MakePaySlip is committed to complying with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data of individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland.
1. Data Controller
MakePaySlip acts as the data controller for the personal data you provide when creating an account and using the Service. For business data (employee details, payslip content), MakePaySlip acts as a data processor on your behalf.
Contact: support@makepayslip.com
2. Legal Basis for Processing
We process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Payment processing | Performance of a contract (Art. 6(1)(b)) |
| Transactional emails (verification, notifications) | Performance of a contract (Art. 6(1)(b)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (billing records) | Legal obligation (Art. 6(1)(c)) |
3. Your Rights Under GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights:
- Right of access (Art. 15) — Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — Correct inaccurate or incomplete personal data.
- Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten").
- Right to restrict processing (Art. 18) — Limit how we use your data in certain circumstances.
- Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — Object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email support@makepayslip.com. We will respond within 30 days.
4. Data Transfers
Some of our service providers are based outside the EEA (United States). We ensure adequate protection for your data through:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Ensuring providers maintain appropriate security certifications (SOC 2, ISO 27001).
Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States |
| Amazon Web Services | Hosting and PDF storage | United States / EU |
| Vercel | Website hosting | United States |
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in our Privacy Policy. When you delete your account, personal data is removed within 30 days. Billing records may be retained for up to 7 years to comply with tax and accounting regulations.
6. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
7. Data Protection Officer
For GDPR-related inquiries, contact our data protection team at support@makepayslip.com.
8. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.