Privacy Policy

1. Purpose

HR Surgery understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who interacts with us – this includes visitors to our website, our clients and their employees, our consultants, and any other third parties who give us information. We are committed to protecting all personal data we are given.

This policy describes the type of personal data we collect from you, how and why we use your data and how we store it. The policy also explains your privacy rights and the process for raising any concerns you might have around how we are treating your data.

Our privacy policy embodies the following key principles:

  • Accountability
  • Lawfulness, fairness, and transparency,
  • Purpose limitation,
  • Data minimisation,
  • Accuracy,
  • Storage limitation,
  • Integrity and confidentiality,

 

2. About HR Surgery

HR Surgery is a Human Resources consultancy based in Surrey. We have a network of consultants who support us on a freelance basis. Our consultants are all self-employed or operate through a limited company. In this policy “HR Surgery” means anyone operating under the HR Surgery brand.

All HR Surgery directors, employees and consultants are registered with the Information Commissioner’s Office and are thus entitled to process personal data.

 

3. The data we collect from you and how we use this information

Personal data, or personal information, means any information that can be used to identify a living person. Examples of what this means in practice include:

  • Identity data such as first name, last name, title, and username or similar identifier.
  • Contact data such as email address, telephone number, office address or billing address.
  • Financial data such as bank account and payment card details.
  • Transaction data, which includes details about payments to and from you and other details of services you have purchased from us.
  • Usage data, including how you use our website and services.

We only collect personal data relevant to the type of transactions or interactions that you have with HR Surgery. This includes, but is not limited to, the following scenarios:

Data for marketing purposes
If you sign up to any of HR Surgery’s services, such as our newsletters, we may collect and process personal data such as your name, email address, address, telephone number and other information relating to you. We store and use your data to provide the services and information you requested as well as to provide you with further information about our products and services.

If you have agreed to receive marketing from us but then later change your mind and no longer wish to receive marketing, please let us know so we can remove you from our distribution lists.

We will never use employee information for marketing purposes.

Client data
If you become a client, we collect data such as your name, contact details and bank transaction details so that we can administer and maintain our relationship with you.

Data on clients’ employees
If you become a client of HR Surgery, we are also likely to collect personal data relating to some or all of your employees. We use this information for the purposes of providing HR consultancy, recruitment and coaching services relating to those employees.

Data on our consultants and associates
If you are a consultant of HR Surgery, we collect data such as your name, contact details and bank transaction details so that we can administer our relationship with you and ensure that you are paid for the services you provide.

Internet Protocol (IP) address
An IP address is an assigned number which allows your computer to communicate over the Internet.

When you visit our website our server will record your IP address together with the date, time, and duration of your visit. We use this information to compile statistical data on the use of our website to track how users navigate through our site in order to enable us to evaluate and improve our site.

Cookies
A cookie is a small text file placed on your computer or device by our website when you visit certain parts of the site and/or when you use certain features of our site. We collect cookies to allow us to recognise you, your preferences, and how you use our website. Details about disabling these cookies can normally be found in the ‘help facility’ provided with your browser.

 

4. How we store your information and keep it secure

Your information (and that of your employees if applicable) is securely stored within the UK using up-to-date data storage and security techniques to protect from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss.

Although we will do our best to try to protect your information, we recognise that the transmission of information via the internet is not completely secure and so we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details on how long we store the data we collect is contained in our Retention Schedule. However, if before the date specified in the Schedule, we are no longer lawfully entitled to process your data or you validly exercise your right of erasure, we will remove or anonymise your personal data from our records at the relevant time.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

5. When and how we might share your information

We will not normally share your information with any third parties outside HR Surgery. We will only disclose your information to a third party where you have given your consent or where we are required to do so by law, or where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights.

Our cloud document storage, email system, our website, and any other databases we use are all administered by a representative from HR Surgery but may be hosted by third party providers. Details of these providers and of how we work with them to protect your information and employee information are available upon request.

 

6. Your rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information (called a ‘data subject access request’).
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Please get in touch using the contact details below if you would like to exercise any of your rights. You will not be required to pay any charge. If you make a request, we have one month to respond to you.

You can read more about your rights on the ICO website:
https://www.ico.org.uk/

 

7. Hyperlinks

You may come across hyperlinks on our website. These may take you to sites operated by other organisations for which we are not responsible. Although we have been very careful when developing our website, we have no control over any of the information you can access via other websites. Therefore, no mention of any organisation, company, or individual to which our website is linked shall imply any approval or warranty as to the standing and capability of any such organisations, company or individual on the part of HR Surgery.

 

8. Contact information

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

Email address: hello@hr-surgery.co.uk

Telephone number: 01932 239830

Registered Address: 16 Gorselands Close, West Byfleet, Surrey, KT14 6PU

Website address https://hr-surgery.co.uk

 

9. What to do if you are unhappy about how we handle your data

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above.

You can also complain to the UK regulator, the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint/

 

10. Policy review

This policy will be reviewed and updated from time to time and without prior notice to you. We will display a prominent notice on our website to notify you of any significant changes.