Privacy Policy

1. Introduction
This Privacy Policy describes how Attraxion ("we," "us," or "our") collects, uses, and protects your personal information when you use the Attraxion app ("the Service," "our app"). This policy applies to all users of our venue management and HR platform.We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

2. Information We Collect

2.1 Personal Information You Provide

**Account Information:**
- Name, email address, phone number
- Job title and department
- Username and password
- Profile photo (optional)
- Emergency contact information

**Employee Data (for staff members):**
- Employee ID number
- Work schedule and availability
- Time clock records (clock-in/clock-out times)
- Payroll information (hours worked, rates)
- Performance notes and evaluations
- Training records and certifications
- Leave requests and attendance records
- Personal details required for employment (address, date of birth, etc.)

**Venue and Business Information:**
- Business name and address
- Tax identification numbers
- Banking and payment information
- Venue capacity and layout details
- Operating hours and policies

**Booking and Customer Data:**
- Customer names and contact information
- Event details and preferences
- Payment information and transaction history
- Special requirements or notes

2.2 Information We Collect Automatically

**Usage Data:**
- Log files and access times
- IP addresses and device information
- Browser type and version
- Pages visited and time spent
- Features used within the app

**Location Data:**
- GPS coordinates for clock-in/clock-out verification (when enabled)
- General location for scheduling purposes
- Venue location data**Device Information:**
- Device type and operating system
- Unique device identifiers
- Mobile network information
- Push notification tokens

2.3 Information from Third Parties

**Payment Processors:**
- Transaction details and payment status
- Fraud prevention information

**Integration Partners:**
- Calendar data (when connected)
- Accounting software data (when integrated)
- Background check results (where applicable)

3. How We Use Your Information

3.1 Primary Business Purposes

**For Venue Management:**
- Creating and managing staff schedules
- Processing bookings and reservations
- Managing venue capacity and resources
- Generating reports and analytics

**For HR Functions:**
- Time tracking and attendance monitoring
- Payroll calculation and management
- Performance evaluation and feedback
- Training and certification tracking
- Leave management and approval

**For Communication:**
- Sending schedule updates and notifications
- Shift reminders and alerts
- Important announcements
- Customer service and support


3.2 Legal and Compliance Purposes- Compliance with labor laws and regulations
- Tax reporting and record keeping
- Health and safety requirements
- Dispute resolution and legal proceedings

3.3 Service Improvement- Analyzing usage patterns to improve features
- Troubleshooting technical issues
- Developing new functionality
- Enhancing security measures

4. Legal Basis for Processing (GDPR)We process personal data based on the following legal grounds:-

**Contract Performance:** To provide our services and fulfill our obligations
- **Legitimate Interests:** For business operations, security, and service improvement
- **Legal Obligation:** To comply with employment laws and regulations
- **Consent:** For optional features like location tracking or marketing communications

5. Data Sharing and Disclosure

5.1 We Share Information With:

**Service Providers:**
- Cloud hosting and storage providers
- Payment processing companies
- Customer support platforms
- Analytics and monitoring services

**Business Partners:**
- Integrated software providers (with your consent)
- Third-party verification services
- Background check companies (where applicable)

**Legal Requirements:**
- Law enforcement agencies (when legally required)
- Regulatory bodies for compliance purposes
- Courts and legal counsel in disputes

5.2 We Do Not:- Sell personal data to third parties
- Share employee data without proper authorization
- Use data for purposes beyond those stated in this policy

6. Data Security

6.1 Technical Safeguards- Industry-standard encryption (AES-256)
- Secure data transmission (TLS/SSL)
- Regular security audits and testing
- Multi-factor authentication options
- Access controls and user permissions

6.2 Organizational Measures- Employee training on data protection
- Strict access controls and need-to-know basis
- Regular security policy updates
- Incident response procedures
- Data breach notification protocols

6.3 Physical Security- Secure data centers with restricted access
- Environmental controls and monitoring
- Backup and disaster recovery systems

7. Data Retention

7.1 Active Accounts
We retain personal data for as long as your account remains active or as needed to provide services.

7.2 Inactive Accounts- Account data: 12 months after account closure
- Employee records: As required by local employment laws (typically 3-7 years)
- Financial records: As required by tax and accounting regulations
- Booking records: 3 years for business and tax purposes


7.3 Legal Requirements
Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements.

8. Your Rights and Choices

8.1 Access and Portability- Request a copy of your personal data
- Download your data in a portable format
- Review how your data is being processed

8.2 Correction and Updates- Update your profile information
- Correct inaccurate data
- Add missing information

8.3 Deletion Rights- Request deletion of your personal data
- Close your account permanently
- Remove specific data entries (subject to legal requirements)

8.4 Restriction and Objection- Limit how we process your data
- Object to processing based on legitimate interests
- Withdraw consent for optional features

8.5 Communication Preferences- Opt out of marketing communications
- Choose notification preferences
- Control promotional messages


9. Cookies and Tracking

9.1 Types of Cookies We Use

**Essential Cookies:**
- Authentication and session management
- Security and fraud prevention
- Basic functionality

**Analytics Cookies:**
- Usage statistics and performance monitoring
- Feature adoption tracking
- Error reporting

**Preference Cookies:**
- User settings and customizations
- Language and regional preferences

9.2 Managing Cookies
You can control cookies through your browser settings, though disabling essential cookies may affect app functionality.

10. International Data Transfers

10.1 Cross-Border Processing
We may transfer data internationally to provide our services. All transfers are protected by:
- Adequacy decisions
- Standard contractual clauses
- Binding corporate rules
- Other approved transfer mechanisms

10.2 Data Protection Standards
We ensure that international transfers maintain the same level of protection as required by applicable data protection laws.

11. Children's Privacy
Attraxion is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information immediately.


12. State-Specific Rights (US Residents)

12.1 California Residents (CCPA/CPRA)- Right to know what personal information is collected
- Right to delete personal information
- Right to correct inaccurate information
- Right to opt-out of sale or sharing
- Right to limit use of sensitive personal information
- Right to non-discrimination

12.2 Other State Laws
Residents of other states may have additional rights under applicable state privacy laws. Contact us to learn about your specific rights.

13. Business Transitions
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify users of any such change and provide choices regarding their data.

14. Updates to This Policy

14.1 Notification of Changes
We will notify you of material changes to this Privacy Policy through:
- Email notifications
- In-app announcements
- Website posting

14.2 Continued Use
Your continued use of Attraxion after policy updates constitutes acceptance of the revised terms.

15. Data Controller and Processor Roles

15.1 When We Are a Data Controller- For our own business operations
- For user account management
- For service provision and improvement

15.2 When We Are a Data Processor- For employee data entered by venue managers
- When processing data on behalf of venue owners
- For client-specific data processing activities

16. Contact Information

16.1 Privacy Questions
For questions about this Privacy Policy or our data practices:

Email: info@attraxion.co.uk  


16.2 Data Protection Officer
Email : info@attraxion.co.uk

16.3 EU Representative(If applicable for GDPR compliance)  
Email : info@attraxion.co.uk

17. Complaints and Supervisory Authorities
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:- Your local data protection authority
- The supervisory authority in your jurisdiction
- The Information Commissioner's Office (ICO) for UK residents
- Your state attorney general for US residents---

Effective Date: This Privacy Policy is effective as of 01/09/2025 and supersedes all prior versions.