RigoHR Privacy Notice

Last updated: 15 March, 2025

This RigoHR User Privacy Policy ( “Privacy Policy”) describes how RigoHR (collectively “RigoHR”, “we”, “us”, and/or “our”) collects and processes your personal information for our own purposes when you interact with RigoHR and our websites, services, content, and any related software, mobile applications, and other applications (collectively, “Services”).

1. What does this notice cover?

This notice describes how we process personal data. When we say “personal data” we mean information that relates to you, and from which you can be identified. Personal data includes your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on.

This notice applies to personal data we collect across all our websites and apps, in connection with any services we provide. It also applies to personal data we collect from third party data sources, and through surveys, events, customer support, competitions, promotional programmes and training.

2. What this notice doesn’t cover

This notice doesn’t apply to personal data that our subscribers (people who create and pay for subscriptions to our services) or their invited users (people other than subscribers who have been invited to use our services by a subscriber) enter into our services about their employees or other third parties. In those cases, our subscribers control that personal data and we process it only as a service provider (or “processor”) on their behalf. If you’re not a subscriber and have questions about this type of personal data, contact the subscriber that controls it.

If you provide us with any personal data about other people, you should make sure you are permitted to do so before sharing it with us.

3. Personal data we collect and how we get it

The personal data we collect depends on how you interact with us. We collect personal data:

• When you provide it to us directly. This includes when you visit our websites, use our services, or provide personal data directly through other interactions with us. For example, we ask for your billing information when you sign up for a subscription or trial, and collect your contact information and any other details you share when you ask for support, or take part in training and events. You don’t have to provide us with personal data, but if you don’t it might mean you can’t use parts of our services.
• Automatically. We collect some personal data about you automatically when you visit our websites or use our apps and services. For example, we collect data about the pages you look at and the links you click on.
• From third parties. Although we collect the majority of personal data about you directly or automatically, sometimes we might collect it from other sources. For example, from trusted third parties and service providers that help us deliver our services (such as providers of email, marketing, analytics, financial, credit and payment services) and from social media platforms.

Personal data categories and sources

We’ve summarised the categories of personal data we collect and their sources, below.

• Identity and contact data such as your name, email address, telephone number or address. We source this directly from you, automatically or from third parties.
• Account data such as your login and profile information and subscription details. We source this directly from you.
• Payment data such as bank account details, payment method, billing address and other details of services that you have received from us. We source this directly from you, automatically or from third parties.
• Communications data such as feedback on our services and other communications with us or with our service providers, competition and survey entries, chat, email or call history, and call recordings if you consent to them. We source this directly from you, automatically, or from third parties.
• Marketing and advertising data such as interests based on your use of our services, survey responses, promotions you enter, communication preferences, preferences for particular services, and subscription details. We source this directly from you, automatically or from third parties.
• Device data including your IP address, the browser you use to visit our websites, device type and location, operating system, device identifiers and advertising identifiers. We source this automatically.
• Service usage data such as information about your use of and interaction with our services, including third party services you have integrated. This includes page views and searches, login information, clicks, content interaction, length of visits, and other functional information on service performance. It also includes service utilisation, such as features you subscribe and use, as well as (if you are a subscriber) how you manage organisations and invited users or employees within your subscription. We source this automatically.
• Uploaded content such as any personal data in photographs, videos or audio recordings that you upload on our websites, apps, services or social media (where you allow us). We source this directly from you or from third parties.

4. How we use your personal data

We use your personal data to operate our services, and to manage our relationship with you. We’ll otherwise only use your personal data for:

• The purposes in this notice or that we explain to you when we collect your personal data.
• Other purposes that are related to the ones in the first dot-point where permitted by law.

Purposes for using personal data

We’ve set out more information about the specific purposes for which we use your personal data below.

• To deliver our services. For example, to sign you up to our services, manage your trial or subscription, facilitate purchases of services, and provide, maintain and deliver our services (including using AI/ML) in accordance with our terms of use. This includes monitoring, troubleshooting, data analysis, testing, system maintenance, reporting and hosting of data.
• To communicate with you about our services. For example, we may send you service updates, invoices, technical notices, security alerts, support messages and responses to your enquiries. We may contact you through a variety of channels, for example, by email, telephone, SMS and in-product communications.

The categories of personal data we use for this purpose are: identity and contact data, account data, payment data, communications data, device data, service usage data, and uploaded content.

• For quality assurance, training and record-keeping. For example, we may review communications with you for customer support, quality assurance and training purposes, and related record-keeping.
• For security management. For example, to address threats and fraud, and protect you, our business and people, we may use malware and other monitoring tools to detect suspicious activity and block unauthorised access.
• For compliance management. For example, to ensure compliance with our terms of use and related internal reporting.
• To improve our services. For example, we analyse collected data to improve our websites, apps and services, to develop new products and services, and inform other business decisions by understanding customer behaviour (including using AI/ML).
• For marketing communications or surveys. For example, to contact you about services, promotions, competitions and events we think may be of interest, including those of our affiliates and partners. We may contact you through a variety of channels, for example, by email, telephone, SMS and in-product communications.
• To personalise content. For example, we may provide local or otherwise targeted content and information for customers, and to tailor the content served on our websites and apps, and via our services.
• For personalised advertising. For example, we may personalise, target, and deliver advertising on our websites and apps, and via third party websites and other online services. We may also identify audiences and individuals like you to better tailor our marketing campaigns and communications, and measure the effectiveness of our campaigns and adjust our methods.
• For legal and regulatory compliance. For example, to comply with any legal and regulatory obligations which apply to us, including responding to requests under data protection or other applicable laws.
• To manage legal claims. For example, to preserve our legal rights, and defend and bring claims to protect our interests.

5. Cookies and similar tracking technology

We use cookies and similar technologies to enable our systems to recognize your browser or device, to provide our Services, and to improve your experience.

6. How we share your personal data

There will be times when we need to share your personal data with third parties. We’ll only share your personal data with:

• Other companies in the Rigo group of companies who enable us to provide you with our services or who otherwise use personal data for the purposes in this notice.
• Third party service providers and partners who also enable us to provide you with our services or who otherwise use personal data for the purposes in this notice. For example, we may share your personal data with service providers that assist us with billing, customer support, hosting and storage, data analytics, security, marketing and email services. We won’t share your personal data with these third parties for their own marketing purposes without your explicit consent.
• Third party services that you integrate with on our websites and apps, or through our services. Note that your personal data will be managed by the provider of those services according to their own terms and privacy policy.
• Regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, to exercise, establish or defend our legal rights, or to protect your interests or those of any other person. Where possible and appropriate, we’ll notify you of this type of sharing.
• Actual or potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business.
• Other people where we have your consent or where permitted by law.

If you’ve been invited to use our services by a subscriber, we may share data relating to your use of our services with that subscriber.

7. How We Disclose Your Personal Information

Maintaining your trust over your personal information is a vital part of our relationship with you, and we disclose your personal information only as described below.

• With others in your organization. If you are the administrator for your organization, we may disclose your information to other users in your organization in accordance with your account settings and preferences. If you are a user, we may disclose certain information, including information about your account settings and your use of the Services, to your organization and its administrator(s).
• Transactions involving third parties. We make available to you services, software, and content provided by third parties for use on or through our Services. For example, your organization’s administrator may request integration with third-party applications via RigoHR’s integration services. We disclose information related to those transactions to that third party.
• Service providers. We may engage third party service providers and individuals to perform certain functions on our behalf. This includes cloud computing and storage services, IT services, payments processing, identity verification, event services, customer support, call recording, data analytics, and marketing services. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes.
• Business advisors. We may disclose your personal information with professional advisors acting as service providers, processors, or controllers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
• Financial partners. We disclose your personal information to financial partners such as banks, and payment processors for a variety of reasons, including supporting their customer identification, risk, and compliance obligations, so they, or us, can determine eligibility for, and provide, Services. This information also enables these partners to deliver banking, payment and transfer capabilities through our Services. 
• Third-party advertising services. We provide information (such as your internet or other similar network activity, identifiers such as your name and email address, location information, and inferences about your interests) to third parties, including advertising networks that allows them to serve you with more useful and relevant RigoHR ads and to measure their effectiveness.
• Protection of us and others. We may disclose your personal information if we believe disclosure is appropriate to comply with applicable laws, enforce or apply our terms or agreements (including to collect amounts owed to us), protect the rights, property, or safety of Rigo, or our employees, customers, users, and others or to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities. We may also disclose your personal information in connection with investigating and preventing fraud or security issues relating to our Services.
• Affiliates. We may disclose your personal information to our affiliates within the Rigo group as well as companies we may acquire in the future when they become part of the Rigo corporate group in accordance with this Privacy Policy.
• Business transfers. If RigoHR goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its businesses, services, or assets, your personal information may be among the assets transferred. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of personal information to an unaffiliated third party.
• With your consent. We may disclose personal information to third parties when we have your consent to do so.

8. Personal data retention

We’ll retain your personal data for as long as we’ve a relationship with you and for a period of time afterwards where we have an ongoing business or legal need to keep it. For example, to comply with legal, tax, or accounting requirements. After that, we’ll make sure it’s deleted or anonymised.

9. Security

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information, check out RigoHR’s Security Exhibit.

We design our systems with your security and privacy in mind.

• We maintain a wide variety of compliance programs that validate our security controls.
• We protect the security of your information during transmission to or from RigoHR by using encryption protocols and software.
• We maintain technical, physical, and organizational safeguards in connection with the collection, storage, and disclosure of personal information.

However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.

10. International transfers

When we share personal data, it may be transferred to and processed in countries other than the country you live in – such as India or Singapore – due to the location of our AWS server locations. These countries may have laws different to the ones that apply in your country. When we transfer personal data to another country, we put safeguards in place to protect your personal data.

11. Your rights

It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time. Just follow the unsubscribe instructions in the marketing communication or make your request using the details in the ‘How to contact us’ section.

You also have rights to:

• Know whether and what personal data we hold about you, and to correct it if it’s inaccurate or out-of-date.
• Request a copy of your personal data, or ask us to restrict processing your personal data or delete it.
• Object to our continued processing of your personal data.
• Not be subject to wholly automated decisions that have legal or significant effects upon you, and to challenge the decision and request a human review.

You can exercise these rights at any time by making a request using the details in the ‘How to contact us’ section.

12. Children’s Personal Information

We do not provide our Services to children. We do not knowingly collect personal information from children under the age of 16 without the consent of the child’s parent or guardian. If you are a parent or guardian and you learn that your children have provided us with personal information, please contact us at the address stated under the “How to Contact Us” section below.

13. Updates to this notice

We may update this notice from time to time. If we make a material change, we’ll make sure we let you know, usually by sending you an email or posting a notice on our websites and in our apps.

14. How to contact us

If you’re a current user of our services, you can get in touch via our Contact page or Support Page. For everyone else, you can contact us at [email protected].