Skip to content
Connect by Vinpro

Legal

Privacy Policy

Connect by Vinpro / Vinpro Global Services

Effective Date: 1 June 2026 | Website: www.vinproconnect.com

This Privacy Policy explains how the Vinpro entities identified below collect, use, store, disclose, transfer, and protect personal information when individuals visit www.vinproconnect.com, communicate with us, use our services, use our portals or platforms, or otherwise interact with Connect by Vinpro.

Our services include Employer of Record (EOR), HRMS, payroll administration, workforce management, recruitment, staffing, compliance support, onboarding, attendance management, reimbursement processing, customer billing, and related business services.

This Privacy Policy is intended to cover privacy requirements in the United States, the United Kingdom, and India. UAE coverage is not included in this version.

1. Who We Are and Which Vinpro Entity Is Responsible

Depending on the context, one or more Vinpro entities may be responsible for your personal information. The relevant entity may also be identified in your customer agreement, employment agreement, invoice, portal notice, statement of work, or other service documentation.

Processing context

Responsible Vinpro entity

Privacy role

Customer billing, invoicing, customer account administration, contracts, payment records, and customer relationship management

Vinpro Global Services LLC

Controller / business for its own billing, accounting, contract, and customer administration purposes.

Website enquiries, marketing enquiries, business development, website administration, and general contact requests

Vinpro Global Services Pvt Ltd and its associate companies in India

Controller / Data Fiduciary for website and enquiry data.

India EOR workers, onboarding, employment administration, payroll, statutory filings, benefits, leave, attendance, reimbursements, offboarding, and employment recordkeeping

The relevant Indian employing entity, including Vinpro Global Services Pvt Ltd and/or its associate companies in India

Controller / Data Fiduciary for employment, payroll, statutory, benefits, workforce, security, and legal compliance purposes.

HRMS portal, workforce management platform, customer-configured workflows, and customer employee records processed under customer instructions

Vinpro Global Services Pvt Ltd and/or relevant Indian associate companies

Processor / service provider / Data Processor when processing on documented customer instructions; controller / Data Fiduciary for our own security, administration, legal compliance, and platform operations.

Recruitment and staffing

Relevant contracting or service delivery Vinpro entity

Role depends on the activity: controller / Data Fiduciary for our own recruitment and staffing operations; processor / service provider / Data Processor where we act on a customer's documented instructions.

In this Policy, "Vinpro", "Connect by Vinpro", "we", "our", and "us" refer to the Vinpro entity or entities responsible for the relevant processing activity.

Privacy contact: privacy@vinproconnect.com

2. Scope of This Policy

This Privacy Policy applies to personal information relating to:

Website visitors and portal users;

Prospective customers, business customers, and customer representatives;

India EOR workers and other workers whose employment, payroll, HRMS, onboarding, attendance, leave, benefits, reimbursements, or statutory records are administered through Vinpro;

Candidates, applicants, contractors, consultants, and staffing personnel;

Authorized users of our websites, portals, applications, and systems; and

Suppliers, vendors, advisers, and other business contacts.

This Policy does not replace privacy notices or policies issued by our customers where the customer is the controller, business, or Data Fiduciary. Where we process personal information only on behalf of a customer, the customer is usually responsible for providing its own privacy notice and for responding to privacy requests, except where applicable law requires otherwise.

3. EOR, HRMS, Payroll, and Staffing Privacy Roles

Vinpro may act in more than one privacy role. Our role is determined by the specific processing activity, the purpose of processing, the level of independence we have, and applicable law. We are not automatically a controller or processor for every activity.

3.1 When Vinpro Acts as a Controller, Business, or Data Fiduciary

We act as a controller, business, or Data Fiduciary when we decide why and how personal information is processed. This includes, for example:

Website enquiries, contact forms, demo requests, newsletters, marketing communications, and event registrations;

Customer billing, invoicing, accounting, contract management, tax administration, and customer relationship management;

Employment, payroll, statutory, benefits, tax, banking, onboarding, attendance, leave, reimbursement, disciplinary, grievance, offboarding, and legal compliance activities for India EOR workers employed or administered by a Vinpro Indian entity;

Identity verification, fraud prevention, sanctions checks where applicable, security monitoring, access control, and incident response;

Legal claims, regulatory enquiries, audits, insurance, corporate reporting, business continuity, internal administration, and recordkeeping;

Vendor management and procurement; and

Recruitment and staffing activities where we determine the candidate assessment, sourcing, communication, and recordkeeping purposes.

For India EOR services, Vinpro Global Services Pvt Ltd and/or the relevant Indian associate company will often act as an independent controller / Data Fiduciary because it may legally employ workers, administer payroll, maintain employment records, make statutory filings, operate workforce processes, comply with labour, tax, social security, and corporate obligations, and protect its own legal rights. In those cases, workers may submit privacy requests directly to Vinpro using the contact details in this Policy.

3.2 When Vinpro Acts as a Processor, Service Provider, Contractor, or Data Processor

We act as a processor, service provider, contractor, or Data Processor when we process personal information on documented instructions from a customer and do not determine the main purposes of the processing. This may include:

Hosting or operating HRMS records configured by a customer;

Processing attendance, leave, reimbursement, onboarding, payroll, workforce management, or candidate information only as instructed by the customer;

Providing customer support for customer-administered HRMS workflows;

Generating customer-requested reports, dashboards, and records; and

Deleting, returning, or exporting customer-controlled data according to contract instructions.

When we act as a processor or service provider, the customer is usually responsible for determining the purpose of processing, selecting the lawful basis or legal ground, providing required privacy notices, and responding to privacy rights requests. We will assist the customer as required by contract and applicable law.

3.3 Mixed-Role Processing

In some cases, the same item of personal information may be processed in different roles for different purposes. For example, we may process a worker record on behalf of a customer to provide an HRMS service, while also retaining limited information as a controller / Data Fiduciary for security, statutory compliance, audit, accounting, tax, dispute resolution, or legal claims. We maintain internal procedures intended to distinguish these purposes and roles.

4. Personal Information We Collect

The personal information we collect depends on your relationship with us and the services used.

4.1 Information Provided by You or by a Customer

Name, email address, telephone number, postal address, job title, employer name, username, and account credentials;

Business contact details, enquiry details, communications, support tickets, feedback, complaints, and correspondence;

Customer contract, billing, payment, invoice, tax, and account administration information;

Candidate and recruitment information, including CV/resume, work history, education, qualifications, skills, interview notes, references, background check information where permitted, right-to-work or work authorization information, and communications;

Worker and employment information, including employee ID, contact details, role, department, work location, salary, compensation, benefits, deductions, attendance, leave, timesheets, reimbursement claims, travel information, performance or workforce records, disciplinary or grievance records where applicable, onboarding and offboarding information, and emergency contacts;

Government-issued identifiers, tax identifiers, statutory registration numbers, passport or visa details, national identity information, social security or provident fund information, and similar identifiers where required;

Payroll, bank account, payment, reimbursement, benefits, insurance, and tax information;

Dependent, nominee, beneficiary, family member, or emergency contact information where needed for lawful employment, insurance, benefits, tax, immigration, statutory, or emergency purposes; and

Any other information you, a customer, or an authorized user submits through our website, portals, documents, forms, email, support channels, or integrations.

4.2 Technical, Portal, and Usage Information

IP address, device identifiers, browser type, operating system, referral URL, pages viewed, access dates and times, log files, session identifiers, and usage information;

Portal activity logs, authentication logs, access permissions, audit trails, workflow activity, security events, and error reports;

Cookie identifiers, analytics information, and preference settings; and

Information collected through integrations, APIs, payment processors, security tools, analytics providers, and cloud service providers.

4.3 Sensitive or Special Category Information

Where required for EOR, payroll, statutory compliance, benefits, insurance, immigration, right-to-work checks, workplace accommodations, legal claims, or other lawful purposes, we may process information that is treated as sensitive personal information, sensitive data, or special category data under applicable law. This may include government identifiers, financial account information, payroll and tax information, health or benefits information, disability or accommodation information, biometric or authentication-related data if used, background check results where lawful, union or labour-related data where relevant, immigration or work authorization information, and dependent or nominee information. We process this information only where there is an appropriate legal ground and a legitimate business or legal need.

4.4 Sources of Personal Information

We may collect personal information directly from you; from our customers; from customer administrators and authorized portal users; from candidates, employees, workers, contractors, and referees; from recruiters or staffing partners; from payroll, banking, benefits, insurance, background-check, identity verification, IT, cloud, analytics, security, payment, and professional service providers; from government portals or authorities where permitted; and from publicly available or business contact sources.

5. How We Use Personal Information

We use personal information for the following purposes:

Providing, administering, securing, and improving our website, portals, applications, and services;

Responding to enquiries, demo requests, proposals, support requests, and communications;

Managing customer relationships, customer contracts, invoices, payments, accounting, tax, and business records;

Providing EOR, HRMS, payroll, workforce management, recruitment, staffing, onboarding, attendance, leave, reimbursement, benefits, and compliance support services;

Employing or administering India EOR workers through the relevant Indian Vinpro entity;

Verifying identity, credentials, eligibility, authority, employment status, or work authorization where required;

Processing payroll, compensation, benefits, deductions, reimbursements, taxes, bank payments, statutory filings, and employment records;

Managing portal access, permissions, workflow activity, audit trails, security logs, and system integrity;

Detecting, preventing, and responding to fraud, abuse, cybersecurity incidents, unauthorized access, legal violations, or misuse of our services;

Complying with contracts, laws, regulations, court orders, government requests, audits, legal claims, and dispute resolution obligations;

Sending service, account, security, legal, and administrative communications;

Sending marketing communications where permitted by law and your preferences;

Analyzing website and service performance, usage, and effectiveness; and

Carrying out internal business operations, corporate reporting, risk management, compliance, business continuity, mergers, acquisitions, restructuring, or similar corporate transactions.

6. UK Privacy Coverage

This section applies where UK data protection law applies to our processing of personal information, including the UK General Data Protection Regulation and the Data Protection Act 2018.

6.1 UK Lawful Bases

Where we act as a controller, we rely on one or more lawful bases depending on the activity. The table below provides examples.

Purpose

Examples of personal information

UK lawful basis

Website enquiries, demo requests, and customer communications

Contact details, business details, enquiry content, communications

Legitimate interests in responding to enquiries and developing business relationships; consent where required for marketing.

Customer contracts, billing, payments, invoicing, and account administration

Business contact, contract, invoice, payment, tax, and account records

Performance of contract; legal obligation; legitimate interests in managing accounts and records.

EOR onboarding, employment administration, payroll, benefits, attendance, leave, reimbursements, and statutory filings

Identity, employment, payroll, tax, banking, benefits, attendance, leave, reimbursement, statutory and workforce data

Performance of contract; legal obligation; legitimate interests in workforce administration, service delivery, compliance, and legal claims.

HRMS and workforce platform operations

Portal data, workflow data, audit trails, access logs, support records

Performance of contract; legitimate interests in providing and securing services; processor processing on customer instructions where applicable.

Recruitment and staffing

CV/resume, application details, work history, references, interview notes, eligibility information

Steps before entering into a contract; legitimate interests in recruitment; consent where required; legal obligation for right-to-work or compliance checks.

Security, fraud prevention, abuse monitoring, and incident response

IP address, access logs, device data, account activity, audit trails, security events

Legitimate interests; legal obligation; establishment, exercise, or defense of legal claims.

Marketing communications and analytics

Contact details, preferences, website usage, cookie identifiers

Consent where required; legitimate interests where permitted; users may opt out.

Legal claims, audits, regulatory requests, and compliance records

Relevant account, employment, payroll, communications, transaction, portal, security, and business records

Legal obligation; legitimate interests; establishment, exercise, or defense of legal claims.

Where we process special category data, we also rely on an additional condition under applicable UK law, such as employment, social security and social protection obligations, explicit consent where appropriate, substantial public interest where applicable, health or occupational health purposes where applicable, or establishment, exercise, or defense of legal claims.

6.2 UK Privacy Rights

Individuals in the United Kingdom may have the right to request access, correction, deletion, restriction, objection, data portability, withdrawal of consent where processing is based on consent, and review of certain automated decisions. These rights are subject to legal conditions and exemptions. You may also lodge a complaint with the UK Information Commissioner's Office.

7. India Privacy Coverage

This section applies where Indian privacy law applies to our processing of digital personal data, including the Digital Personal Data Protection Act, 2023 and applicable rules as in force.

7.1 India Roles

Where Vinpro Global Services Pvt Ltd or an Indian associate company determines the purpose and means of processing personal data, it acts as a Data Fiduciary. Where it processes personal data on behalf of another Data Fiduciary under contract and instructions, it acts as a Data Processor. For India EOR workers, the relevant Indian employing entity will generally act as a Data Fiduciary for employment, payroll, statutory, benefits, workforce administration, and legal compliance purposes.

7.2 Grounds and Purposes for Processing in India

We process digital personal data in India for lawful purposes, including with consent where required and for permitted legitimate uses or other grounds available under applicable law. Examples include:

Responding to website enquiries and service requests;

Providing EOR, HRMS, payroll, recruitment, staffing, onboarding, attendance, leave, reimbursement, benefits, and compliance services;

Administering employment, payroll, tax, statutory filings, benefits, reimbursements, and workforce records for India EOR workers;

Managing customer contracts, billing, invoices, payments, accounting, tax, and business records;

Securing our websites, portals, applications, infrastructure, and customer data;

Complying with applicable labour, tax, social security, corporate, banking, accounting, immigration, court, regulatory, and government requirements;

Handling grievances, requests, disputes, audits, investigations, and legal claims; and

Sending service communications and permitted marketing communications.

7.3 India Data Principal Rights and Grievance Redressal

Data Principals in India may have rights to access information about personal data, request correction, completion, updating, or erasure, withdraw consent where processing is based on consent, use grievance redressal mechanisms, and nominate another person to exercise rights in the event of death or incapacity. These rights are subject to applicable legal conditions, exemptions, identity verification, and retention obligations.

For India privacy requests or grievances, contact privacy@vinproconnect.com. We will acknowledge and respond within the timelines required by applicable law. Where we process personal data only as a Data Processor for a customer, we may refer the request to the relevant customer unless applicable law requires us to respond directly.

8. U.S. Privacy Coverage

This section applies to residents of U.S. states whose privacy laws apply to our processing of personal information. Rights and obligations vary by state and may be subject to thresholds, exemptions, verification requirements, and exceptions. Some U.S. state privacy laws use terms such as controller, processor, business, service provider, contractor, consumer, sale, share, targeted advertising, sensitive data, and profiling.

8.1 U.S. Categories of Personal Information

In the preceding 12 months, depending on your relationship with us, we may have collected the following categories of personal information:

Category

Examples

Identifiers and contact information

Name, email address, phone number, postal address, username, IP address, device identifiers, employee ID, government ID where required.

Business and commercial information

Customer records, contract details, billing records, invoices, payment status, service history, support records.

Internet, device, and network activity

Website usage, cookie identifiers, IP address, access logs, device information, browser information, portal usage, authentication logs.

Professional or employment-related information

Employer, job title, work location, role, work history, employment records, attendance, leave, payroll, benefits, performance or workforce administration records where applicable.

Education, recruitment, and application information

CV/resume, qualifications, education, skills, references, interview notes, candidate communications.

Sensitive personal information / sensitive data

Government identifiers, financial account and bank details, payroll and tax data, account login credentials, health or benefits data, immigration/work authorization data, dependent/beneficiary data, and similar information where required.

Inferences and preferences

Marketing preferences, service preferences, and limited business relationship insights.

8.2 U.S. Purposes, Sources, and Disclosures

We collect personal information from the sources described in Section 4.4 and use it for the purposes described in Section 5. We may disclose the categories above to the recipient categories described in Section 10, including customers, service providers, processors, contractors, group companies, professional advisers, payment processors, payroll providers, benefits providers, background-check or identity verification providers, cloud and IT providers, security providers, analytics providers, banks, regulators, courts, government authorities, and other parties where required for business, legal, security, or service purposes.

We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of children. We do not use sensitive personal information to infer characteristics or for purposes other than those permitted by applicable law. If our practices change, we will update this Policy and provide required opt-out mechanisms.

8.3 U.S. State Privacy Rights

Depending on your state of residence and the law that applies, you may have the right to:

Confirm whether we process your personal information and access that information;

Request correction of inaccurate personal information;

Request deletion of personal information, subject to exceptions;

Request a copy of personal information in a portable format where required;

Opt out of sale, sharing, targeted advertising, or certain profiling where applicable;

Limit certain uses or disclosures of sensitive personal information where applicable;

Appeal a privacy decision where required by applicable state law; and

Not be discriminated against for exercising privacy rights.

To exercise rights, contact privacy@vinproconnect.com. We may verify your identity and authority before responding. Authorized agents may submit requests where permitted by law, subject to verification. If we deny your request, you may appeal by replying to our decision email with the subject line "Privacy Appeal."

Where required by applicable U.S. state privacy law, and where we engage in sale, sharing, targeted advertising, or similar opt-out processing, we will honor legally recognized opt-out preference signals, such as Global Privacy Control, for the relevant browser or device.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website and portals, secure user sessions, remember preferences, analyze performance, understand website usage, and support permitted marketing and business communications. Where required by law, we obtain consent before placing non-essential cookies or similar technologies. Users can manage preferences through browser settings and, where available, our cookie preference tool. Please see our Cookie Policy for more information.

Approximate location: to show region-relevant content (for example, tailoring our homepage to your country), we determine your approximate country from your IP address. This lookup is performed on our own servers using an offline database, so your IP address is not sent to any third-party location service. It is country-level only and is not used to identify or track you.

10. Disclosure of Personal Information

We may disclose personal information to:

Customers and their authorized representatives, where relevant to services requested by the customer;

EOR, HRMS, payroll, recruitment, staffing, onboarding, attendance, leave, reimbursement, benefits, and compliance service providers;

Payroll processors, banks, payment processors, benefits providers, insurance providers, professional employer services, background-check providers, identity verification providers, and statutory compliance partners;

Cloud hosting, software, IT support, cybersecurity, authentication, analytics, communication, customer support, and workflow service providers;

Professional advisers, auditors, accountants, lawyers, insurers, consultants, and tax advisers;

Vinpro group companies and Indian associate companies for internal administration, service delivery, customer support, employment administration, security, legal compliance, and business operations;

Government departments, tax authorities, labour authorities, courts, regulators, law enforcement, statutory bodies, and dispute-resolution bodies where required or permitted by law;

Business transaction parties in connection with a merger, acquisition, financing, restructuring, sale of assets, corporate transaction, or diligence process; and

Other parties where you authorize the disclosure or where disclosure is required or permitted by law.

We require service providers and processors to protect personal information and use it only for authorized purposes, subject to contract and applicable law.

11. International Data Transfers

Because we serve customers internationally and use global service providers, personal information may be transferred to and processed in the United States, India, the United Kingdom, and other countries where we, our group companies, customers, service providers, or partners operate.

Where UK transfer restrictions apply, we use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or other lawful transfer mechanisms. Where Indian law applies, we transfer personal data outside India only as permitted under applicable law and subject to any restrictions notified by the Government of India. We also use contractual, technical, and organizational safeguards designed to protect transferred personal information.

12. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law, contract, legal claim, audit, tax, accounting, regulatory, employment, statutory, or security need. Indicative retention criteria are set out below and should be read subject to applicable legal requirements and customer contracts.

Data category

Indicative retention criteria

Website enquiries and demo requests

Normally up to 24 months after the last interaction, unless the enquiry becomes a customer relationship or a longer period is needed.

Marketing contacts and preferences

Until opt-out, withdrawal, or inactivity according to our marketing retention rules; suppression records may be retained to respect opt-outs.

Customer contracts, billing, invoicing, tax, and accounting records

For the customer relationship and normally up to 7 years thereafter, or longer where required by law or dispute needs.

India EOR worker, payroll, statutory, benefits, tax, banking, attendance, leave, reimbursement, and employment records

For the employment/assignment period and normally up to 8 years thereafter, or longer where required for statutory, tax, labour, social security, audit, or legal purposes.

HRMS portal data processed for customers

For the customer contract term and according to the relevant customer agreement, deletion schedule, or customer instructions, unless retained for legal, security, audit, or legitimate business purposes.

Candidate and recruitment records

Normally 12 to 24 months after the recruitment process, unless longer retention is permitted or required.

Support tickets and business communications

Normally up to 3 years after resolution or last interaction, unless linked to a contract, dispute, audit, or legal requirement.

Security logs, access logs, audit trails, and fraud prevention records

Normally 12 to 24 months, or longer where needed for security, investigations, legal claims, or compliance.

When personal information is no longer required, we delete, anonymize, or securely archive it according to our retention and deletion procedures, subject to technical backup cycles and legal holds.

13. Security

We maintain administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These safeguards may include access controls, role-based permissions, encryption, secure hosting, multi-factor authentication, security monitoring, vulnerability management, backups, incident response procedures, employee confidentiality obligations, vendor due diligence, and contractual controls. No system can guarantee absolute security.

14. Automated Decision-Making and Profiling

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects, unless this is separately disclosed or permitted by applicable law. Customers may configure workflows or decision processes within HRMS, recruitment, or workforce tools; where they do so as controllers, businesses, or Data Fiduciaries, they are responsible for providing required notices and responding to applicable rights requests.

15. Children and Dependents

Our website and business services are not directed to children. We do not knowingly collect personal information from children through our website for general marketing or enquiry purposes. For U.S. purposes, we do not knowingly collect personal information from children under 13 through our website. For India purposes, a child is an individual under 18.

We may process children's, dependent's, nominee's, beneficiary's, family member's, or emergency contact information where required or permitted for lawful employment, EOR, payroll, tax, insurance, benefits, immigration, statutory, emergency, or similar purposes, and we will do so only in accordance with applicable law and with parent or lawful guardian consent where required.

16. Your Choices and How to Exercise Rights

To exercise privacy rights, submit a request to privacy@vinproconnect.com. Please include your name, contact details, relationship with Vinpro, the Vinpro service involved, and the right you wish to exercise. We may need to verify your identity and authority before acting on a request.

Where we process personal information as a processor, service provider, contractor, or Data Processor on behalf of a customer, we may refer your request to the customer or assist the customer in responding. Where we act as the relevant controller, business, or Data Fiduciary, including for India EOR employment and statutory purposes, we will respond directly or coordinate with the customer where needed.

You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. Service, security, legal, billing, HR, payroll, and transactional communications may still be sent where necessary.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, services, or business practices. Material changes will be posted on www.vinproconnect.com with a revised effective date. Where required by law, we will provide additional notice or obtain consent.

18. Contact Us

Privacy Contact

Email: privacy@vinproconnect.com

Website: www.vinproconnect.com

For customer billing and related account administration: Vinpro Global Services LLC.

For website enquiries, India EOR workers, HRMS portal operations, and India service delivery: Vinpro Global Services Pvt Ltd and/or its relevant associate companies in India.