Privacy Policy

myrole.co provides bespoke, in-brand career tools (Career Pathways and Coaching Cards) to organisations. This policy explains what personal data we handle, why, and the choices you have.

1. Who we are

myrole.co is a platform operated by Oursayso Limited ("we", "us"), a company registered in England & Wales (company no. 7987453), 111 Piccadilly, Manchester, M1 2HY. The platform is delivered in partnership with Let's Talk Talent, our talent & HR consultancy partner.

2. Controller and processor

Our role depends on the context:

• When an employer deploys a tool to its people, that employer is the data controller and we act as a data processor on their behalf, under a Data Processing Agreement (DPA). The employer's own privacy notice governs how they use the data.
• For our own website and business contacts (e.g. someone emailing hello@oursayso.com), we are the controller.

3. What we collect

From end users of the tools

• Account/identity details passed by your employer's single sign-on (typically name, work email, and role).
• Your interactions within the tool (e.g. pathways explored, prompts completed) so the experience works and your employer can see anonymised/aggregated engagement.

From website visitors & business contacts

• Anything you choose to send us by email, and basic technical data needed to run the site securely. See our Cookie Notice.

4. Why we use it, and our legal basis

• To provide the tools our client has commissioned: performance of our contract with the client (we act on their documented instructions as processor).
• To keep the platform secure and reliable: our legitimate interests in running a safe service.
• To respond to enquiries you send us: our legitimate interests in handling business communications.

We do not sell personal data.

5. Who we share it with

• Your employer (the controller), in line with the agreed configuration.
• Sub-processors we rely on to run the service (e.g. hosting, identity, email). A current list is available on request.
• Authorities where we are legally required to.

6. Where your data lives

Platform data is hosted on enterprise-grade infrastructure in Europe, encrypted in transit and at rest. The site and tools are served through Cloudflare's content delivery network, which may route and cache traffic through edge locations globally to keep the service fast and secure. Where personal data is processed outside the UK/EEA as part of this, we rely on appropriate safeguards.

7. How long we keep it

We retain personal data only as long as needed to provide the service to our client, then delete or anonymise it in line with the client's instructions and our agreement. On termination, client data is returned or deleted within 3 months.

8. Your rights

Under UK GDPR you may have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. As most end-user data is controlled by your employer, the quickest route is usually through them, but you can always contact us and we'll help route your request. You also have the right to complain to the ICO (ico.org.uk).

9. Security

We build data protection in from the start: least-data collection, encryption in transit and at rest, single sign-on through your existing identity provider, per-client isolation, and access on a need-to-know basis. A security overview and questionnaire responses are available to clients under NDA.

10. Contact