Privacy Policy

This Privacy Policy (the “Privacy Policy”) is intended to inform you about the personal data we process when you use the HR Unicorn  mobile application (the “Application”).

The Application is part of a project developed to improve the relationship and collaboration between the employer or customer  and a specific company, by creating an interactive link between them, including through online interactions and providing feedback in various campaigns organized by the company ( the “Project”).

The purpose of the Application is to facilitate employee and customers access to the company communication campaigns and to mediate and stimulate communication between the employee/customer and the company in order to improve working relationships, including employee involvement in day-to-day activities for the benefit of the Company, or the customer satisfaction, by providing incentives and the possibility of generating feedback from employees/customers, so that, through the delivery of dedicated reports, the Company has visibility on relevant aspects of work performance (the “Services”).

In order to use the Application, the Company will process personal data as a data controller, and in this capacity we wish to inform you about our contact details, what data we process and the purposes for which we process it, the legal grounds for processing, the period of data storage, the entities to whom we disclose certain data, and the rights you have in relation to your personal data.

We are committed to respecting your right to privacy of your personal data by complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (CCPA).

In this Privacy Policy, the term “personal data” refers to any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified directly or indirectly, in particular, by reference to an identifier or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity (the “Data”).


Who are we?

The data controller is HR UNICORN Ltd., with its registered office in United Kingdom, London, Kemp House, 160 City Road, EC1V 2NX, registered with the Companies House under no. 12936024, having the e-mail address and telephone no. +1 (310) 289-3614, duly represented by Maria Nica, in capacity as Director (the “Company” or the “Employer”).  The Company may be mentioned in this Privacy Policy as “we”, “us” or “our”.

The company has not appointed a data protection officer. However, if you have any questions about the content of the Privacy Policy and the use of your personal data, please use the contact details above and our legal representatives will respond to you.

How do we use personal data?

Your personal data will be processed in order to provide the Services in the various campaigns carried out through the Application in order to facilitate interactions between the Company and its employee/customers.

The Company makes available to users of the Application certain questionnaires that they can fill in and send to the Employer together with the related answers. Based on the options selected in the questionnaire, users can benefit from a dynamic reward. The conditions for running campaigns will be displayed within the Application, in a dedicated section.

What data we process and for which purposes

Providing any Data is purely optional, failure to do so will result in the impossibility to benefit from the Services provided by the Company and, implicitly, the impossibility to participate in campaigns.

Categories of Data and the purpose of the processing of such Data

Legal basis for the processing of the Data

Duration of the processing of the Data

Data Recipients

Categories of Data: first and last name, e-mail address, date of birth, demographic information such as residence, habits, interests, answers to questionnaire questions, credit earned related to the relevant campaign, history of credits earned. The purpose of processing the Data is to provide the Services.     

The performance of the contract concluded between you and the Company for the provision of the Services (Article 6 (1) (b) GDPR). 

For the entire duration of the contractual relationship between you and the Company and for a period of 3 years from the date of termination of the contractual relationship for any reason.

Your data will be processed by designated persons within the Company.

Categories of Data: Name and surname, e-mail address, telephone number, question/request asked and any other Data provided in the request. Purpose of Data Processing: To provide answers to your questions or requests, sent by post, e-mail, fax or telephone.  

The processing is based on the performance of the contract concluded between you and the Company, in particular your request to receive answers to your questions (Article 6 (1) (b) of the GDPR).

3 years from the date your request was dealt with.

Your data will be processed by designated persons within the Company to answer to your requests.

Categories of Data: name and surname, e-mail address, telephone number. Purpose of Data processing: to provide information on campaigns, promotions, various regular information (newsletter).

The processing is based on users’ consent (Article 6(1)(a) of the GDPR).

Until the date of withdrawal of the consent given.

Your data will be processed by designated persons within the Company for the provisions of regular information.

Other categories of data recipients

We use the services of contractual partners to fulfil the purposes mentioned above.

Some of these contractual partners are persons empowered by the controller: e.g. the IT service provider [*].  The database is structured in such a way that the data cannot be accidentally accessed outside the limits configured in the system.

Some of the Data indicated above will be made available or transmitted to third parties (e.g. public or judicial institutions, etc.). In these cases, third parties will have access to the Data in the performance of their duties, e.g. (i) public authorities, auditors or legal or institutions with powers to carry out inspections and controls on the Company’s activity and assets, (ii) to comply with a legal requirement or to protect our rights, such as courts, bailiffs etc.

How do we protect personal data?

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of all data in transit, using HTTPS and SSL technologies;

  • Limiting access to personal data to authorized persons, who have a legitimate need to access such data;

  • Regularly testing and evaluating the effectiveness of our technical and organizational measures for ensuring the security of the processing.

Despite our efforts to protect your personal data, please note that no security measures can guarantee absolute protection of your data from all potential threats.

Your rights

Under certain conditions, you have the following rights with regard to your personal data:

  • Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information about the processing.

  • Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

  • Right to erasure: You have the right to obtain from us the erasure of personal data concerning you without undue delay.

  • Right to restriction of processing: You have the right to obtain from us restriction of processing where one of the conditions provided for in the GDPR applies.

  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on our legitimate interests or for the performance of a task carried out in the public interest.

To exercise your rights, please contact us at the email address provided above. We will respond to your request within the timeframes set out in applicable data protection laws.


If you believe that we have infringed your rights under applicable data protection laws, please contact us using the contact details provided above. You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time by publishing a new version on our website. We encourage you to check this page periodically to ensure that you are aware of any changes.

This Privacy Policy was last updated on 05.03.2023.