Privacy Policy

1. Who we are

StoreSync is operated by OJR Software LTD, trading as StoreSync. For privacy questions, contact privacy@storesync.uk.

2. Who this policy applies to

This policy applies to website visitors, organisation customers, account owners, admins, managers, staff users, employees, workers, contractors, emergency contacts and people who contact us.

3. Controller and processor roles

For data we use for our own purposes, such as website enquiries, account administration, billing, security, service messages and support, OJR Software LTD is the controller.

For staff/workforce data that an organisation customer enters into StoreSync, the organisation customer is usually the controller and StoreSync is usually the processor. This may include rota records, clock records, timesheets, time off, payslips, staff records, employment details, emergency contacts, sites, groups, roles and permissions.

Staff users should normally contact their employer or organisation first about corrections, deletion, access to workplace records, payslip accuracy, shift details, pay, tax, holiday entitlement or employment matters.

4. Personal data we may process

Website and contact data

Name, email address, business name, message content, enquiry details, device information and website usage information.

Account and login data

Name, email address, username, password authentication data, login activity, security activity, account settings, role and organisation membership.

Organisation data

Organisation name, business settings, sites, groups, departments, roles, permissions, subscription details, billing references and support records.

Staff/workforce data

Depending on how an organisation uses StoreSync, this may include employment records, primary and assigned sites, department assignments, contracted hours, hourly rate data, start and end dates, emergency contacts, schedules, shift records, clock-in and clock-out records, break records, timesheets, time-off requests, payslip files and payslip metadata.

5. How we use personal data

We use personal data to provide StoreSync, operate the website and app, manage accounts, process subscriptions, support customers and staff users, secure the service, prevent misuse, send service messages, respond to enquiries, maintain records, improve StoreSync, comply with law and establish or defend legal claims.

6. Lawful bases where we are controller

Where we are controller, we may rely on contract, legitimate interests, legal obligation and consent, depending on the purpose. For example, contract may apply to account and subscription administration, legitimate interests may apply to security and service improvement, legal obligation may apply to accounting records, and consent may apply to optional non-essential cookies or optional marketing.

7. Staff users and former staff users

If your employer or organisation gives you access to StoreSync, your access is controlled by that organisation and its administrators. Your organisation decides what staff/workforce data is entered, how it is used, who can access it and how long it is needed, subject to law.

Where your employment or organisation access ends, StoreSync may provide limited self-service access for up to 6 months after the recorded employment end date. This is intended to let you access your own payslips and timesheets, along with basic account/help pages. After that period, your self-service access may end.

This 6-month access window does not mean all data is deleted after 6 months. Organisations may need to keep records for payroll, employment, tax, accounting, dispute, audit, legal or legitimate business reasons.

8. Sharing personal data

We may share personal data with service providers who help us operate StoreSync, including hosting, infrastructure, payment processing, email, support, analytics, security, communications and professional advisers. We may also share information where required by law, regulators, courts, tax authorities, law enforcement, insurers or in connection with a business sale, restructuring or investment.

We do not sell personal data.

9. Payments

Subscription payments and payment methods are processed by Stripe or another payment provider we use. StoreSync does not store full card numbers.

10. International transfers

Some providers may process data outside the UK. Where required, we use appropriate safeguards such as adequacy regulations, standard contractual clauses or other lawful transfer mechanisms.

11. Retention

We keep personal data for as long as reasonably needed for the purposes described in this policy. Retention depends on the type of data, customer instructions, subscription status, legal and accounting duties, security needs, backup cycles, dispute resolution and fraud prevention.

When we act as processor, organisation customers are primarily responsible for deciding how long staff/workforce data should be retained in StoreSync, subject to technical, backup, legal and operational requirements.

12. Security

We use reasonable technical and organisational measures designed to protect personal data. Customers are responsible for managing their users, permissions, devices, passwords and leavers.

13. Your rights

Depending on the circumstances, you may have rights to access, correct, delete, restrict or object to processing, request data portability, withdraw consent where consent applies, and complain to the Information Commissioner’s Office.

Where the request relates to staff/workforce data controlled by your employer or organisation, we may refer the request to that organisation or ask you to contact them directly.

14. Marketing

We may send marketing to business contacts where allowed by law. You can opt out of marketing at any time. Service, security, billing and account messages are not marketing and may still be sent where needed.

15. Cookies

We use cookies and similar technologies as described in the Cookie Policy.

16. Contact and complaints

Privacy questions can be sent to privacy@storesync.uk. You can also complain to the UK Information Commissioner’s Office.