Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Register for an account: Name, email address, company name, job title, phone number, and password
• Complete assessments: Responses to AI readiness assessments, organisational information, industry sector, and business requirements
• Use our services: Documents uploaded, queries submitted, configuration preferences, and usage patterns
• Contact us: Name, email address, phone number, company information, and the content of your communications
• Subscribe to communications: Email address, name, and communication preferences
• Participate in surveys or feedback: Survey responses, feedback, and opinions

1.2 Information Collected Automatically

When you access and use our Services, we automatically collect certain information, including:

• Device information: IP address, browser type and version, operating system, device type, and unique device identifiers
• Usage data: Pages visited, features used, time spent on pages, navigation paths, click patterns, and interaction with Services
• Location data: General geographic location based on IP address
• Cookies and similar technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 8 for details)
• Log data: Access times, error logs, and system activity

1.3 Information from Third Parties

We may receive information about you from third parties, such as:

• Authentication services: If you sign in using third-party authentication (e.g., Google, Microsoft), we receive basic profile information
• Business partners: Information from partners who refer you to our Services or with whom we offer co-branded services
• Public sources: Publicly available information such as company websites, business directories, and professional networking sites
• Analytics providers: Aggregated usage statistics and demographic information

1.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation. If you provide such information, you do so at your own risk.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Legal Basis (GDPR)
Provide and maintain Services: Creating accounts, processing transactions, delivering features	Contract performance
Improve and personalize Services: Analyzing usage patterns, developing new features, customizing user experience	Legitimate interests
Communicate with you: Responding to inquiries, sending updates, providing customer support	Contract performance, Legitimate interests
Marketing and promotions: Sending newsletters, promotional materials, and product updates	Consent, Legitimate interests
Security and fraud prevention: Detecting and preventing security incidents, protecting against malicious activity	Legitimate interests, Legal obligation
Analytics and research: Understanding usage trends, conducting market research, improving AI algorithms	Legitimate interests
Comply with legal obligations: Meeting regulatory requirements, responding to legal requests	Legal obligation
Business operations: Managing accounts, processing payments, maintaining records	Contract performance, Legitimate interests

3. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers: For data storage and computing infrastructure
• Email service providers: For sending transactional and marketing emails
• Payment processors: For processing payments and managing subscriptions
• Analytics providers: For usage analytics and performance monitoring
• Customer support platforms: For managing support tickets and communications
• AI and machine learning providers: For processing and analyzing data

All service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the purposes we specify.

3.2 Business Partners

With your consent, we may share information with business partners to provide co-branded services, fulfill requests, or deliver solutions that match your needs. You can opt out of such sharing at any time.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

• Comply with legal obligations, court orders, or governmental requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of LolaHR.ai, our users, or others
• Investigate and prevent fraud, security issues, or illegal activities

3.4 Business Transfers

If LolaHR.ai is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. This may include statistical data, trends analysis, or benchmarking information.

3.6 With Your Consent

We may share your information for any other purpose with your explicit consent.

4. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption protocols
• Access controls: Strict access controls limit employee access to personal information on a need-to-know basis
• Authentication: Multi-factor authentication and secure password requirements
• Network security: Firewalls, intrusion detection systems, and regular security monitoring
• Regular security assessments: Vulnerability scans, penetration testing, and security audits
• Incident response: Documented procedures for detecting and responding to security incidents
• Employee training: Regular security awareness training for all personnel
• Third-party security: Due diligence assessments of service providers' security practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

• Account information: Retained for the duration of your account, plus 7 years after account closure for legal and accounting purposes
• Assessment data: Retained for 3 years after completion or account closure
• Usage data and analytics: Retained for up to 2 years
• Communications: Retained for 7 years for legal compliance and dispute resolution
• Marketing data: Retained until you opt out or for 3 years from last interaction
• Legal documents: Retained as required by applicable law (typically 7 years)

5.2 Deletion

When we no longer need your information, we will securely delete or anonymize it. You may request deletion of your information at any time (subject to legal obligations), and we will comply within 30 days.

6. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights

• Right to access: Request copies of your personal information
• Right to rectification: Request correction of inaccurate or incomplete information
• Right to erasure: Request deletion of your personal information in certain circumstances
• Right to restrict processing: Request limitation of how we use your information
• Right to data portability: Request transfer of your information to another service provider
• Right to object: Object to certain types of processing, including direct marketing
• Right to withdraw consent: Withdraw consent for processing based on consent

6.2 UK GDPR Rights

As LolaHR.ai is a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the following rights:

• The right to lodge a complaint with the Information Commissioner's Office (ICO)
• The right not to be subject to automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you
• Enhanced rights regarding data breaches and notification
• The right to be informed about how your data is being used
• The right to have inaccurate personal data rectified or completed if incomplete

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

7. International Data Transfers

LolaHR.ai is based in the United Kingdom. Your information is primarily processed and stored within the UK. However, some of our service providers may process data outside the UK.

When we transfer personal information outside the UK to countries that do not provide an adequate level of protection, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
• Transfers to countries with UK adequacy regulations
• International Data Transfer Agreements (IDTA)
• Binding Corporate Rules for intra-group transfers
• Other legally approved mechanisms under UK data protection law

We regularly review our international data transfer practices to ensure ongoing compliance with UK data protection requirements.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information. When you visit our website, we use cookies and similar tracking technologies in accordance with UK data protection law and the Privacy and Electronic Communications Regulations (PECR).

8.2 Cookie Consent

We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie consent banner that appears when you first visit our website. You can change your preferences at any time by accessing the cookie settings in the footer of our website.

8.3 Types of Cookies We Use

• Strictly necessary cookies: Required for the Services to function properly (e.g., authentication, security). These do not require consent under PECR.
• Functional cookies: Enable enhanced functionality and personalisation (e.g., language preferences, user settings). Require consent.
• Analytics cookies: Help us understand how visitors interact with our Services (e.g., Google Analytics). Require consent.
• Marketing cookies: Track your activity across websites to show relevant advertisements. Require consent.

8.4 Managing Cookies

Most web browsers allow you to control cookies through settings preferences. However, limiting cookies may impact your experience of our Services. You can:

• Configure your browser to reject all cookies
• Accept only certain cookies
• Delete cookies after visiting our Services
• Use our cookie consent management tool available on every page
• Withdraw your consent for non-essential cookies at any time

8.5 Third-Party Cookies

With your consent, we may use third-party services that use cookies, including:

• Google Analytics for usage analytics (anonymised IP addresses)
• Marketing platforms for advertising campaigns
• Social media platforms for social sharing features

For more detailed information about the cookies we use, please see our Cookie Policy.

9. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will delete such information from our systems.

10. Third-Party Links

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email (if you have provided an email address)
• Display a prominent notice on our Services
• Where required by law, obtain your consent to the changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

12.1 Data Controller

LolaHR.ai is the data controller responsible for your personal information. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12.2 Data Protection Officer

If you have questions about how we handle your personal information or wish to exercise your data protection rights, you can contact our Data Protection Officer at [email protected].

12.3 Supervisory Authority

If you are located in the UK or EEA, you have the right to lodge a complaint with a supervisory authority if you believe we have not complied with applicable data protection laws. In the UK, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: https://ico.org.uk

13. Additional Information for UK Residents

13.1 Legal Basis for Processing

As a UK-based company, we process your personal data under the UK GDPR and Data Protection Act 2018. We process your personal information under the following legal bases:

• Contract performance: Processing necessary to provide our Services and fulfil our contractual obligations to you
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, non-essential cookies)
• Legitimate interests: Pursuing our legitimate business interests (provided your rights do not override these interests), such as improving our Services, preventing fraud, and network security
• Legal obligation: Complying with legal requirements under UK law, including employment law, tax law, and regulatory obligations

13.2 Automated Decision-Making

We may use automated decision-making, including profiling, to:

• Provide AI-powered recommendations and insights
• Personalise your experience with our Services
• Detect and prevent fraud or security threats
• Match candidates with job requirements (in CareerVertex)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can object to automated decision-making and request human intervention. Contact us at [email protected] to exercise this right.

13.3 UK Data Protection Contact

For all UK data protection enquiries, you can contact:

Data Protection Officer
LOLA HR LTD
6th Floor
37 Lombard Street
London EC3V 9BQ
United Kingdom
Email: [email protected]

14. Additional Information for California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request information about the categories and specific pieces of personal information we collect
• Right to delete: Request deletion of your personal information (subject to certain exceptions)
• Right to opt-out: Opt out of the sale of your personal information (Note: We do not sell personal information)
• Right to non-discrimination: Not be discriminated against for exercising your CCPA rights

To exercise these rights, contact us at [email protected].