How We Protect Your Data

Security and GDPR

Security and Data Privacy Drives Everything We Do

LunaHR is a fully encrypted cloud based platform, all client data is encrypted and stored safely and securely, making sure your company data is safe. Data security teams are employed to run regular checks to ensure we have the latest security practices.

We have a strict security protocol, where we carry out annual penetration tests, implement input validation, utilise bi-weekly vulnerability scans and run various security audits. In other words, your trust in LunaHR storing your data is taken very seriously.

About LunaHR?

LunaHR is a trading name of A2ZTECHNOLOGIES LTD, a UK based company that has been developing bespoke software applications and carrying out IT operations (including cyber security) for 10+ years now. LunaHR is our first commercial product.



Bespoke Software, IT Operations

Uptime / SLA

‘The cloud that never goes down’. LunaHR is a cloud based platform hosted on Microsoft Azure. Both Microsoft and our service level agreement is 99.9% uptime a month. We inform our clients about scheduled maintenance and try to complete these outside of standard working hours.
Microsoft Azure

Microsoft Azure

Trusted, Secure, Quick

Want to Learn More About GDPR?

Comprehensive Guide by ICO

View Here

LunaHR is GDPR Compliant

What is GDPR?

GDPR (General Data Protection Regulation – May 2018) is a newly introduced European Data Protection Act. It was implemented to strengthen the rights individuals have regarding personal data related to them and how its processed.

As you can imagine GDPR is a big deal to us as a large aspect of our company is based around storing and processing personal data. LunaHR is GDPR compliant, we have a designated Data Protection Officer, and GDPR specified practices that are integrated into both our platform and policies.

Our Commitment to GDPR

What We Are Doing For GDPR

When considering LunaHR it is important to take into account how we are meeting the requirements of GDPR. We have outlined key information that will help you assess our GDPR status. If you would like further information, please get in contact with us and we will happily advise further.

Expert Knowledge

LunaHR has a team of in-house cyber security experts. LunaHR afterall is a commercial product of A2ZTECHNOLOGIES LTD, an IT support company. A2ZTECHNOLOGIES specialise in IT operations for large clients across the UK.


Therefore the LunaHR security team adheres to the latest security and privacy policy, protecting and maintaining the LunaHR system from internal and external cyber threats.

Our Policies

The new GDPR regulations resulted in new Terms & Conditions. If you haven’t already, please review these. It gives an insight into various aspects of our legal approach to GDPR. You can read the Terms & Conditions here. Additionally, it would be beneficial for you to review our Privacy Policy also.


Our in-house security experts have verified that the LunaHR application is GDPR compliant. The main part of this is the method of deletion and retention of customer data. Our methodology is acceptable for use under the GDPR act. We have gone further to verify this externally from legal experts who concurred.


What does this mean? You should not worry about using LunaHR as a third party application as it is GDPR compliant and will not hinder your companies GDPR validity.

Data Breaches

In the event of a personal data breach, we the controller shall without any delay inform the supervisory authority and any clients which might be affected. While we do not anticipate a breach will occur, we ensure we have the correct processes in place in accordance with GDPR regulations for our clients.

Processing According To Instructions

Any data in the LunaHR application will only be processed in accordance with the customer’s instructions.

Employee Confidentiality

We have been handling client HR data for over 10 years now. All of our employees are required to sign various training and sign paperwork including confidentially agreement and code of conduct training.


Our employees have the greatest respect to client data. You can be rest assured that we will handle your data in accordance to our policies and yours.

Use of Subprocessors

We do not use any Sub-processors. LunaHR directly conduct all of data processing activities required to provide the LunaHR services for all modules (core module, leave module, expense module and attendance).

Data Return and Deletion

In LunaHR users can amend their own data via their personal profile. Likewise, administrators or users with the correct permissions can delete employee data, via the functionality of LunaHR.
We maintain to audit logs to ensure these changes are tracked, however this does not contain any identifiable data.

Data Controllers

How we assist Data Controllers

Data Subject’s Rights

LunaHR has always offered the service to export customer data, at any time during their license. We will continue to offer this.

Data Protection Officer

Our HR Data Protection Office for LunaHR is James Millard. Any questions regarding GDPR or data protection can be sent to him. You can contact him at [email protected]

Incident Notifications

LunaHR has and will always notify clients about incidents regarding their data or breaches. We aim to give a full incident report between a 24 hour to 72 hour period. This is outlined in our Terms of Service.

How we comply with the requirements of GDPR practices

The GDPR regulation outlines 6 principles, we comply with these. The 6 principles are as follows:

Lawfulness, fairness and transparency

LunaHR has the right to process any personal data we collect in a fair, lawful and transparent manner.

As a customer of LunaHR we process your personal data in accordance to our Terms of Service

Purpose Limitations

Personal data is only collected for specified and legitimate purposes. Data we collect will not be used for any other purposes you have not been made aware of.

As a customer of LunaHR we will only process personal data you enter into your tenancy on LunaHR, for the sole purpose of provide our service in accordance to our Terms of Service

Most importantly your data is not shared with any external parties, we respect our clients privacy.

Data Minimisation

LunaHR will only collect personal data that is needed for us to carry out our services. Customers are responsible for ensuring that data you hold about your employees is limited to what is needed, adequate and relevant for specific purpose.


We will do our best to ensure collected personal data is accurate  and up to date.

As a customer of LunaHR you are responsible for ensuring that data entered into the system about your employees is also accurate and kept up to date.

Storage Limitations

We will only keep personal data for as long as it is needed. In addition, you have the right to request erasure of your individual data.

As a customer of LunaHR you as responsible for ensuring that personal data entered into your tenancy on the system is removed when no longer needed. You can do this as an administrator by deleting users or other company related information.

Integrity and Confidentiality

We will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing.

How we handle subject access requests (SAR)

LunaHR act as a Data Processor on behalf of our customers. We are not able to process data on your behalf. We provide you with the functionality inside LunaHR to do exactly this.

Your Answers

Frequently Asked Questions

You may have a few questions about LunaHR and GDPR. We have answered some of the most common questions below. If you have any further questions, feel free to get in contact with our inhouse expert James Millard.

Is LunaHR Compliant with GDPR?

We have done a self assessment and also seeked external legal valuation. We are currently compliant with GDPR.

Do you have a Data Protection Officer?

The official Data Protection Office is James Millard. You can contact him via [email protected]

Do You Market Other Services To The Employees We Add?

No, definitely not. We simply store and process the data given to us in accordance to our terms of service.

How Long Do You Store Employee Data?

This is completely up to you. As administrator you can control to delete employee data when needed. We do store backups, however these only last for 30 days and can be deleted if requested.

Where Is Our Data Stored?

Client data is currently stored in the US for cost and performance reasons. Security access however is held in the UK, additionally Microsoft Azure comply with EU / US privacy shield policies.

If we were to ask you to remove all data we have provided you on an employee would you be able to do that in a timely fashion?

Employee data can be removed by administrators in your company. However, if we receive a request like this, we will also do it, including the backups. Please contact [email protected] so he can handle your request.

Do you have a process in place for reporting personal data breaches within 72 hours of having become aware of it?

Yes we do. If you would like to learn more about this process please contact [email protected] and he can better advise.

Have a question?

GDPR and Security Discussion

Still have more questions about GDPR? Or perhaps you just want to discuss our security measures. Feel free to get in touch with us.