Last updated: April 8, 2026
You2Off is designed to support compliance with the EU General Data Protection Regulation (GDPR) and similar laws. This page summarises how we handle personal data in line with those requirements.
We process personal data primarily on the basis of contract (to provide the leave management service) and legitimate interests (e.g. security, integrity of the system). Where your organisation requires it, processing may be based on consent.
We collect only what is necessary to run the service: account details (name, email, department, hire date), leave requests and balances, and technical data (e.g. session data) for security and operation. Data is not used for unrelated purposes or sold.
Under GDPR you have the right to:
To exercise these rights, contact your organisation's administrator or the data controller (the entity that decides how and why your data is processed—typically your employer).
We implement appropriate technical and organisational measures to protect your data (see our Data Security page). Data is retained only as long as necessary for the service and legal obligations.
If data is processed or stored outside the European Economic Area, we ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) as required by GDPR.
The data controller is the organisation that operates your instance of You2Off (typically your employer). For controller identity, contact details, and any data protection officer, please refer to your organisation's internal policies or contact your administrator.