Legal & Privacy



This policy explains what personal information we collect from users of this website, our customers, suppliers and employees. It describes how we use and store this information, and with whom this information is shared.

It also explains what your rights are regarding your personal data, how you can manage the data we collect, how to find out what data we hold about you, and how to request that your personal data be deleted.

Payara Services Ltd and its affiliated companies and subsidiaries (collectively, ‘Payara’) respect your privacy. This Legal & Privacy Statement applies to personal information collected by Payara through the website, and other websites which we operate and on which we post a direct link to this Legal & Privacy Statement.

Payara will not sell, rent or lease your personal information to others without your consent.

Who are we?

Payara Services Ltd is a professional services limited company registered in England and Wales. We are a dedicated team of professionals devoted to Open Source, Java, our customers, and the community. We are major contributors to the development and engineering effort of the Payara Server Open Source Project and the Payara Foundation. Our global team of specialist Payara Server Support Engineers delivers 24/7 production, development & migration support directly to our customers worldwide. 

Our registered business address is:

Payara Services Limited

Malvern Hills Science Park
Geraldine Road
WR14 3SZ

How can you contact us?

For any enquiries relating to privacy or data protection, you can email us at , call our reception service on +44 207 754 0481, or write to us at our head office address:

Payara Services Limited

Malvern Hills Science Park
Geraldine Road
WR14 3SZ

We normally respond to any enquiries by the next UK working day.

Who do we collect personal information from?

  • Visitors to our website
  • People who enquire about our services
  • People who subscribe to our blog or newsletter mailing lists
  • People who request our publications
  • Job applicants
  • People who enquire about events we organise or sponsor
  • Current and former employees
  • Customers
  • Suppliers and service providers

What types of personal data do we collect?

As a B2B professional support services and consultancy providers, we collect and store very little personal information from people interested in our services, publications or events, but if you use our website, download publications or enquire about our service offerings, then we will be likely to collect information such as:

  • your name
  • your company or organisation name
  • your mobile and landline phone numbers
  • your job title or position
  • you email address
  • your IP address
  • your company or organisation address
  • your company VAT number (for online services purchase purposes only)
  • your website domain (for online services purchase purposes only)
  • correspondence history (where applicable)

If you're applying for employment, or are a current or former employee, then clearly, far more personal data will be collected, stored and processed. For more information on this, please scroll down to the section on recruitment and employment.

You should also be aware that we use software in our sales, marketing and customer relationship management processes that collect, store and process information. This software is identified and described both in this policy and in our cookie policy.

What do we use personal information for?

  • To respond to service or general enquiries
  • To deliver services to customers
  • To market services to existing customers
  • To market our services to people who have shown an interest in them
  • To research customers and organisation as part of our sales process
  • To make people aware of events and publications
  • To provide service and product updates
  • To process job applications
  • To carry out our HR responsibilities towards employees and ex-employees
  • To manage suppliers and commercial partnerships
  • To conduct financial activities such as invoicing and payment processing

What is your Lawful Basis for Data Processing?

  • Consent (applies to the following departments: Finance, Marketing & Sales, Service Delivery / Support)
  • Legitimate Interest (applies to the following departments: HR, Finance, Marketing & Sales)
  • Legal Obligation (applies to the following departments: HR, Finance, Service Delivery / Support)
  • Contractual Obligation: (applies to the following departments: HR, Finance, Service Delivery / Support)

For more information about Payara's lawful basis for data processing, feel free to contact us at .

What should I expect when you collect my personal information?

To make you aware of what to expect from us as collectors and users of your personal information, we've created the following at-a-glance summaries. If there is something on this page that you don't understand, or that you'd like clarification on, please feel free to contact us and ask for further information at .

Visitors to our website

When you visit our website, third-party service providers that we use for marketing and customer relationship management (CRM) puposes (such as Google Analytics and HubSpot) will collect and store information about:

  • Your IP address
  • Your geo-location
  • Your web browser type and version
  • Your browsing device
  • Your operating system
  • The pages you browse on our website

Aside from your IP address, none of this information alone can be used to identify you or your browsing behaviour and is collected and processed in order to help us improve our marketing efforts. To help give you a better understanding of what to expect, these are the third-party systems that may be collecting data from website visitors:

  • Google Analytics
    Collects information such as device, IP, browser and browsing data, but does not collect personal information and cannot use the data collected via our website alone to identify you. For more information on how Google uses your data, you can read their guide to privacy here:
  • HubSpot
    This is our CRM software, and we use it to collect device, IP, browser and browsing data from website visitors. Whilst this data alone cannot be used to identify you, you should be aware, that if you visit our website, and subsequently enquire about our services via a website form without clearing your cookies (find our more about cookies here), then your previous browsing history on our website will be known to us.

    EU citizens should also be aware that Hubspot is a cloud platform hosted from AWS data centers in the US, and data collected by HubSpot is stored entirely in the US. To find out more about the legal framework for transferring data between the EU and the US, HubSpot's Privacy Shield certification, and the AWS data security, HubSpot has produced an e-book that is freely available for download, and which contains further information:
  • YouTube
    We use YouTube to host some of our video content, and it may collect information such as IP address, geo location, devices and engagement behaviour. You can find out more about the YouTube privacy policy here:
  • Zoom
    We use Zoom software to host our online events, such as webinars. Registration forms within Zoom software collect some personal information from those who register for our event, e.g. full name, company name, email address and phone number. For more information about Zoom privacy policy see:
  • PayPal
    We use PayPal to process payments for our services via 'Buy Support Online' available on our website. During the online purchase process, the buyer is transferred to the PayPal website, which will collect their name, address, phone number, and email address. In order to make payments through the PayPal Services, the buyer must provide credit card, debit card or bank account information. For more information about how PayPal uses and processes personal data see: 
  • HelloSign

We use HelloSign eSignatures integration with our CRM system to manage commercial contracts only. It allows our sales team to track the signature status of documents, such as services contracts. The signatures are safely stored within the Payara CRM system and HelloSign systems. For more information about how HelloSign uses and processes personal data see: 


Making enquiries about our services via a website form

When making and enquiry or downloading a resource on our website, you will be doing so via a form generated by our CRM platform. Doing so will automatically create an account in the CRM that will contain any personal information you have submitted (typically email, name, phone) and any associated information such as company or organisation.

The software will also store browsing histories, correspondence, email response (whether you receive, open or click through from emails), but no other personal information is collected. You should be aware, that if you enquire about our services via a website form without clearing your cookies (find our more about cookies here), then your previous browsing history on our website will be known.

When making an enquiry such as this, you'll naturally be sent communications as part of (and to progress) our sales process, but you will also be asked for your consent to be sent marketing communications. You'll be able to withdraw your consent at any time, and any marketing communication sent to you will offer you the opportunity to change your marketing communication preferences via a link in the email footer.

Making enquiries about our services via email or phone

You should be aware that when calling our office phone number (+44 207 754 0481), the phone number you are calling from will be collected by our reception service provider, Allday PA , and your call may be recorded. Their agents will request information from you which will include personal information such as name, email address and any other information relevant to the enquiry. This will be stored on their systems for audit and training purposes and are passed to us via phone and email.

As soon as a service enquiry is made, we will manually create a customer record on our CRM system, which contains personal information such as name, email address, and phone number, as well as other information relevant to the enquiry such as job title, company name and service requirements. We will also store any relevant correspondence such as emails and call summaries.

When making an enquiry such as this, you'll naturally be sent communications as part of (and to progress) our sales process, but you will also be asked for your consent to be sent marketing communications. You'll be able to withdraw your consent at any time, and any marketing communication sent to you will offer you the opportunity to change your marketing communication preferences via a link in the email footer.

People involved in the sales or delivery process

For account management purposes, we will record all correspondence we have with you if you are involved at any stage in the sales of delivery process, regardless of whether or not you are a commercial representative of a customer. This means that you could be a technical team member brought into a sales or discovery call, and someone who might not expect to have their personal data collected or stored.

You should also be aware that your personal information may appear on technical reports, orders, proposals, statement of works, and contracts that form the legal and technical documentation of the sales and delivery process. These documents may be stored in our CRM, on other company systems, and be shared internally with the commercial and delivery teams. We'll do what we can to make you aware of this when sending meeting and call invites.

Unless you are a key commercial contact on the account, however, you will not be contacted for sales and marketing purposes, and you will not have a personal record created on our CRM.

Managing consent for marketing communications

Our sales and marketing communications are delivered via our CRM platform. Anyone who has subscribed to our marketing communications, completed a form on our website, made a service enquiry, or is a key commercial contact in a sales or delivery process, has the ability to manage their own consent for marketing communications. All of our marketing emails contain a link in the footer, which gives recipients access to their marketing preferences page. Here they can opt-out of receiving communications.

Subscribing to our blog or newsletter

If you subscribe to our newsletter or blog, you will be giving your consent to join our mailing list and receive our marketing communications. These will typically include blog updates, technical resources, industry and technology community news, and company products and services updates. All of our marketing emails contain a link in the footer, which gives recipients access to their marketing preferences page. Here they can opt-out of receiving communications.

Data Storage and Retention

We take great care to ensure that any personal data we collect electronically is stored on third-party systems and platforms that comply with EU data protection regulation, and which are managed by us under company data security and data protection policies and procedures. Where required by law, we also store data in paper format under secure storage conditions, which complies with company data security and data protection policies. 

Under our company data security and data protection policies, we define how the data we collect can be stored and used, and specify how long we retain data for. As a rule, we only retain data for as long as it is required to conduct business processes, or comply with legal requirements.

All users of data within the company have been trained both in company data protection policies and procedures, and EU data protection regulation. Our policies and procedures have been designed specifically for each business function or department to reflect the data collection, storage and use requirements of those functions, and we also take great care to ensure that suppliers and partners have stringent data protection policies in place.

What if I'm a job applicant, current, or former employee?

The company is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at . 

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.

Application stage

If you use an online application system or a recruitment agency then your personal information will be collected by a them as a data processor on our behalf.
We ask you for your personal details including name and contact details. We will also ask you about your previous skills, knowledge and experience, education, and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.


Our managers shortlist applications for interview. They will be provided with your name and contact details and the information collected at application stage assessments. We might ask you to participate in assessment days, practical tests or to attend interviews –either face to face or by phone or electronic communications. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by the company only for the length of the process.

Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to be given a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to the information they have provided.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • We use Experian as an employee checking service to determine criminal records declarations, any unspent convictions, financial records and proof of identity.
  • We will contact your referees once you have accepted our preliminary offer using the details you provide during your application, directly to obtain references
  • Depending on circumstance we might need to contact UKVI to arrange/ confirm sponsorship information

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments
  • Personnel details including – name, address, contact details, NI number, date of birth, special needs, driving details, education details, Emergency contact details, and medical info.

Data processors

We use some third parties to help us in processing data –we aim to ensure that all third-party processors are compliant with GDPR

  • Bishop Fleming & HMRC
    If you are employed by the company, relevant details about you will be provided to Bishop Fleming and HMRC who provide payroll and Tax services to the company. This will include your name, bank details, address, date of birth, National Insurance Number and salary.
  • The Peoples Pension (TPP) 
    Likewise, your details will be provided to TPP who are the administrators of the company Pension Scheme. You will be auto-enrolled into the pension scheme and details provided to TPP will be your name, date of birth, National Insurance number and salary. 
  • Recruitment Agents and Social media sites 
    We often post job adverts out on various social media sites – including but not exclusively Linked IN and Indeed which direct you to apply for the role via their site. We also post adverts on our website and encourage you to apply directly to . Occasionally, we use Recruitment agents to advertise roles. We will have signed contractual agreements (which cover GDPR compliance) with these agencies and they will process your data in a form that gives us sufficient information to consider your application.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment. On termination of employment with the company, all information give will be kept for 3 months and then after 1 year all non- relevant information will be deleted. Some financial data will be kept for 6 years following the end of your employment. We aim to retain data no longer than statutory requirements allow for.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for up to 6 months. Information generated throughout the assessment process, for example interview notes, are retained by us for up to 6 months

How we make decisions about recruitment?

Final recruitment decisions are made by managers and members of our recruitment team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our recruitment team.

Complaints or queries

As a company that relies on high levels of customer service and satisfaction, we are committed to upholding the best practice in collecting and using your data. For this reason, we take any complaints we receive about this seriously and encourage anyone who feels that our collection or use of information does not meet the standards set out under the General Data Protection Regulation (GDPR). We are also happy to provide any additional clarification or information if there is something that you don't understand or feel that we haven't explained. Please feel free to contact us and ask for further information at 

If you want to understand more about GDPR, you can contact the statutory body in the UK which oversees data protection law –

Changes to Our Privacy Policy

This Privacy Policy may be updated from time to time (for example if we introduce new third-party service providers - such as social media platforms - that might collect and use your data), so you may wish to check it regularly to make sure you're still happy with how we're handling your personal information. If material changes are made to the policy (for example, if we want to use your personal information in a different way), these will be posted on the website, and you will accepted the terms of the Policy on your first use of the website following the alterations.

Access to Personal Information

We want to make sure that you have as much access to your personal information as possible. To find out what personal information we have collected and stored, you can make a ‘subject access request’. If we do hold information about you, we will provide you with the following information as a PDF document:

  • a description of all personal information we hold
  • a summary of why we collect it and how we use it
  • details of any third parties we may have disclosed it to

To make a ‘subject access request’ you'll need to send the request by email to stating why you believe we have your personal information, and what you would like to know. Please be aware that in order to provide you with any information, we will need to verify your identity.


Last updated - April 2018