Privacy Notice

Effective Date: 5th day of January, 2025

1. Introduction

This Privacy Notice explains how EfficiaFlow Ltd (“EfficiaFlow”, “we”, “us”) collects and uses personal data when you visit efficiaflow.com (the “Site”) and when your organisation uses the ProjoLink service (the “Service”).
EfficiaFlow Ltd is a company registered in England and Wales.
You can contact us at: contact@efficiaflow.com.

We primarily provide business-to-business services.
Where we process personal data, we aim to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

(a) Website visitors
- Name and email (if you complete a contact/demo form)
- Technical data (IP address, browser type, pages visited, time spent) via Google Analytics
- Our hosting and data platform providers (Vercel and Supabase) also process HTTP request metadata (e.g., IP address, user agent, page path, referrer) in security/operational logs for delivery and protection of the Site and Service

(b) ProjoLink service users (client organisations & their employees)

- Work email, role and login credentials
- Timesheet and holiday data (hours worked, leave taken,
approvals)

We do not collect or process sensitive categories of data (such as health, race, union membership, etc.).

3. How we use personal data

Website visitors
- To respond to enquiries and demo requests
- To analyse and improve the Site (via Google Analytics)

ProjoLink service users
- To provide the Service (resource planning, forecasting, timesheets, holiday management)
- To generate payroll exports if enabled by the client
- To run isolated, per-client machine learning to improve resource forecasting
- To support account administration and security

We do not use your data for advertising or marketing emails.

4. Legal basis for processing

We process personal data under the following UK GDPR legal bases:

- Contract – where processing is necessary to deliver the ProjoLink service to your organisation
- Legitimate interests – to improve the Site and Service, balanced against your privacy rights
- Consent – for optional enquiries you submit via forms

5. Who we share data with

Website: Google Analytics (aggregated analytics data)

ProjoLink: Supabase (database, auth) and Vercel (hosting, on AWS infrastructure)

A current list of sub processors used by EfficiaFlow is available on our Security page.
We do not sell or share your personal data with third parties for marketing.

6. Data storage and transfers

- All ProjoLink service data is hosted in the United Kingdom (London servers).
- Primary storage is in the United Kingdom (London). If international transfers occur (for example, via our hosting and edge providers), we use appropriate safeguards such as the UK International Data Transfer Addendum (IDTA) and/or the EU Standard Contractual Clauses (SCCs), as applicable.
- Our hosting and data platform providers (Vercel and Supabase) also process HTTP request metadata in operational logs for delivery and protection of the Site and Service.
- Google Analytics may process limited site usage data; see Google’s Privacy Policy for details.

7. Data retention

- Website enquiries: kept for 12 months, then securely deleted.
- Client data (organisation-level): upon termination or expiry, your organisation has a 30-day export window. After this period, we delete Client Data from active systems and, within a reasonable period, from backups, subject to any legal retention obligations.
- Individual user accounts (during an active subscription): if your organisation asks us to remove a specific user, we “tombstone” that account—personal identifiers are removed or irreversibly anonymised and the account is mapped to an internal “tombstone user” so project/resource history remains available at organisation level but can no longer be linked to that person. This process applies during the service and is separate from organisation-wide deletion after contract termination.

8. Your rights

Under the UK GDPR you have the following rights:

- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object

To exercise these rights, contact us at: contact@efficiaflow.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.
For reference, our registration with the Information Commissioner’s Office is ZB95724.

9. Children

We do not target or knowingly collect personal data from children under 16.
If we learn we have done so, we will delete the data as soon as possible.

10. Data security

We take appropriate measures to protect personal data, including:

- Access controls
- Encryption in transit and at rest

Continuous monitoring of infrastructure
Details of our security measures and Sub-Processors are published on our Security page.

11. Changes to this Notice

We may update this Privacy Notice from time to time. If we make material changes, we will update the effective date at the top of this page and may notify account owners where appropriate.

Products

ProjoLink
DEM - coming soon

Resources

IT & SupportSecurity
Tutorials - coming soon
Main Office - 124 City Road, London, EC1V 2NX, United Kingdom
© 2025 EfficiaFlow - All rights reserved | Registered in England & Wales (No.16161357)
ProjoLInk Time Mobile App Logo. Workforce and Resourcing Strategy app for engineering

Time (new)