Oflex LimitedStaff login

Privacy Policy

Last updated: 12/05/2026

1. Who we are

Oflex Limited ("Oflex", "we", "us") is a company registered in England and Wales. We act as the data controller for personal data processed through this staff portal. You can contact us at privacy@oflex.online.

2. Scope

This policy explains how we handle personal data for staff and visitors located in the United Kingdom, the European Economic Area, and the United States. We comply with the UK GDPR and Data Protection Act 2018, the EU GDPR (Regulation 2016/679), and applicable US state privacy laws including the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Virginia CDPA, the Colorado CPA and equivalent state laws.

3. Personal data we collect

  • Account data: name, work email, encrypted password, account status.
  • Employment data needed for HR functions (holidays, sickness, payroll references).
  • Content you submit: news posts, comments, profile information.
  • Technical data: IP address, browser type, device identifiers, log data.
  • Cookie and similar technology data — see our Cookie Policy.

4. Why we use it and our legal basis

  • To operate the staff portal and authenticate users — performance of contract and legitimate interests.
  • To meet HR, payroll and statutory obligations — legal obligation.
  • To keep the service secure and prevent fraud — legitimate interests.
  • To use optional analytics — your consent (which you can withdraw at any time).

5. Sharing

We share data with vetted processors who help us run the service (hosting, authentication, email delivery), with professional advisers, and with regulators or law enforcement where legally required. We do not sell personal information and we do not "share" it for cross-context behavioural advertising as defined under the CCPA/CPRA.

6. International transfers

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses, together with supplementary measures where required.

7. Retention

We keep personal data only as long as necessary for the purposes set out above and to comply with legal, tax, accounting and HR record-keeping requirements (typically up to 6 years after the end of employment).

8. Your rights

Subject to the law that applies to you, you may have rights to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent. Residents of California, Virginia, Colorado, Connecticut, Utah and other US states with comprehensive privacy laws also have rights to know, correct, delete and opt out of sale/sharing and targeted advertising, and the right to non-discrimination for exercising those rights. To exercise any right, contact privacy@oflex.online. You can also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk), your EU supervisory authority, or your state Attorney General.

9. Security

We use encryption in transit, role-based access control, and audited cloud infrastructure. No system is perfectly secure; please report any concerns to the email above.

10. Changes

We may update this policy from time to time. Material changes will be communicated via the staff portal.