Privacy Policy - Payra Assist

PAYRA ASSIST

Guard Plus

Privacy Policy

Last updated: May 2026

 

Payra Assist is committed to protecting your privacy and handling all personal data responsibly, transparently, and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what your rights are.

 

By using our website or services, you agree to the collection and use of information as described in this policy.

 

1. Who We Are

Payra Assist Guard Plus is operated by Maxine, trading as Payra Assist, in the United Kingdom. For the purposes of UK GDPR, Payra Assist is the Data Controller in respect of data collected through our website and from our clients directly.

 

Business name: Payra Assist

Email: hello@payraassist.com

Telephone / WhatsApp: +44 7518 575369

Website: www.payraassist.com

 

2. What Personal Data We Collect

2.1 Data you provide directly

When you use our website, make a reservation, or become a client, we may collect the following personal data from you:

 

Full name

Business name

Email address

Telephone number

Payment reference information — we do not store card details

Employee information you provide to us as part of the Guard Plus service — including employee first names, last names, contract types, start dates, weekly hours, and annual leave entitlement

 

2.2 Data collected automatically

When you visit our website, we may collect certain technical information automatically, including:

 

Your IP address

Browser type and version

Pages visited and time spent on the site

The website that referred you to ours

 

This data is collected to help us understand how our website is used and to improve the user experience. It does not identify you personally.

 

2.3 Employee data processed on your behalf

As part of the Guard Plus service, we process personal data relating to your employees on your behalf. In this context, you are the Data Controller and Payra Assist is the Data Processor. This relationship is governed by a separate Data Processing Agreement (DPA) which must be signed before the service commences. Employee data we process includes:

 

Employee first and last name

Contract type and start date

Weekly working hours

Annual leave entitlement and records

Holiday pay information

Unique Payra ID assigned by Payra Assist

 

We do not collect or store National Insurance numbers, bank details, dates of birth, health information, or any other sensitive personal data as part of the standard Guard Plus service.

 

3. Why We Collect Your Data — Lawful Basis

We only collect and process personal data where we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are:

 

Contract: We process your name, email, telephone number, and business details in order to fulfil our contract with you — providing the Guard Plus service, issuing invoices, and communicating with you about your subscription.

 

Legal obligation: We process employee records on your behalf to help you meet your legal obligations under the Employment Rights Act 2025, which requires employers to retain annual leave and holiday pay records for a minimum of six years.

 

Legitimate interests: We may process technical website data to improve our services, prevent fraud, and ensure the security of our systems. We balance this against your privacy rights and only collect what is necessary.

 

Consent: Where we send you marketing communications or optional updates about the service, we will only do so with your explicit consent. You may withdraw consent at any time by emailing hello@payraassist.com.

 

4. How We Use Your Data

We use the personal data we collect for the following purposes:

 

To set up and manage your Guard Plus account and portal

To process your reservation deposit and monthly subscription payments

To communicate with you about your account, records, and service updates

To send your monthly records summary and proactive update alerts

To send 7-day deletion warnings before records reach their retention limit

To respond to your enquiries and support requests

To comply with our legal obligations under UK GDPR and other applicable laws

To improve our website and services based on usage patterns

 

We will never sell your personal data to third parties. We will never use your data for automated decision-making or profiling. We will never use your employees' data for any purpose other than providing the Guard Plus service.

 

5. How We Store and Protect Your Data

5.1 Encrypted storage

All employee records managed as part of the Guard Plus service are stored in an encrypted cloud storage environment. Records are organised using unique Payra IDs rather than employee names in the file routing system, which reduces the risk of misfiling and accidental data exposure.

 

5.2 Encrypted communications

All communications involving personal data between Payra Assist and our clients are conducted via ProtonMail, which provides end-to-end encryption. Clients are required to set up a ProtonMail account as part of the onboarding process. We do not exchange employee personal data via standard unencrypted email.

 

5.3 Access controls

Each client receives a unique view-only portal link that provides access only to their own records. No client can access another client's data. Portal links do not allow editing or deletion of records — the archive is always read-only for clients.

 

5.4 Security measures

Payra Assist takes the security of personal data seriously and implements appropriate technical and organisational measures to protect against unauthorised access, accidental loss, destruction, or damage. These measures include encrypted storage, encrypted communications, access controls, and unique identifier systems.

 

However, no system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with our UK GDPR obligations.

 

6. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, in line with UK GDPR requirements.

 

Employee records: Retained for the 6-year minimum period required by the Employment Rights Act 2025. You will receive a 7-day advance alert before any record is due for deletion.

 

Client account data: Retained for the duration of your subscription and for 6 years afterwards for accounting and legal compliance purposes.

 

Website technical data: Retained for a maximum of 12 months and then deleted or anonymised.

 

After cancellation: Following cancellation of your subscription, your records are retained for 30 days during which you may request a copy. After 30 days all records are securely deleted unless legal obligations require us to retain them for longer.

 

7. Sharing Your Data

Payra Assist does not sell, rent, or trade your personal data with any third party. We may share data only in the following limited circumstances:

 

With cloud storage providers used to operate the Guard Plus service — solely for the purpose of secure encrypted storage

With payment processors when processing your deposit or subscription payments — we do not store your payment card details

With professional advisers such as solicitors or accountants where legally required

With law enforcement or regulatory authorities where required by law

 

Any third parties with whom we share data are required to handle it securely and in accordance with UK GDPR. We do not transfer personal data outside of the United Kingdom or European Economic Area without appropriate safeguards in place.

 

8. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

 

Right of access: You have the right to request a copy of the personal data we hold about you. We will respond within one calendar month.

 

Right to rectification: You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.

 

Right to erasure: You have the right to ask us to delete your personal data in certain circumstances — for example if we no longer need it for the purpose it was collected, or if you withdraw your consent.

 

Right to restrict processing: You have the right to ask us to restrict the processing of your data in certain circumstances — for example if you contest the accuracy of the data.

 

Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.

 

Right to object: You have the right to object to our processing of your personal data where we rely on legitimate interests as our lawful basis.

 

Right to withdraw consent: Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

 

To exercise any of these rights, please contact us at hello@payraassist.com. We will respond within one calendar month. We may need to verify your identity before processing your request.

 

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

 

9. Cookies

Our website may use cookies — small text files stored on your device — to improve your browsing experience. We use the following types of cookies:

 

Essential cookies: Required for the website to function correctly. These cannot be disabled.

 

Analytics cookies: Used to understand how visitors use our website so we can improve it. These are only set with your consent.

 

You can control cookies through your browser settings. Disabling cookies may affect some features of the website. For more information about cookies, visit allaboutcookies.org.

 

10. Third Party Links

Our website may contain links to third party websites, including payment pages and external services. Payra Assist is not responsible for the privacy practices of third party websites. We encourage you to read the privacy policy of any website you visit.

 

11. Children's Privacy

The Payra Assist Guard Plus service is intended for use by business owners and is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at hello@payraassist.com and we will delete it promptly.

 

12. Changes to This Privacy Policy

Payra Assist reserves the right to update this Privacy Policy at any time. We will notify existing clients of any material changes by email at least 14 days before the changes take effect. The most current version of this policy will always be available at payraassist.com. The date at the top of this policy shows when it was last updated.

 

13. How to Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

 

Email: hello@payraassist.com

Telephone / WhatsApp: +44 7518 575369

Website: www.payraassist.com

 

You also have the right to contact the Information Commissioner's Office (ICO) if you have concerns about how your data is handled:

 

ICO website: www.ico.org.uk

ICO helpline: 0303 123 1113

 

 

Payra Assist Guard Plus  |  payraassist.com  |  hello@payraassist.com

© 2026 Payra Assist. All rights reserved. UK GDPR Compliant.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.