The HR Dept Ltd is part of a group company called The HR Dept Group Ltd. The HR Dept operates as a franchise, which means that HR Dept offices around the UK and Ireland are individual registered companies operating under licence to use the HR Dept brand and resources. We refer to this as the ‘HR Dept Network’.
This Privacy Notice explains how information collected and processed by The HR Dept network as a franchise of independently operated businesses collects and processes your information.
How does the HR Dept collect and process information about you and who is responsible for it?
The HR Dept may collect and process information about you from several sources which are outlined here.
- When you enter your information on a contact form on our website. The data controller for this data is The HR Dept Ltd.
- When you enter your information into a newsletter subscription form. The data controller for this data is The HR Dept Ltd.
- When information is received through networking activity by a staff member of any business in the HR Dept Network with information about yourself or your company and where it is understood there is a legitimate interest in receiving HR services from the HR Dept. The data controller for this information is whichever business within the HR Dept Network you provided the information to, and The HR Dept Ltd is a sub-processor.
- When your company or employing company enters into a client agreement with a business in the HR Dept Network and provides information about you to that HR Dept business for the purposes of receiving HR services. In this case, only information about you that is relevant to the delivery of these services should be shared by your employer with the HR Dept. The data controller for this information is your company or employing company. The business within the HR Dept Network you provided the information to, and The HR Dept Ltd, are sub-processors.
- When you submit personal information, a CV or other application information to an HR Dept office for the purposes of recruitment, that HR Dept office’s registered limited company is the data controller. That HR Dept office will process your information in accordance with the purpose for which it was submitted only. For the purposes of recruitment on behalf of one of its clients, that HR Dept office will share with its recruiting client only the appropriate data necessary for the purposes of undertaking the recruitment application for which you submitted your data. From time to time, HR Dept offices may use recruitment companies or similar third parties to support them with recruitment activity. In such circumstances, the data privacy notice for the third party recruitment company will be available through their own website.
What sort of information about you is being collected and processed by the HR Dept?
In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively.
How can you find out what information the HR Dept holds about you?
Under the Data Protection Act (2018) and European GDPR regulations, any person about whom organisations hold data (a ‘data subject’) is allowed to request a copy of that information. This is called a Subject Access Request (‘SAR’).
There is guidance for individuals who want to make a Subject Access Request on the website of the regulator, the Information Commissioners Office (‘ICO’) (https://ico.org.uk) and it is strongly recommended that you review this guidance before submitting your request to avoid any delays. There is also information on this site about requirements for SARs for both the requesting and responding parties, and who SARs should be sent to.
If you wish to make a subject access request to the HR Dept, these should be submitted to the Head of Operations by email to email@example.com, or by post to:
The Head of Operations
HR Dept Ltd (Central Office)
3 Brook Office Park
Bristol BS16 7FL
Why is the HR Dept collecting and processing your information?
We collect and process information about you for several purposes depending on the context of the information and how it was collected:
- to analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest.
- to personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing HR Services through the HR Dept, we will pass on your information to a franchise business operating under license from The HR Dept Ltd that is located closest to you or can appropriately service you, so that they may offer you their products and services.
- to survey contacts about activity directly related to HR Dept marketing activity, service delivery or directly related projects undertaken by the HR Dept Ltd.
- to provide outsourced HR services to your company or employing company in line with client agreements made with the company.
- to provide recruitment services to its client companies for which you have submitted your data for the purposes of/in relation to an application for employment.
If you provide your information to us through this website, we would consider this to mean you have a legitimate interest in our services, and that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.
How long is your information kept, and can you make sure it is accurate?
The HR Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, then it will be kept until one of the following is true:
- You request for your data to be erased (see section below) and this can be legally fulfilled.
- The data is known to be or is suspected to be invalid/inaccurate by the HR Dept.
- The data is known to be or is suspected to be no longer appropriate for use for reasons of legitimate interest by the HR Dept (as outlined above).
If you believe any information held by the HR Dept is incorrect and wish to amend it, please contact us in writing. Please see the section at the end of this Privacy Notice about how to contact us by email or post.
Can you opt-out of marketing or request for your information to be erased?
The HR Dept does not wish to undertake marketing activity towards those who do not wish to receive it, and we will always comply with a request from you to either opt-out of marketing. We will comply with a request from you for your information to be erased if it is appropriate to do so (a) in accordance with the Data Protection Act (2018) or the European GDPR requirements and (b) if there is no legitimate justification for retaining the information.
In some cases, we may not be able to agree, wholly or in part, to your request for your information to be erased if there is a legitimate requirement to keep it. An example of a legitimate requirement would be if you are an employee of a company using the HR Dept for outsourced HR services, and you are involved in some way with an HR issue which is being dealt with by business within the HR Dept Network. In such a case, there is a legitimate requirement to retain relevant information relating to that issue in order for your employer to be able to resolve the HR issue and any related legal challenges. This may extend beyond the apparent resolution of the issue if there is a reasonable argument that the information may need to be revisited.
- Use the ‘opt-out’ or ‘unsubscribe’ link in any marketing communication from HR Dept if you do not wish to be contacted with any marketing communications.
- Request directly by email to firstname.lastname@example.org if you do not wish to be contacted with any marketing communications.
- Request by email to email@example.com if you wish for your information to be erased (the right to be forgotten).
- Contest our determination of a legitimate requirement to retain your information on a case-by-case basis. In the first instance, we ask that you contact the relevant HR Dept office to obtain an explanation of that determination.
Who else is your information shared with?
The HR Dept does pass your information to third parties outside of the HR Dept Network, other than to specific data sub-processors necessary for us to market and provide our services.
In order to facilitate marketing and delivery of our services to those who have provided their information and who we believe have a legitimate interest in our business, we may share your information with specific ‘sub-processors’ with whom we have data sharing agreements. We want to be clear and transparent with you about the sub-processors we use and what we have done to ensure that they take your data protection as seriously as we do.
HR Dept businesses operating under licence from The HR Dept Ltd
If you fill in your details on a contact form with interest in accessing HR Services through the HR Dept, we shall pass on your personal information to a franchise business operating under license from The HR Dept Ltd that is located closest to you or can appropriately service you, so that they may offer you their products and services.
Other than the data sub-processors below, or the franchise businesses operating under licence from The HR Dept Ltd mentioned above, the HR Dept will not share or sell your information with other companies.
The HR Dept Ltd will share your information for marketing or service delivery purposes with the sub-processors below. This is only shared for the purpose of sending you HR Dept marketing content or HR Dept survey/research material relating to the HR Dept’s own services, or if necessary to be able to deliver HR services to your company/employing company in line with our client agreements and related contracts.
These sub-processors are:
Astonish Email Ltd
Astonish Email Ltd provides our Astonish marketing online platform. This is an online system which the HR Dept uses to send out our newsletters, promotional materials and marketing-related communications to clients, prospective clients who have chosen to share their data with The HR Dept Ltd or one of the franchise businesses trading under licence from The HR Dept Ltd, or contacts in businesses who have provided their information to us for whom we understand there to be a legitimate interest in our survey activity.
We use Microsoft Office 365 to manage our emails and file storage, which may include some information that has been collected through our website or other sources relating to marketing and surveying activity. Microsoft have confirmed that they are DPA/GDPR compliant and have updated their terms and conditions to reflect this. Microsoft may transfer data outside of the EEA but will only do so in a manner which protects your data and meets the requirements of the GDPR and the Data Protection Act (2018).
Workbuzz Ltd are a surveying company with whom we may share your data in the interest of undertaking customer surveys about HR Dept services. We have a Data Sharing Agreement in place with Workbuzz which governs the transfer of data to them and ensures that this is DPA/GDPR compliant.
SugarCRM / Sugabyte Ltd
We use a CRM system called SugarCRM which is hosted by a company called SugarCRM based in California and is administered in the UK by a distributor called SugaByte Ltd. On this system, we may store and process information about you collected through our website or marketing activities. All of this data is stored on secure servers based in Germany. We have a Data Sharing Agreement in place with SugaByte which governs the transfer of this data and ensures that it is GDPR/DPA compliant. SugaByte, in turn, have such an agreement in place with SugarCRM.
Straight Solutions Ltd / ARAG plc / Nash & Co Solicitors LLP
As part of our Tribunal Indemnity Insurance offering to our clients, we may transfer client data to our insurance broker (Straight Solutions Ltd), our insurer (Arag Plc) and our specialist employment law firm (Nash & Co Solicitors LLP) in order to manage your policy and support/defend any claims arising from it. We have put measures in place to ensure that this transfer is compliant with GDPR and the DPA and that your data is appropriately protected.
Additional sub-processors using your data via companies that operate under franchise licence from The HR Dept Ltd
As well as the sub-processors above, data provided by your company about you or your employees to franchise businesses that operate under licence from The HR Dept Ltd may be shared with other sub-processors in the interest of delivering those services. Detail of those sub-processors will for part of the client agreement between your company/employing company and that HR Dept licensee business, and you can contact that HR Dept licensee business directly for more detail.
Each of the sub-processors listed above may change and be updated at any time, but our commitment to the security of your data remains. Any new providers will be subject to the same vetting and selection process and will be governed by the same or similar terms and conditions.
Under these agreements, data may be transferred outside of the EEA but only where your rights and the rights of the data subject are protected and where that transfer is compliant with the requirements of the DPA and GDPR.
How is the data stored?
The information we collect is stored in secure cloud vaults that operate inside the EEA. This includes SugarCRM, Microsoft, Google & Act-On. All information is stored in an encrypted form. Information held by Microsoft on our behalf may be transferred outside of the EEA but only where there are appropriate protections in place and in line with GDPR guidance.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies using the following instructions, although in a few cases some of our website features may not function as a result. You can configure cookie settings in your browser’s settings.
Detailed step by step guidance on how to control and delete cookies is also available from www.aboutcookies.org.
Changes to our Privacy Notice
We keep our Privacy Notice under regular review and we will place any updates on this web page.
How to contact the HR Dept
If you would like to contact the HR Dept in relation to any matter covered in this Privacy Notice or with queries about our website or marketing/survey activity, please email firstname.lastname@example.org or write to us at The HR Dept Ltd (Central Office), First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL.
Looking for expert HR support?
We can help you focus on your business by taking care of all your human resources needs.
Let us know how we can help or ask about our free initial HR review.
Preventing People Problems
Office Address: Token House, 11/12 Token House Yard, London, EC2R 7AS | VAT Number: 197277554 | Registration Number: 9128023
Copyright © 2007 - 2021 The HR Dept Ltd. HR DEPT is a registered trademark belonging to The HR Dept Limited.