Start Free Demo
Login
Careers
Support
Login
7485 129 630
Book your free demo

Data Protection & Policy

Purpose

This policy outlines our commitment to protecting personal data handled through our online platform. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and all related data protection legislation.

Scope

This policy applies to:

  • All users of our platform (employees, customers, contractors)
  • All personal and sensitive data processed through our services
  • All staff, third-party vendors, and processors who access our data systems

Definitions

  • Personal Data: Any information that can identify a living individual (e.g. name, email, address, IP)
  • Processing: Any action taken with personal data (collection, storage, use, transfer, deletion)
  • Data Subject: The person whose data is being processed
  • Controller: The entity that determines how and why personal data is processed
  • Controller: The entity that determines how and why personal data is processed
  • Processor: A third party that processes data on behalf of the controller

Our Commitment

This policy applies to:

  • Lawful, fair, and transparent processing
  • Collecting only necessary and relevant data
  • Keeping data accurate and up to date
  • Allowing individuals to exercise their data rights
  • Only retaining data as long as necessary
  • Responding promptly to breaches and data subject requests

Types of Data We Process

We process the following categories of data:

  • User identification info (names, email addresses, job titles)
  • Account credentials (hashed passwords, 2FA tokens)
  • Financial data (invoices, reports, receipts)
  • Employment & rota info (work schedules, HR documents)
  • Device & usage data (IP address, browser details, activity logs)
  • E-signed and uploaded documents (contracts, policies, templates)

Lawful Basis for Processing

Our legal bases for processing personal data include:

  • Contractual necessity – to provide and support our services
  • Legal obligation – for compliance with UK employment, tax, and data laws
  • Legitimate interest – to ensure platform security and improve performance
  • Consent – for optional marketing or third-party integrations

Data Subject Rights

We respect all UK GDPR rights, including:

  • Right to access – request a copy of your personal data
  • Right to rectification – correct inaccurate or incomplete data
  • Right to erasure – request deletion of your data (“right to be forgotten”)
  • Right to restrict processing – request limited use of your data
  • Right to data portability – receive your data in a machine-readable format
  • Right to object – object to certain types of data processing
  • Rights related to automated decision-making – be informed and request human review

Users can submit requests to:   📧 info@alphanomic.co.uk

We will respond within 1 month, as required by law.

Data Security Measures

We take technical and organisational steps to ensure data protection:

  • Encrypted connections (HTTPS/TLS)
  • Secure server hosting in the UK or EEA
  • Role-based access control (RBAC)
  • Two-Factor Authentication (2FA)
  • Regular vulnerability assessments and penetration testing
  • Daily backups and disaster recovery plans

Data Retention

We only retain personal data for as long as necessary. Retention periods are defined by:

  • Legal requirements (e.g. HMRC, audit regulations)
  • Platform features (e.g. contract history, finance reporting)
  • Data minimisation principles

Upon request or account closure, data is securely deleted or anonymised within a defined time frame (typically 30–90 days).

Third-Party Processors

We only work with third-party service providers who meet high data protection standards. These include:

  • Cloud hosting platforms
  • Email delivery services
  • Payment processors
  • e-Signature providers

Each is bound by a Data Processing Agreement (DPA) and must comply with UK GDPR.

International Transfers

Where data is transferred outside the UK, we ensure protection through:

  • Adequacy regulations (countries approved by the UK government)
  • Standard Contractual Clauses (SCCs) for other territories
  • Technical safeguards like encryption and access controls

Data Breach Procedure

In the event of a data breach:

  • We will assess risk and notify the ICO (Information Commissioner’s Office) within 72 hours, if required
  • Affected users will be notified if the breach poses a high risk to their rights
  • All incidents will be documented and reviewed

Staff Training & Responsibilities

All employees and contractors:

  • Receive regular data protection training
  • Sign confidentiality agreements
  • Are expected to report data concerns immediately to our Data Protection Officer (DPO) or Privacy Lead

Cookies

We use cookies for:

  • Secure logins and session management
  • Usage analytics
  • Remembering user settings

Users can manage cookie preferences via browser or platform settings.

Review & Updates

This policy is reviewed annually or after major legal/operational changes.

Contact Details

For questions or concerns, contact:

📧 info@alphanomic.co.uk

📍Suite-1 Francis House, Queens Road, Norwich, England, NR1 3PN

If unsatisfied, you may contact the UK ICO:

🌐 www.ico.org.uk | 📞 0303 123 1113

Start a
free demo with us!

Discover how our powerful TeamTrain Hub can simplify your HR operations, boost productivity, and improve employee satisfaction. Get a personalized walkthrough from our experts. Whether you’re a small business or a growing enterprise, our system adapts to your team’s unique needs

Key Features You'll Explore

  • Centralized Employee Records
  • Seamless Onboarding & Document Management
  • Leave, Attendance & Shift Management
  • Role-Based Access Controls
  • Powerful Reports


    United Kingdom of Great Britain and Northern Ireland Flag +44