Privacy Policy

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our services.

Contents

  1. What information we collect
  2. How we use your information
  3. Sharing and disclosure
  4. Cookies and similar technologies
  5. Data storage and security
  6. International data transfers
  7. Your rights under UK GDPR
  8. Special category (sensitive) data
  9. Children’s data
  10. Changes to this policy
  11. Contact information

1. What Information We Collect

We collect the following categories of personal data:

a) Information You Provide to Us

This includes:

  • Contact details (name, email address, phone number)
  • User credentials and profiles
  • Content submitted through our platform (including text, files, uploads)
  • Data entered during onboarding or training (which may include sensitive data like ethnicity or salary)

b) Information We Collect Automatically

We may collect:

  • Usage data (pages visited, features used, timestamps)
  • Device and browser information
  • IP address and location data (approximate)
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use personal data to:

  • Provide, operate, and improve our services
  • Respond to user inquiries or support requests
  • Personalise user experiences
  • Send administrative or system notifications
  • Enforce our terms of service
  • Meet legal and regulatory obligations
  • Conduct research and analytics
  • With consent, send marketing communications (which you can opt out of at any time)

Legal bases for processing include: consent, performance of a contract, legal obligation, and our legitimate interests.

3. Sharing and Disclosure

We do not sell your data. We may share it with:

  • Service providers (e.g., email platforms, cloud storage, analytics tools)
  • Legal or regulatory authorities, when required
  • Third parties during business transfers (e.g. merger, acquisition)

We work with trusted subprocessors like:

  • Mailerlite (marketing emails)
  • Microsoft Azure (cloud hosting)
  • Zapier (workflow automation)
  • Intercom (customer service suite)

A full list of subprocessors is available upon request.

4. Cookies and Similar Technologies

We use cookies and tracking tools to:

  • Authenticate users
  • Monitor performance and errors
  • Improve the platform

You can manage cookie preferences in your browser settings.

5. Data Storage and Security

We store your data on secure servers located in the UK and EEA.

Security measures include:

  • Encryption (in transit and at rest)
  • Access controls and logging
  • Regular audits and vulnerability scanning

We retain data only as long as necessary for the purposes described in this policy.

6. International Data Transfers

When we transfer your data outside the UK or EEA (e.g., to US-based processors), we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs)
  • Transfers to countries with adequate protection standards

7. Your Rights Under UK GDPR

You have the following rights:

  • Access – Request a copy of your data
  • Rectification – Correct inaccurate or incomplete data
  • Erasure – Ask us to delete your data (subject to exceptions)
  • Objection – Object to data processing based on legitimate interests
  • Restriction – Ask us to restrict processing
  • Portability – Request your data in a structured format
  • Withdraw consent – At any time, for processing based on consent
  • Lodge a complaint – With the UK Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us at help@onehrsoftware.com.

8. Special Category (Sensitive) Data

Our platform may collect and process special category data (such as ethnicity, gender identity, or salary) for purposes related to equity analysis or employer compliance.

We rely on one or more of the following legal bases:

  • Explicit consent (where you have provided it)
  • Contractual necessity (for service delivery)
  • Legal obligation (where required by law)

We apply heightened safeguards when processing such data.

9. Children’s Data

Our services are not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If significant changes are made, we will notify you through the platform or via email.

11. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at help@onehrsoftware.com.

Resources & Further Information

Overview of the GDPR – General Data Protection Regulation

Data Protection Act 1998

Privacy and Electronic Communications Regulations 2003

The Guide to the PECR 2003

X Privacy Policy

Facebook/Meta Privacy Policy

Google Privacy Policy

Linkedin Privacy Policy

YouTube Privacy Policy

Mailerlite Privacy Policy

Intercom Privacy Policy

Zoom Privacy Policy

Microsoft Privacy Policy

Hotjar Privacy Policy

Apple App Store Policy

Last updated: 5 July 2025

Want to receive the latest news and updates from oneHR?

Sign up to our mailing list