROLL AI LIMITED (Private Company Limited by Shares, Company No. 14925447, England & Wales)

1. Introduction

PAYROLL AI LIMITED ("Payroll AI", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll verification system and related services (the "Service").

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller vs Data Processor: For customer business data and employee information processed through our Service, our customers act as data controllers and Payroll AI acts as a data processor. For our own business operations and direct relationships, Payroll AI acts as the data controller.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, company details
  • Payment Information: Billing address, payment method details (processed by third-party providers)
  • Employee Data: Names, employee IDs, salary information, employment details
  • Communication Data: Support requests, feedback, correspondence

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Technical Data: IP address, browser type, device information, operating system
  • Log Data: Server logs, error reports, performance metrics
  • Cookies and Similar Technologies: As described in our Cookie Policy

2.3 Information from Third Parties

  • Payroll System Integrations: Data imported from your existing payroll systems
  • Identity Verification Services: Information to verify user identities
  • Business Partners: Information from authorized business partners or vendors

3. Legal Bases for Processing

We process personal data based on the following legal grounds under UK GDPR:

Purpose Legal Basis
Providing the Service Performance of contract
Account management Performance of contract
Payment processing Performance of contract
Customer support Performance of contract / Legitimate interests
Security and fraud prevention Legitimate interests
Marketing communications Consent / Legitimate interests
Legal compliance Legal obligation
Service improvement Legitimate interests

4. How We Use Your Information

4.1 Service Provision

  • Providing payroll verification and confirmation services
  • Processing payroll complaints and HR workflows
  • Managing user accounts and authentication
  • Facilitating communication between employees, HR, and managers

4.2 Business Operations

  • Processing payments and managing subscriptions
  • Providing customer support and technical assistance
  • Monitoring service performance and availability
  • Conducting analytics to improve our Service

4.3 Legal and Security

  • Ensuring security and preventing fraud
  • Complying with legal obligations and regulatory requirements
  • Investigating and resolving disputes
  • Protecting rights and interests of PayrollAI and users

5. Information Sharing and Disclosure

5.1 We May Share Information With:

  • Service Providers: Cloud hosting, payment processing, customer support tools
  • Business Partners: Authorized integrations and third-party services
  • Professional Advisors: Lawyers, accountants, auditors, and consultants
  • Regulatory Bodies: When required by law or legal process

5.2 We Do Not:

  • Sell personal data to third parties
  • Share data for marketing purposes without consent
  • Use employee payroll data for our own commercial purposes
  • Disclose data except as described in this policy

6. International Data Transfers

We primarily store and process data within the UK and EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

Our primary cloud infrastructure is hosted in the UK with AWS London regions.

7. Data Security

7.1 Technical Safeguards

  • Encryption of data in transit and at rest using AES-256
  • Multi-factor authentication for administrative access
  • Regular security assessments and penetration testing
  • Automated security monitoring and incident response

7.2 Organisational Measures

  • Staff training on data protection and security
  • Access controls based on role and need-to-know basis
  • Data processing agreements with all third-party providers
  • Regular security audits and compliance reviews

7.3 Incident Response

In the event of a data breach, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay where required by law.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: For the duration of your account plus 7 years for legal compliance
  • Employee Payroll Data: As directed by customer data retention policies
  • Support Data: 3 years from last contact
  • Payment Data: 7 years for accounting and tax purposes
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Log Data: 12 months for security and service improvement

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

You can request copies of your personal data and information about how we process it.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

9.5 Right to Data Portability

You can request your personal data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

9.7 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling.

9.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights: Contact us at info@payrollai.co or use our data subject request portal. We will respond within one month of receiving your request.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Service to function properly
  • Performance Cookies: Help us understand how users interact with our Service
  • Functional Cookies: Enable enhanced functionality and personalisation
  • Targeting Cookies: Used for marketing and advertising (with consent)

10.2 Cookie Management

You can manage your cookie preferences through our cookie banner or browser settings. Note that disabling essential cookies may affect Service functionality.

11. Third-Party Services

Our Service integrates with various third-party services:

  • Cloud Infrastructure: Amazon Web Services (AWS)
  • Payment Processing: Stripe, PayPal
  • Analytics: Google Analytics (anonymised)
  • Customer Support: Intercom, Zendesk
  • Email Services: SendGrid, Mailchimp

Each third party has their own privacy policies and data protection measures.

12. Children's Privacy

Our Service is designed for business use and is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Email notification to account administrators
  • Prominent notice in our Service
  • Updating the "Last updated" date at the top of this policy

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Information and Complaints

14.1 Data Protection Officer

PAYROLL AI LIMITED
Company No. 14925447, England & Wales
Data Protection Officer
Email: info@payrollai.co

14.2 Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

14.3 EU Representative

For EU data subjects, our EU representative is:

[EU Representative Name and Address]
Email: info@payrollai.co

15. Additional Information for Business Customers

15.1 Data Processing Agreement

As our business customer, you act as the data controller for employee data processed through our Service. Our Data Processing Agreement (DPA) governs this relationship and is available upon request.

15.2 Your Responsibilities

As a data controller, you are responsible for:

  • Having lawful bases for processing employee data
  • Providing appropriate privacy notices to employees
  • Implementing appropriate technical and organisational measures
  • Handling data subject requests from your employees
  • Notifying us of any relevant data protection requirements