GABE HRIS Privacy Policy

Last Updated: March 2026
Operated by Gabe Technologies LLC | www.gabehris.com
Privacy Contact: [email protected]

1. Controller vs Processor

Data protection laws often distinguish between “controllers” and “processors.” A controller decides why and how personal information is processed. A processor processes personal information on behalf of a controller, following their instructions.

2. When This Privacy Policy Applies

This Privacy Policy applies when we act as a controller, such as when you:

• Visit our public website that links to this Privacy Policy.
• Contact us, request information, or schedule a demo.
• Create an account directly with us (for example, an admin account created during onboarding).
• Submit support requests, feedback, or communicate with us.
• Register for or attend an event, webinar, or training.

3. When We Act as a Processor (Customer HR Data)

When you use the GABE HRIS application as an employee, contractor, applicant, or end user of a customer organization, that organization is typically the controller of your personal information and we act as a processor. Our processing of Customer Data in that context is governed by our contract with the customer, including the Data Processing Agreement.

If you want to exercise privacy rights related to HR data in your employer’s GABE HRIS tenant, please contact your employer or organization first. If your organization instructs us to assist, we will do so as required by the customer contract and applicable law.

4. Information We Collect as a Controller

4.1 Information You Provide

• Business contact information such as name, email, phone number, company, job title.
• Account information for accounts you create directly with us, such as username, role, and authentication details.
• Communications such as support tickets, emails, feedback, and meeting notes.
• Event information such as webinar registration and attendance details.

4.2 Information Collected Automatically

When you interact with our public website, we may collect basic technical information needed to deliver the site to you, such as IP address, device type, and browser type. We do not use this information for behavioral advertising.

5. No Cookies in the GABE HRIS Application

This “no cookies” statement applies specifically to the GABE HRIS application.

The public marketing website (gabehris.com) may use limited essential cookies if required for website security, platform functionality, or embedded services. These cookies, if used, are not used for behavioral advertising or cross-site tracking.

If cookies or similar technologies are introduced in the GABE HRIS application in the future, we will update this Privacy Policy and provide appropriate notice where required by applicable law.

6. How We Use Information

When acting as a controller, we use information to:

• Operate, secure, and maintain our website and business operations.
• Respond to inquiries, provide support, and manage business relationships.
• Send service-related messages, including security and policy updates.
• Provide demos, onboarding support, and training.
• Improve the Service and customer experience through operational analysis and troubleshooting.
• Comply with legal obligations and enforce our agreements.

7. Legal Bases for Processing

Where required by law, we rely on one or more legal bases including performance of a contract, legitimate interests, consent (where required), and legal obligations.

8. How We Share Information

We do not sell personal information. We may share information with:

• Service providers that support hosting, security monitoring, email delivery, and customer support operations.
• Professional advisors such as attorneys, accountants, and auditors.
• Authorities when required to comply with law, protect rights, or address security incidents.
• Successors in the event of a corporate transaction, subject to appropriate safeguards.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

To report a security concern, email [email protected].

10. Data Retention

We retain personal information for as long as needed to fulfill the purposes described in this Privacy Policy and for legitimate business and legal needs. Customer Data retention and deletion are governed by the customer contract and Data Processing Agreement.

11. International Transfers

We may process and store information in the United States and other locations where we and our service providers operate. Where required, we use appropriate safeguards for international transfers.

12. Your Privacy Rights

Depending on your location and applicable law, you may have rights such as access, correction, deletion, portability, restriction, objection, and opt-out of certain processing. To exercise rights for information covered by this Privacy Policy (controller processing), contact [email protected].

For HR data processed within a customer tenant, contact your employer or organization first.

13. Children’s Privacy

GABE HRIS is not directed to children under 16, and we do not knowingly collect personal information from children under 16 as a controller.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date indicates when it was last revised. If we make material changes, we will post the updated policy on this page.