top of page

Privacy Policy

Emerald Payroll Limited
Company No: 
Registered Office: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE

Last updated: 9 June 2025

1. Introduction

Emerald Payroll Limited (“Emerald Payroll,” “we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (www.emeraldpayroll.co.uk) and interact with our services. We comply with the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

By accessing or using our Site, or by providing personal data to us, you consent to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site or provide personal data to us.

2. Data Controller

Emerald Payroll Limited is the data controller responsible for your personal data.
Contact Details:

3. Personal Data We Collect
 

We collect different types of personal data depending on how you interact with us:

3.1 Information You Provide Voluntarily

  • Contact Details: Name, email address, phone number, job title, company name, and address, when you fill out contact forms, request demos, or subscribe to newsletters.

  • Account Information: Username, password, and billing details when you register for an Account.

  • Contractor Data: For clients in the recruitment or umbrella-payroll sector, contractor identifiers—such as National Insurance number, date of birth, home address—to facilitate payroll and compliance services.

  • Communication Content: Any messages, attachments, or other information you send to us via email, web form, or telephone.
     

3.2 Automatically Collected Data

  • Usage and Analytics: IP address, device type, browser type, operating system, pages visited, time spent on pages, referring/exit pages, and clickstream data via Google Analytics and other log‐file analytics.

  • Cookies & Tracking Technologies: Unique device identifiers, session identifiers, and user preferences collected through cookies and similar technologies (see our Cookie Policy for details).
     

3.3 Third-Party Data

  • LinkedIn/Other Social Profiles: If you choose to connect via social‐login (e.g., “Sign in with LinkedIn”), we may receive your basic LinkedIn profile information (name, email, profile picture).

  • Payment Processors: When you pay via third-party gateways (e.g., Stripe), we receive transaction confirmations, payment status, and billing name, but we do not store your full card details.

4. How We Use Your Personal Data

We process your personal data for the following purposes, under the legal bases indicated:

Purpose

Service Provision & Account Management

Verification & Compliance

Customer Support & Communication

Marketing & Newsletters

Analytics & Site Improvement

Security & Fraud Prevention

Legal Obligations & Record-Keeping

Job Applicants (Careers Page)

Aggregated/De-identified Data

Personal Data Used

Contact details, account credentials, billing details

National Insurance number, date of birth, address

Name, email, telephone, communication content

Email address, name, company

IP address, usage data, cookies

All collected data (account, usage logs)

Transaction records, contractor data

CV, cover letter, application form data

Usage patterns, analytics summaries

Legal Basis

Performance of a contract

Legal obligation (tax, anti‐money‐laundering)

Legitimate interest; your consent

Consent

Legitimate interest

Legitimate interest

Legal obligation

Consent; legitimate interest

Legitimate interest

  1. Service Provision & Account Management
    We need to process your Account data (username, password, billing details) to grant you access to the platform, manage your subscription, and handle billing or invoicing. Without these data, we cannot provide the payroll or
    contractor‐compliance services you’ve requested.
     

  2. Verification & Compliance
    For tax‐compliance and regulatory purposes—such as generating accurate payroll, issuing payslips, or complying with HMRC reporting requirements—we process contractor identifiers (National Insurance number, date of birth, address). British payroll regulations require these data to avoid tax or National Insurance mischarges.
     

  3. Customer Support & Communication
    We may use your email address, telephone number, or any messages you send to us to respond to your queries, troubleshoot issues, provide updates about system maintenance, or notify you of changes to features. The legal basis is our legitimate interest in providing good customer service.
     

  4. Marketing & Newsletters
    If you opt‐in to receive our newsletters, product updates, or marketing materials, we will process your name and email address. We will send only information relevant to payroll, contractor compliance, and related subjects. You may withdraw consent at any time by unsubscribing via the link in our emails.
     

  5. Analytics & Site Improvement
    We use Google Analytics and similar tools to collect usage data (pages visited, time on site, interactions) to improve our Site’s performance, user experience, and content relevance. Our legitimate interest is optimizing our platform and identifying potential security issues.
     

  6. Security & Fraud Prevention
    We use collected data, including login attempts and IP addresses, to detect and prevent fraudulent or malicious activity. Monitoring log‐in patterns and usage anomalies helps protect your data and our systems from unauthorized access.
     

  7. Legal Obligations & Record-Keeping
    We retain your transaction records, payroll reports, and contractor documentation to comply with statutory retention periods—such as HMRC requirements (typically five to six years) and anti‐money‐laundering regulations.
     

  8. Job Applicants (Careers Page)
    If you apply for a position, we will process your CV, contact details, and interview notes. We rely on your consent to handle this data. If you accept an offer, your data transitions to employment records; if not, we retain your information for up to 12 months, after which we delete or anonymize it.
     

  9. Aggregated/De-identified Data
    We may aggregate or anonymize data (e.g., usage patterns across all users) to produce internal reports. Such de‐identified analyses are not personal data and used strictly for internal business insights.

     

5. Cookies and Tracking Technologies
 

We use cookies, web beacons, and other tracking technologies as detailed in our Cookie Policy. Cookies help us remember your preferences, analyse Site traffic, and provide personalized experiences. You can manage or disable cookies through your browser settings, but this may limit certain functionalities of the Site.
 

6. Legal Bases for Processing
 

Under the UK GDPR, we process personal data only when at least one of the following applies:

  • Consent: You have provided clear consent for a specific processing purpose (e.g., marketing emails, job application).

  • Contractual Necessity: Processing is necessary for performance of a contract to which you are a party (e.g., subscription services, payroll calculations).

  • Legal Obligation: Processing is necessary to comply with a legal obligation (e.g., tax reporting, record retention).

  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., security monitoring, website improvement), provided it does not override your rights and freedoms.
     

7. Data Sharing and Disclosure
 

We do not sell or rent your personal data to third parties. We may share your personal data under the following circumstances:

  1. Service Providers & Sub-processors

    • Cloud Hosting & Infrastructure: AWS, Microsoft Azure, or other hosting partners store encrypted backups or databases.

    • Analytics & Monitoring: Google Analytics and related analytics tools collect anonymous usage data.

    • Payment Processors: Stripe (or similar providers) process subscription fees. We receive transaction confirmations but not full credit‐card numbers.

    • IT Support & Security Vendors: Managed security‐operations teams, antivirus/anti-malware providers, and penetration‐testing firms to maintain system security.

    • HR & Payroll Partners: For payroll‐only services, we may disclose minimal contractor data to HMRC or statutory bodies as required by law.

  2. Affiliates & Subsidiaries

    • In a future corporate restructure, we may share data with a wholly‐owned subsidiary or affiliate, provided your data subject rights are protected under the same legal framework.

  3. Legal Requirements & Law Enforcement

    • We may disclose personal data if required to comply with a court order, legal process, or regulatory request (e.g., HMRC audit, request from law enforcement agencies).

  4. Business Transfers

    • In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity, provided they agree to handle your data according to this policy. We will notify you before any material change.

  5. Professional Advisors

    • We may share your data with legal, accounting, or tax advisors for compliance, litigation, or audit purposes. These advisors are bound by confidentiality agreements.
       

8. International Data Transfers
 

Our Site is hosted in the United Kingdom. If we transfer personal data outside the United Kingdom (e.g., to a data processor in the EU, US, or other jurisdictions), we ensure appropriate safeguards, such as:

  • The recipient country is deemed to provide adequate protection by the UK government; or

  • We use Standard Contractual Clauses approved by the Information Commissioner’s Office; or

  • The recipient is certified under an approved data‐transfer framework (e.g., UK‐US Data Bridge).

We will inform you of any international data transfers and the safeguards in place to protect your rights.
 

9. Data Retention
 

We retain personal data only as long as necessary for the following reasons:

  1. Active Account or Contractual Relationship: We keep data for the duration of your subscription or service engagement, plus a six‐year retention period to satisfy statutory obligations and to defend against potential claims.

  2. Marketing Data (Opt‐Ins): We retain your email and preferences until you withdraw consent (unsubscribe) or after three years of inactivity.

  3. Job Applicant Data: We retain for up to 12 months if no employment offer is made; if hired, records move into your personnel file and are kept according to employment‐law requirements (e.g., six years after termination).

  4. Support and Communication Logs: Customer‐support tickets, emails, and chat logs are retained for three years to track issue resolution and improve service.

  5. Analytics and Logs: Aggregated usage data is retained for 24 months for trend analysis. System logs (for security purposes) are archived for 12 months before anonymization or deletion.

After the retention period, we securely delete or anonymize personal data so it can no longer identify an individual.

10. Your Rights Under the UK GDPR
 

As a data subject, you have the following rights:

  1. Right of Access: You may request a copy of the personal data we hold about you.

  2. Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.

  3. Right to Erasure (“Right to be Forgotten”): You can request deletion of personal data if there is no compelling reason for us to continue processing it.

  4. Right to Restrict Processing: You can request that we limit how we use your personal data (e.g., while a dispute is investigated).

  5. Right to Object: You can object to processing based on legitimate interests or direct marketing (including profiling).

  6. Right to Data Portability: You can ask for a machine‐readable copy of the personal data you’ve provided, to transfer to another controller.

  7. Right to Withdraw Consent: If processing is based on consent, you can withdraw your consent at any time.

  8. Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time:

To exercise any of these rights, please contact our Data Protection Officer (DPO) at:

  • Email: info@emeraldpayroll.co.uk

  • Mailing Address: Data Protection Officer, Emerald Payroll Limited, 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE

We will respond to your request within one month of receipt. If your request is complex, we may extend by two further months (informing you of the extension).

11. Security of Your Personal Data
 

We employ technical and organisational measures to safeguard your personal data, including but not limited to:

  • Encryption: Transmitting data over HTTPS (TLS/SSL) and encrypting sensitive data at rest.

  • Access Controls: Role‐based access, strong password policies, multi‐factor authentication for administrative accounts.

  • Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and regular vulnerability scanning.

  • Physical Security: Secure data centers with controlled access, CCTV, and on‐site security personnel.

  • Data Minimization: We collect only data necessary for the specified purposes.

  • Employee Training: Regular GDPR compliance and security‐awareness training for all staff.


​However, no system is entirely immune to unauthorized access. In the unlikely event of a data breach, we will notify the ICO within 72 hours (if required) and affected data subjects without undue delay, as mandated by law.

12. Children’s Privacy
 

Our Site is not directed to children under 16 years old, and we do not knowingly collect personal data from anyone under that age. If we become aware that we have collected personal data from a child under 16, we will promptly delete that information. If you believe we may have any such data, please contact us at info@emeraldpayroll.co.uk

13. Changes to This Privacy Policy
 

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new features on our Site. We will publish the revised policy on our Site and update the “Last updated”. Substantial changes that materially affect your rights will be communicated by email (if you have an account) or via a prominent notice on our Site. Your continued use of the Site after such changes indicates acceptance of the updated policy.

14. Third-Party Links
 

Our Site may contain links to third-party websites, plugins, or applications, such as social‐media platforms or partner resources. This Privacy Policy does not cover the data practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

15. Contact Us
 

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Emerald Payroll Limited
2nd Floor College House,

17 King Edwards Road,

Ruislip,

London,

United Kingdom,

HA4 7AE

Email: info@emeraldpayroll.co.uk
Telephone: 0208 017 1139

bottom of page