YOUR PRIVACY MATTERS: This Privacy Policy explains how we collect, use, store, and protect your personal information. We are committed to protecting your privacy and complying with UK data protection laws.
1. INTRODUCTION
1.1 About This Policy
This Privacy Policy describes how Workalong ("we", "us", "our") collects, uses, and protects your personal information when you use our staff scheduling and management platform.
1.2 Our Commitment
We are committed to:
Protecting your privacy and personal data
Being transparent about what data we collect and why
Complying with UK GDPR and Data Protection Act 2018
Giving you control over your personal information
Keeping your data secure
1.3 Data Controller
For the purposes of UK data protection law, Workalong is the data controller of your personal information.
Send marketing communications (with your consent - you can opt out)
To Improve and Develop Our Service:
Analyse usage patterns and trends
Identify and fix bugs and technical issues
Develop new features and improvements
Conduct research and testing
Optimise performance and user experience
To Ensure Security and Prevent Fraud:
Monitor for suspicious activity
Prevent unauthorised access
Detect and prevent fraud
Enforce our Terms of Service
Protect against security threats
To Comply with Legal Obligations:
Comply with tax and accounting requirements
Respond to legal requests and court orders
Enforce our legal rights
Comply with regulatory requirements
4. HOW WE SHARE YOUR INFORMATION
4.1 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4.2 When We Share Information
Service Providers:
We share data with trusted third-party service providers who help us operate the Service:
Stripe: Payment processing (PCI-DSS compliant)
Cloud Hosting Providers: Data storage and infrastructure
Email Service Providers: Transactional and marketing emails
Analytics Providers: Usage analytics (anonymized where possible)
Customer Support Tools: To provide support services
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
Legal Requirements:
We may disclose your information if required by law or in response to:
Court orders or legal processes
Government or regulatory requests
Law enforcement requests
Protection of our legal rights
Prevention of fraud or illegal activity
Emergency situations involving safety
Business Transfers:
If Workalong is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the new owner. We will notify you of any such change.
With Your Consent:
We may share your information with other parties when you give us explicit consent to do so.
5. DATA RETENTION
5.1 How Long We Keep Your Data
Active Accounts:
Free Plan: Data retained while account is active (may be deleted after 7 days of inactivity)
Paid Plans: Data retained indefinitely while subscription is active
After Account Closure:
Account data: Retained for 30 days, then permanently deleted
Backup copies: May persist for up to 90 days in backups
Financial records: Retained for 7 years (legal requirement)
Legal and Security Data:
Security logs: Retained for up to 2 years
Fraud detection data: Retained as long as necessary
Legal dispute data: Retained until resolution + 6 years
5.2 Data Deletion
You can request deletion of your data at any time by contacting us. We will delete your data within 30 days unless we have a legal obligation to retain it.
6. DATA SECURITY
6.1 How We Protect Your Data
We implement industry-standard security measures including:
Technical Measures:
Encryption: HTTPS/TLS encryption for data in transit
Database Encryption: Encryption of sensitive data at rest
Password Security: Bcrypt hashing with salt for passwords
Firewall Protection: Network security and intrusion detection
Regular Security Updates: Timely patching of vulnerabilities
Access Controls: Role-based access and authentication
Security Monitoring: Continuous monitoring for threats
Organizational Measures:
Access to personal data is limited to those who need it to operate the Service
Confidentiality obligations apply to anyone who accesses data on our behalf
Incident response procedures are in place to respond to security events
6.2 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
Notify you within 72 hours of discovery
Inform the ICO (Information Commissioner's Office) as required
Provide details of the breach and steps we're taking
Advise you on protective measures you can take
6.3 Your Responsibility
You are responsible for:
Keeping your password confidential and secure
Using a strong, unique password
Logging out of shared devices
Notifying us immediately of any unauthorised access
Keeping your contact information up to date
7. YOUR RIGHTS UNDER UK GDPR
7.1 Your Data Protection Rights
Under UK GDPR, you have the following rights:
1. Right of Access:
You can request a copy of all personal data we hold about you.
2. Right to Rectification:
You can request correction of inaccurate or incomplete data.
3. Right to Erasure ("Right to be Forgotten"):
You can request deletion of your personal data in certain circumstances.
4. Right to Restrict Processing:
You can request that we limit how we use your data.
5. Right to Data Portability:
You can request your data in a structured, machine-readable format to transfer to another service.
6. Right to Object:
You can object to processing based on legitimate interests or for direct marketing.
7. Right to Withdraw Consent:
Where we process data based on consent, you can withdraw consent at any time.
8. Right to Lodge a Complaint:
You can complain to the ICO (Information Commissioner's Office) if you believe we've mishandled your data.
7.2 How to Exercise Your Rights
To exercise any of these rights:
Email us at: Hamchenhbf3@gmail.com
Or write to: 17 Roberts Road, HP13 6XA, Buckinghamshire
We will respond to your request within one month. If your request is complex, we may extend this by two months and will notify you.
7.3 ICO Contact Information
If you're unhappy with how we've handled your data, you can contact the ICO:
Website: www.ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
8. COOKIES AND TRACKING
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide and improve the Service.
8.2 Types of Cookies We Use
Essential Cookies (Required):
Session management and authentication
Security and fraud prevention
Load balancing and performance
User preferences (e.g., theme selection)
These cookies are necessary for the Service to function and cannot be disabled.
Analytics Cookies (Optional):
Usage statistics and traffic analysis
Feature usage tracking
Performance monitoring
Error tracking and debugging
These help us improve the Service. You can opt out in your browser settings.
8.3 Managing Cookies
You can control cookies through:
Your browser settings (disable, delete, or block cookies)
Our cookie preferences (if we provide a cookie banner)
Third-party opt-out tools
Note: Disabling essential cookies will prevent the Service from functioning properly.
8.4 Third-Party Cookies
We may use third-party services that set their own cookies:
Stripe (payment processing)
Analytics providers (if enabled)
Social media login providers (Google, GitHub)
These services have their own privacy policies.
9. INTERNATIONAL DATA TRANSFERS
9.1 Where We Store Data
Your data is primarily stored in data centres located in:
United Kingdom
European Economic Area (EEA)
Other locations with adequate data protection (as approved by UK GDPR)
9.2 Transfers Outside the UK
If we transfer data outside the UK, we ensure adequate protection through:
Adequacy Decisions: Transfers to countries deemed to have adequate protection
Standard Contractual Clauses (SCCs): EU/UK-approved contract terms
Binding Corporate Rules: For transfers within our corporate group
Your Explicit Consent: Where appropriate
9.3 Third-Party Processors
Some of our service providers (e.g., cloud hosting) may be located outside the UK. We ensure they provide adequate data protection through appropriate safeguards.
10. CHILDREN'S PRIVACY
10.1 Age Restriction
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
10.2 If We Learn of Child Data
If we become aware that we've collected data from a child under 18 without parental consent, we will:
Delete the information as quickly as possible
Terminate the associated account
Not use the data for any purpose
10.3 Parental Notice
If you believe your child has provided us with personal information, please contact us immediately at Hamchenhbf3@gmail.com.
11. MARKETING COMMUNICATIONS
11.1 Types of Marketing
With your consent, we may send you:
Product updates and new features
Tips and best practices
Special offers and promotions
Educational content and resources
Company news and announcements
11.2 Opting Out
You can opt out of marketing communications at any time by:
Clicking "unsubscribe" in any marketing email
Updating your email preferences in your account settings
Contacting us at Hamchenhbf3@gmail.com
11.3 Service Communications
You cannot opt out of essential service communications such as:
Account verification emails
Billing and payment notifications
Security alerts
Legal notices
Service changes affecting your account
12. YOUR RESPONSIBILITIES
12.1 As a Data Controller
If you use Workalong to manage staff data, you are a data controller and are responsible for:
Obtaining necessary consents from your staff members
Having a lawful basis for processing their data
Providing privacy notices to your staff
Respecting their data protection rights
Ensuring data accuracy
Complying with UK GDPR and data protection laws
Securing data access credentials
12.2 Staff Member Data
When you upload staff member information to our Service, you must ensure:
You have informed them about how their data will be used
You have obtained necessary consents
The data is accurate and up to date
You only collect data that is necessary
You respect their rights under UK GDPR
12.3 Data Processing Agreement
When you use our Service to process staff data, we act as your data processor. The Terms of Service include data processing terms that comply with UK GDPR Article 28.
13. CHANGES TO THIS PRIVACY POLICY
13.1 Updates
We may update this Privacy Policy from time to time to reflect:
Changes in our practices
Changes in applicable laws
New features or services
Feedback from users or regulators
13.2 Notification of Changes
When we make significant changes, we will:
Update the "Last Updated" date at the top
Notify you via email
Display a prominent notice in the Service
Request your consent if required by law
13.3 Continued Use
Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy.
14. CONTACT US
14.1 Privacy Questions
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: Hamchenhbf3@gmail.com
Address: 17 Roberts Road, HP13 6XA, Buckinghamshire
Phone: +44 7450082834
Response Time: We aim to respond to all privacy inquiries within 5 business days.
14.2 Data Protection Officer
For data protection matters, you can contact our Data Protection Officer at:
DPO Email: Hamchenhbf3@gmail.com
Key Takeaways
We collect only data necessary to provide and improve the Service
We never sell your personal information
You have full control over your data and can request access, correction, or deletion
We use industry-standard security measures to protect your data
We comply with UK GDPR and Data Protection Act 2018
You can contact us anytime with privacy questions or concerns
