For the purposes of this policy “the Company”, “we”, “us” “our” etc. refers to Fox HR.
The General Data Protection Regulation (GDPR) lay down certain rules in relation to the way personal data is collected, stored and disposed of.
We are committed to upholding the Data Protection Principles in the interests of protecting personal data from being collected or processed inappropriately and this document explains how we use any personal data we collect about you, or others whose information is provided to us, as well as your rights in relation to this data.
In providing HR Consultancy Services, we process personal data in the capacity of a ‘data processor’ – this being any person, other than an employee of the data controller, who processes personal data on behalf of the data controller. This is most likely to be the case when obtaining and processing employee data on our client’s behalf, for the purposes of providing HR and Employment Law advice.
We may also be considered to be a ‘data controller’ for some data, this being the person who either jointly or alone determines the purposes for which personal data can be processed. This is most likely to occur when obtaining, storing and processing data regarding the administration of our client accounts and for marketing purposes.
The type of personal data we collect
We collect personal information about you, your employees, complainants and enquirers, suppliers, advisers and other professional experts. This may include details of any sales transactions, and third-party information from public sources or our own suppliers or agencies.
The information obtained is dependent on the services we provide or the nature of our engagement, however in respect of the person whose personal information we are processing, this may include personal contact details and identification data, business activities, family, lifestyle and social circumstances, goods and services provided, financial details, education details, employment details and IT information.
In some circumstances, this may also include Special Category Data which is more sensitive and identifies a data subject’s race, ethnic origin, political or religious beliefs, biometric data (where used for ID purposes) or trade union membership, as well as information regarding their health, sex life or sexual orientation.
How we collect personal data
Information will be collected at any time that it is provided to us, including when you register with us or agree to use our services, from records of our correspondence or phone calls, or when you voluntarily complete forms or customer surveys, provide feedback and participate in competitions.
We may also collect details from your visits to our website including, but not limited to, personally identifiable information like Internet Protocol (IP) addresses, as well as telephone recordings.
How we use personal data
We process personal information to enable us to provide consultancy and advisory services, to promote our services, and to maintain our own accounts and records. We will use your information for purposes such as providing quotations, delivery of HR support services and, with your agreement, keeping you informed and up to date on employment matters and other services that we believe may be of interest or benefit to you. Information obtained from our website may be used for purposes such as identifying its visitors or collecting statistics about their behaviour.
The legal basis under which we process personal data is dependent on the nature of the data in question and the context in which it is being processed. In many cases however, personal information is processed on the basis of one, or more of the following:
- With consent
- To meet our contractual obligations in providing a service to you
- In accordance with our legitimate interests
- To comply with our legal obligations
We process personal information when supporting our clients in their employment matters, including the working relationship between our clients and their employees. This may include Special Category Data; the processing of which, under Article 9(2) of GDPR, may be necessary for the purposes of:
- Carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of employment law, or
- Preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services.
Sharing your personal data
We sometimes need to share the personal information we hold however, we will ensure that this is limited only to those who require such access for the proper performance of their duties, or where they have a legitimate interest in relation to the processing of personal data as outlined.
Personal information relating to you, or your employees will only be shared with designated contacts within your Company, unless express permission otherwise is provided by one of those same designated contacts. It may be necessary however, for us to share personal data with external parties such as Associate Consultants, financial organisations, and IT support providers.
Fox HR will not share or sell your data to any external parties for marketing purposes, other than those that we may engage for the purpose of our own internal marketing and promotional activities. It may however, be necessary for us to share personal data with other third parties where required to do so in order to comply with the law and regulations, such as responding to a court order, defending a litigation claim, or HMRC obligations.
It may sometimes be necessary to transfer personal information overseas. In such cases, we will ensure that information is shared in full compliance with the applicable laws.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under the duty of confidentiality, and are obliged to implement appropriate measures to ensure the security of data.
Storing and retaining personal data
Data is stored in a range of different places, including our electronic and hard copy HR management systems, and other IT systems including email accounts. We have internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed and all personal data, in whatever format, is disposed of securely and confidentially.
We endeavour to retain personal data for no longer than is necessary for the purposes for which it is processed. This will be for time periods either recommended by best practice or statutory requirements.
In order to protect the interests of the Company in line with legal timeframes, personal data may be retained for a period of six (6) years following termination of the services or engagement, or from the time that the data subject is eighteen (18) years of age, if termination occurs before this time.
Data privacy rights
As a Data Subject you have the right to:
- Withdraw consent for processing your personal data (this will not affect the processing of your data where it is based on lawful grounds, other than consent)
- Access and obtain a copy of the information we hold about you
- Request to change inaccurate or incomplete data, or to stop processing data for a period, if data is inaccurate or there is a dispute about it
- Request that we stop processing or delete the information we hold about you
- Obtain and reuse your personal data for your own purposes
- Object to:
- the processing of your data where we rely on ‘legitimate interest’, or ‘performance of a task in the public interest / exercise of official authority’ as the legal ground for processing
- direct marketing
- processing for the purposes of scientific/historical research and statistics
If you would like to exercise any of these rights, including making a subject access request, please write to Laura Fox at the address below, or contact the Information Commissioner’s Office (ICO). Please note that any requests relating to data processed on behalf of clients should be referred to the Data Controller (the client Company).
Use of cookies
Circumstances may arise when we may need to gather information about your computer to help provide appropriate services or products to you. The data gathered is solely statistical data, which may be shared with advertisers.
The facts collected about you are statistical only. No identifying information will be shared about our visitors and how they made use of our site. No personal details will ever be shared.
Cookies are used to collect general online usage by using a cookie file. If used, this cookie file is downloaded without prompting. It will be placed on your hard drive with information transferred to the hard drive allowing the cookies to be used for data collection. A cookie is used to improve any services / products or overall website characteristics we offer you.
Any computer has the option to decline cookies. Your web browser options include an “enable” button to decline cookies. It is imperative that you understand by declining cookies you may be limiting your access to sections of our website.
If our advertisers use cookies, it will result from a click on their advertisement, and we do not have control over their cookies if used.
Consent
In agreeing to this privacy notice you consent to us processing your personal data for the purposes outlined. You can withdraw consent at any time by contacting us via the details below.
Contact information
Laura Fox
07491 037 961 / laura@fox-hr.co.uk