Privacy Policy

Effective date: 9 June 2025  ·  Last updated: 9 June 2025

Kore Business Limited ("Kore", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at korebusiness.co.uk and our software platform at app.korebusiness.co.uk (collectively, the "Services").

We act as a Data Controller for the personal data you provide when creating an account or enquiring about our services. We act as a Data Processor for personal data your business provides about your employees and customers when using our platform.

1. What data we collect

Account and contact data: Name, email address, company name, phone number, and billing information when you register or contact us.

Usage data: Pages visited, features used, session duration, IP address, browser type, and device information, collected via server logs and analytics tools (with your consent).

Payroll and HR data: Employee names, National Insurance numbers, salaries, bank details, and other payroll data you input. This data is processed strictly on your behalf as Data Processor.

Cookie data: See our Cookie Policy for details.

2. How we use your data

• To provide and operate the Services
• To process payroll and HR information on your behalf
• To send service-related communications (account setup, invoices, security alerts)
• To send marketing communications where you have consented or have a legitimate interest
• To improve our products through analytics (with consent)
• To comply with legal obligations including HMRC reporting requirements

3. Legal basis for processing (UK GDPR)

• Contract: Processing necessary to deliver the Services you have subscribed to.
• Legitimate interests: Fraud prevention, security monitoring, product improvement.
• Legal obligation: Compliance with HMRC, Companies House, and other UK regulatory requirements.
• Consent: Marketing emails and analytics cookies (withdrawable at any time).

4. Data storage and security

All data is stored in UK-based data centres. We use AES-256 encryption at rest and TLS 1.3 in transit. Access is role-based and logged. We maintain an ISO-27001-aligned security programme and conduct annual penetration tests.

We do not transfer personal data outside the UK or EEA.

5. Data retention

Account data is retained for the duration of your subscription plus 7 years (to satisfy HMRC record-keeping requirements). You may request earlier deletion of non-statutory data. On account closure, data is securely deleted within 30 days, except where retention is legally required.

6. Sharing your data

We share data only with: (a) HMRC for statutory payroll submissions; (b) payment processors (Stripe) for billing; (c) infrastructure providers (cloud hosting, email delivery) under Data Processing Agreements; (d) professional advisers under confidentiality obligations. We never sell your data.

7. Your rights

Under UK GDPR you have the right to: access your data, rectify inaccurate data, erase data (where no legal retention applies), restrict processing, port your data, and object to processing for direct marketing. To exercise any right, contact privacy@korebusiness.co.uk.

You may also lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

See our Cookie Policy for a full list of cookies we use and how to manage them.

9. Changes to this policy

We may update this policy. We will notify you by email of material changes. The current version is always available at this URL.

10. Contact

Data Controller: Kore Business Limited, England & Wales.
Email: privacy@korebusiness.co.uk