We take your data protection seriously and would like you to know how we look after and protect the data that you send to us.
The only data that we hold on you or your employees, is data you have provided to us in the course of delivering services to you, or information on the advice that we have given to you.
We will never sell your data or pass it on to any third parties except, in the course of providing the agreed services to you.
In order to provide these services to you, we use a number of sub-processors who may have access to your data. We want to be clear and transparent with you about the sub-processors we use and what we have done to ensure that they take your data protection as seriously as we do.
These sub-processors are:
The HR Dept Ltd
The HR Dept is a franchise organisation with offices located across the UK. The franchisor is The HR Dept Ltd and in the course of providing services to you we may share your information with them. The HR Dept Ltd is fully GDPR compliant and this transfer of data is governed by a specific agreement between us and them.
We use Microsoft Office 365 to manage our emails and file storage. Microsoft have confirmed that they are GDPR compliant and have updated their terms and conditions with us to reflect this. Microsoft may transfer data outside of the EEA, but will only do so in a manner which protects your data and meets the requirements of the GDPR.
Sugar CRM / Sugabyte
We use a CRM system called Sugar CRM which is administered by a distributor called Sugabyte. On this system we may store data on you and/or your employees including details of the advice we have given you. All of this data is stored on secure servers based in Germany. We have a Data Sharing Agreement in place with Sugar CRM and with Sugabyte which governs the transfer of this data and ensures that it is GDPR compliant.
Avagio IT Services
To manage our IT we use an outsourced IT provider called Avagio IT Services. We have a Data Sharing Agreement in place with Avagio which governs the transfer of this data to them and ensures that this is GDPR compliant.
Tribunal Indemnity Insurance
As part of our Tribunal Indemnity Insurance we may transfer your data to our insurance brokers, our insurers and our employment lawyers in order to manage your policy and any claims arising from it. We have put measures in place to ensure that this transfer is compliant with GDPR and that your data is appropriately protected.
In the course of providing services to you, we may engage the services of an outsourced DBS check provider. We have a specific agreement in place with them which ensures that your data is protected and that our provider is GDPR compliant.
My HR Toolkit
We have a recommended HR software provider called My HR Toolkit which we may refer you to. My HR Toolkit have produced a Privacy Statement which can be given to employees which details how My HR Toolkit manage their data in line with GDPR. This document can be found on their website here – https://www.myhrtoolkit.com/gdpr/privacy-users/ They also have clear information on their website regarding GDPR and their compliance. This information can be found here – https://www.myhrtoolkit.com/gdpr/
Employee Assistance Programme
We have a preferred provider for EAP services which we may refer you to. This service is completely anonymous and no personal information is shared with them. As such there is no change to their contract or terms and conditions regarding GDPR.
Each of these providers may change at any time, but our commitment to the security of your data remains. Any new providers will be subject to the same vetting and selection process and will be governed by the same or similar terms and conditions.
Under these agreements, data may be transferred outside of the EEA but only where your rights and the rights of the data subject are protected and where that transfer is compliant with the requirements of the GDPR. For more information on any of the above please contact our Managing Director, Tracey Hudson who can be contacted on 07881 628658 or 01926 353131 / 01773 378020 or email firstname.lastname@example.org