Privacy Policy

This Privacy Notice explains how Complyr collects, uses, and protects your personal data.

By using our website, platform, app, or services, you accept and agree to the terms outlined below and trust us with your information.

This Privacy Notice applies to all platforms and services operated by Complyr, including our website, the Complyr app (web and mobile), and official linked social media accounts (e.g. LinkedIn, X (Twitter), Facebook).

About Complyr

Ozoomi Ltd T/A Complyr (“Complyr”, “we”, “us”, or “our”) is the data controller responsible for the personal data you share with us when interacting with our website, services, and communications.

Ozoomi Ltd is a company registered in England and Wales with company registration number 15343430. We are also registered with the Information Commissioner’s Office (ICO) as a data controller under registration number TBC.

Where we process personal data on behalf of our clients via the Complyr platform (Platform), we act as a data processor. In these cases, our clients are the data controllers and determine the purpose and means of processing. It is the sole responsibility of our clients to ensure their end customers are informed and that appropriate consents or lawful basis are in place.

This notice is governed by the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), and it is subject to the laws of England and Wales.

We respect your privacy and are committed to handling your data transparently and lawfully. We do not sell personal data to third parties.

Our Contact Details

Email:  dpo@complyr.co.uk

If you require this notice in an alternative format, please contact us.

Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on one or more of the following lawful basis to process your personal data:

• Contract: where processing is necessary for a contract with you, or because you have asked us to take steps before entering into one

• Legal obligation: where processing is necessary for us to comply with the law

• Legitimate interests: where it is necessary for our legitimate business interests and does not override your rights or freedoms

• Consent: where you have given clear, informed consent for a specific purpose

What Personal Data We Collect

We may collect the following types of personal data:

• Identity data: Name and title

• Contact data: Company name, business address, phone number, and email address

• Account credentials: Email addresses, usernames, and password hashes used to access the Complyr platform

• Recruitment data: CVs, cover letters, work history, and any professional details provided when applying for a role

• Billing contact data: Details about the person responsible for payment of services, including business contact information

Complyr does not intentionally collect special category data (e.g. health, ethnicity, political views), but our clients may upload sensitive data as part of their use of the platform. Whilst we apply strict safeguards to all client-uploaded data, it is the sole responsibility of the client (data controller) to keep information collected by them safe and secure.

We may also collect anonymised or aggregated data for statistical and product development purposes.

How We Collect Your Data

We collect data through various channels, including but not limited to:

• Forms completed on our website

• Contact via phone, email, or post

• Sign-ups for webinars, demos, or downloads on third-party platforms (e.g. LinkedIn or Facebook)

• Contact form or live chat submissions

• Requests for resources, support, or access to our services

• Newsletter or marketing sign-ups

• Job applications or recruitment agencies

• Public sources (e.g. LinkedIn, Companies House)

• Interactions with our social media accounts, including comments and direct messages

How We Use Your Data

We process your personal data for the following purposes:

• Website users: To show region-specific content and analyse website performance using tools such as Google Analytics and LinkedIn Insight Tag

• Mobile app users: For functionality that may include geolocation

• Customer support: To provide technical, portal, and helpdesk assistance

• Support portal or in-app messaging: To troubleshoot issues and deliver customer service

• Product development: To improve features using anonymised usage data

• Billing and subscription management: To issue invoices, manage subscriptions, contact billing leads, and receive payments by bank transfer. Any card payments are handled on our behalf by a third-party provider. Complyr does not store card details.

• Marketing and CRM analytics: To tailor marketing based on email engagement and CRM activity (e.g. link clicks, page visits)

• Recruitment and hiring: To assess applications, communicate with candidates, and retain applicant data for up to 24 months under our legitimate interests

• Events and co-branded webinars: To administer participation, provide resources, and follow up

• Testimonials and feedback: With your consent, we may use your name, company name, and professional role in published testimonials or case studies. These may appear on our website, app, social media channels, or marketing materials.

• Legal and regulatory compliance: To meet our obligations and assist regulators if required

We may monitor or record communications (such as phone calls and emails) for training, fraud prevention, quality assurance, and compliance purposes.

Cookies

We use cookies and similar technologies to improve your experience on our website and to understand how the website is being used.

For full details, please see our Cookie Policy. Where required by law, we will request your consent before placing non-essential cookies.

Who We Share Your Data With

We may share personal data with:

• Service providers supporting operations (including hosting, analytics, support tools, email platforms)

• Webinar and event partners (if you register through a co-branded campaign)

• Professional advisers, auditors, legal and regulatory bodies

• Marketing partners or collaborators (with appropriate legal basis)

• Law enforcement or fraud prevention bodies, when required

• Third parties in connection with a business sale or reorganisation

We require all third parties to fully comply with data protection laws and to process data only on our written instructions.

How We Protect Your Data

We use encryption, access controls, anonymisation, and secure storage systems to safeguard data, including sensitive or client-uploaded data. If you are provided with a password or generate one to access parts of our service, it is your responsibility to keep this password confidential.

Our system is designed to keep all data within the United Kingdom. However, there may be occasions when your data may be transferred to and stored in countries outside the United Kingdom or European Economic Area (EEA), including countries where our third-party providers are based. Where such transfers occur, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

While internet transmission is not completely secure, we apply strict procedures once data is received to protect against unauthorised access.

Data Retention

We retain personal data only as long as needed:

• General business data: up to 7 years

• Recruitment data: up to 24 months

• Dispute-related data: as per our retention schedules, unless directed by law, starting from the date the dispute is resolved

We regularly review our retention schedules and security protocols to ensure compliance with legal and regulatory obligations.

Preventing Financial Crime

To comply with anti-fraud and anti-money laundering laws, your data may be shared with fraud prevention agencies. If deemed a risk, we may refuse or withdraw services. Records may be retained for up to 7 years or as stipulated by law. This may affect your ability to access services or employment with Complyr or other regulated providers.

Your Marketing Preferences

We may use your data to:

• Share product or service updates

• Conduct satisfaction surveys

• Send event or resource invitations

You can opt out at any time by:

• Clicking “unsubscribe” in emails

• Emailing dpo@complyr.co.ukPara 3

• Writing to our business address

Your Rights

Under the UK GDPR, you have the right to:

1. Be informed about how your data is used

2. Access a copy of your personal data

3. Correct inaccurate or incomplete data

4. Request erasure of your data

5. Restrict processing under certain conditions

6. Transfer your data to another provider

7. Object to direct marketing or certain processing

8. Not be subject to automated decisions without safeguards

To exercise these rights, email dpo@complyr.co.uk with proof of identity. We will respond within one month unless legally extended.

We do not charge a fee unless the request is excessive or unfounded.

How to Complain

If you are dissatisfied, please contact our Data Protection Officer at dpo@complyr.co.uk.

You may also contact the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/make-a-complaint

Phone: 0303 123 1113