Pay Transparency ReportDir. (EU) 2023/970

Privacy policy

This policy explains what personal data Pay Transparency Report collects, why, and your rights. We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR). Last updated 12 July 2026.

What we collect

  • Order details. The email address you give us, and the country, headcount and optional sector you enter, so we can build and send your report.
  • Payment data. Payments are processed by Stripe. We do not see or store your full card details; Stripe handles them as a separate controller under its own terms.
  • Basic technical data. Standard server and delivery logs needed to run the site and send email.

The free scope checker runs in your browser. We do not receive the answers you enter unless you go on to buy a report.

Why we use it (lawful basis)

  • To perform our contract with you: to generate, deliver and support your report.
  • To meet legal obligations: for example keeping records required for tax and accounting.
  • Our legitimate interests: to secure the service and prevent misuse.

Sharing

We use a small number of processors to run the service: Stripe for payment, an email delivery provider to send your report, and hosting and content-delivery providers. They act on our instructions and are bound to protect your data. We do not sell your data or use it for advertising.

How long we keep it

We keep order records for as long as needed to provide the service and to meet legal and accounting requirements, then delete or anonymise them. You can ask us to delete your data sooner where we are not required to keep it.

Your rights

Under the GDPR you can request access to your data, correction, deletion, restriction, portability, and you can object to processing based on legitimate interests. To exercise any of these, email us. You also have the right to complain to your national data protection authority.

Contact

For any privacy request, email the address in your order confirmation, marked for the attention of the data protection contact. We aim to respond within one month.