Privacy Policy

Last updated: 23 March 2026

Data Controller: StaffWise (Viatec Limited), registered in Ireland.

1. What Data We Collect

• Account data (name, email address, company name)
• Leave and absence records
• Expense and mileage data
• Usage analytics (anonymised)

2. How We Use Your Data

• To provide and maintain the StaffWise service
• To send service-related emails (e.g., leave approvals, expense reminders)
• To comply with Revenue ERR requirements on your behalf
• To improve the service through anonymised analytics

3. Legal Basis for Processing (GDPR Article 6)

• Performance of a contract (providing the service)
• Legitimate interest (improving the service)
• Legal obligation (Revenue ERR compliance, tax record retention)

4. Data Storage and Security

• All data is hosted in EU data centres (Frankfurt, Germany)
• Data is encrypted at rest and in transit (TLS 1.2+)
• PostgreSQL database with daily backups
• No third-party data sharing or selling
• Access restricted to authorised personnel only

5. Your Rights Under GDPR

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with the Data Protection Commission (DPC)

To exercise any of these rights, contact: privacy@staffwise.ie

6. Data Retention

• Active accounts: data retained while the account is active
• Cancelled accounts: data deleted within 30 days of cancellation
• ERR/tax records: retained for 6 years as required by Revenue
• Backups: purged within 90 days of data deletion

7. Cookies

• We use essential cookies only (session management, authentication)
• No advertising, marketing, or third-party tracking cookies
• No cookie consent banner required (essential cookies only)

8. Third-Party Services

• Stripe (payment processing — PCI DSS compliant)
• Google Maps API (mileage calculation — no personal data shared)
• Resend (transactional emails)

9. Data Transfers

• All data remains within the EU/EEA
• No transfers to third countries

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email of any material changes.

11. Contact

For data protection queries: privacy@staffwise.ie

Data Protection Officer: StaffWise (Viatec Limited), Sligo, Ireland