top of page

PRIVACY POLICY

ExtraHR Solutions Ltd Privacy Policy

 

At ExtraHR Solutions Ltd we believe in being transparent about the Personal Data that we may hold about You in the course of the HR consultancy and advisory services we provide.  By ‘You’, we mean our clients, your employees and potential job applicants and any relevant third-party suppliers you use.

 

By Personal Data we mean information that relates to you as a living individual and allows us to identify you, either directly or in combination with other information that we may hold.

 

This Privacy Policy explains how we collect, use, store and share (collectively known as ‘processing’) Personal Data that you provide to us in person, online via our website www.extrahrsolutions.co.uk or on social media, by email, text, phone, in writing or any other communication channels that we may use. For the purposes of the General Data Protection Regulation (GDPR) ExtraHR Solutions Ltd is both a data controller and a data processor.

 

By law, we can only process your Personal Data if we have a proper reason to do so (our lawful basis) as follows:

 

  • to fulfil our contractual obligations

  • if we have a legal duty

  • if we have a legitimate interest to do so, or

  • when you consent to it

 

We will only process your Personal Data for the purpose it is intended, that is to provide the HR consultancy services you instruct us to supply.  

 

Through this Privacy Policy, we will always tell you upfront how we collect your Personal Data, why we are processing it and what our lawful basis is.

 

We will be especially careful with special category data (Sensitive Data) and we will only collect and process this type of personal data if you have given us your explicit consent to do so.

 

 

Who we are and what we do

 

ExtraHR Solutions Ltd is a Human Resources Consultancy providing bespoke HR strategy and operational HR support to small and medium sized businesses.  

 

We are registered with the Information Commissioners Office (ICO) registration no ZA348943 and any Personal Data collected will be used and held in accordance with the requirements of the EU General Data Protection Regulation (GDPR) and applicable UK Data Protection laws.

 

The person responsible for data protection compliance within the Company is Joanne Dingwall,  Director.  If you have any enquiries relating to the processing of your personal data please contact Joanne by email at joanne@extrahrsolutions.co.uk.

 

 

How we collect Personal Data

We collect Personal Data about you when:-

  • you enquire about our services through completion of our on-line contact form, by email, phone, post or any other communication channel you choose

  • you request a proposal from us in respect of the services we provide

  • you engage us to provide HR consultancy and advisory services andduring the provision of those services you communicate with us in person, by phone, post, internet, social media or by sending and receiving emails and texts.

  • we receive client referrals from third-parties or via LinkedIn but only if they provide the appropriate evidence that you have agreed to share your Personal Data with us

Accessing Our Website

 

A visit to our website or an enquiry does not create a client relationship between you and ExtraHR Solutions Ltd.

 

When you access our website www.extrahrsolutions.co.uk certain information you provide will automatically be recorded. This will include your web (IP) address, browser type and information relating to the page you last visited.  This information is obtained by the use of cookies. A cookie is a small file downloaded on to the hard drive of a computer or mobile device when the user logs on to a website.

 

Our website is managed by Wix who also use cookies to collect general statistical information to help us understand how our website is used and to improve the service we provide to you. We learn whether visitors have used the website before, which pages are the most popular and how users move around the site. This information does not allow users to be identified individually. A copy of Wix’s Privacy Policy is available at https://www.wix.com/about/privacy.

 

To find out more general information on cookies, and how to control or delete them, please go to AboutCookies.org or AllAboutCookies.org

 

We do not collect Personal Data indirectly, for instance by tracking people individually when they have used our website.

Personal Choice

We will only communicate with you if you have chosen to contact us to enquire about our HR consultancy and  advisory services or in the course of the services you instruct us to supply.  We do not collect or use any Personal Data for the purposes of direct marketing and we do not create and hold email subscriber lists.

 

If at any point you would like to change the way in which we communicate with you just let us know by contacting Joanne Dingwall at joanne@extrahrsolutions.co.uk

 

 

What Personal Data Do We Collect

About Our Clients

 

In the course of providing HR consultancy and advisory services we may collect Personal Data about you to help us verify your identity, respond to your requests, deliver the services necessary for the performance of the contract you have with us and comply with our legal obligations. The Personal Data we collect may include your name, job title, email, IP address, address, telephone numbers, social media account where appropriate.

 

About Your Suppliers

 

Sometimes, in order to fulfil the contract we have with you, or to comply with our legal obligations, we may need to collect Personal Data from third-party suppliers that you work with, eg. payroll provider.  The Personal Data we collect about them may include contact name, job title, email, address, telephone numbers.

 

About Your Employees and Job Applicants

We may also collect Personal Data and Sensitive Personal Data about your employees  and job applicants to fulfil the contract you have with us or to comply with our legal obligations.  This may include:-

  • their name, job title, email, address, telephone number, gender, date of birth, national insurance number

  • information about their nationality and entitlement to work in the UK

  • the terms and conditions of their employment

  • details of their qualifications, skills, experience and employment history

  • information about their remuneration, including entitlement to benefits such as pensions or insurance cover

  • details of their working pattern/schedule (days of work and working hours) and attendance at work

  • details of periods of leave, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave

  • details of any disciplinary or grievance procedures including any warnings issued to them and related correspondence

  • assessments of their performance, including appraisals, performance reviews and ratings, training, performance improvement plans and related correspondence

  • Information about their medical or health conditions

  • information about their race or ethnic origin, sexual orientation, political opinion and religious beliefs

  • details of any trade union memberships

  • Biometric data (eg. e-passport)

Sometimes in order for us to fulfil the contract you have with us we may obtain Personal Data about your employees or job applicants from third-party service providers but only if they provide the appropriate evidence that the individuals have agreed for their Personal Data to be shared with us, eg. payroll provider, recruitment agencies, medical specialists.

Sensitive Personal Data

 

Data Protection law recognises that certain categories of Personal Data are more sensitive and requires a higher level of protection. Data Protection Law refers to this as Special Category Data.  Sensitive personal data covers health information, race or ethnic origin, religious beliefs, political opinions, sex life or sexual orientation, trade union membership, genetics and biometric data.  We will always ask for your explicit consent to collect Sensitive Personal Data about you.

 

Criminal Offence Data

 

In the course of providing the services you instruct us to, we may also collect criminal record information about your employees and job applicants, including criminal convictions and offences.  Under Data Protection Law this is a distinct category of Personal Data with the same higher level of protection as Sensitive Personal Data. We will always ask for your explicit consent to collect Criminal Offence Data about you.

 

How and Why We Use Your Personal Data

 

If we process any Personal Data that you share with us, we will make it clear what we intend to do with it and our lawful reason for doing so.  Please note that there may be more than one lawful reason for processing.

 

Where it is necessary for us to use Personal Data for our legitimate interests, we believe that your rights do not override our reason for processing Personal Data is this way.

 

Under Data Protection Law, in addition to our lawful reasons for collecting and processing  Sensitive Personal Data and Criminal Offence Data  we need to have further justification to process it.  Our additional conditions for processing these categories of Personal Data is that it is necessary in order to perform the contract you have with us and to exercise our legal and regulatory obligations.  We will also ask for your explicit consent before processing Sensitive Personal Data and Criminal Offence Data about you, your employees and job applicants. 

 

We may use your Personal Data collected via our website, and our other communication channels in the course of providing HR consultancy and advisory services to :-

 

  • deal with your enquiries and requests in relation to our HR consultancy and advisory services

  • deliver our services necessary for the performance of the contract you have with us 

  • with our legal obligations and regulatory requirements

Consent On How Your Personal Data Is Used

 

We will always tell you why we are collecting and processing your Personal Data. Where it is necessary to obtain your consent, we will ask for this to be given by a positive opt in choice and we will provide you with information to enable you to make an informed choice. You can be confident that your Personal Data will not be used for any additional purpose without further consent being obtained.

 

We will also tell you how you can withdraw your consent.  However, you must be aware that if you cannot provide us with certain information we may not be able to perform the contract you have with us.

Who We Share Your Personal Data With

 

We do not share Personal Data with any third-parties for marketing purposes.

We will only share your Personal Data with a third-party when is necessary to deliver our service, as part of a contractual agreement we have with you or if we are required to do so by law, eg. HMRC, tribunal court, lawyers. We will always tell you in advance if this is the case, and if the personal data is Sensitive Personal Data, we will ask for explicit consent before any information is shared.

We may also use third-party service providers to support the delivery of our services to you, for example legal firms, recruitment companies, training providers or other independent HR Consultants. When this happens, the third-party provider may use Personal Data or Sensitive Personal Data that you have provided to them in order to carry out their services and obligations.

In some cases third-party service providers will also be acting as a data controller of your Personal Data and therefore we advise you to read their Privacy Policy.  When these third-party providers share your Personal Data with us we will use it as outlined in this Privacy Policy.

All third-party service providers who have access to, and are associated with the processing of Personal Data, are legally obliged to respect the confidentiality of your Personal Data.

Your Rights

Under the EU General Data Protection Regulation (GDPR) you have the following rights:

 

  • The right to be informed about the processing of your Personal Data through this Privacy Policy.

  • The right of access to your Personal Data

  • The right to edit and update your Personal Data

  • The right to request to have your Personal Data deleted -this does not apply where your Personal Data is being processed on the basis of a legal obligation

  • The right to restrict processing of your Personal Data where it may be incorrect or you think the processing is unlawful

  • The right to data portability of your Personal Data

  • The right to object to the processing of your Personal Data for the purposes of direct marketing, scientific or historical research or statistical purposes

  • The right to make a complaint

 

 

Right To Access, Correct, Delete, Move or Object to Personal Data

 

You have the right to request a copy of the Personal Data that we hold about you. The first copy response is free of charge. Thereafter we have discretion to charge a small administration fee.  If you wish to access this right, please contact us joanne@extrahrsolutions.co.uk and we will provide you with a Subject Access Request Form to complete.

 

The accuracy of your Personal Data is important to us. If you believe your Personal Data held with us is inaccurate, incorrect or incomplete, you can ask for it to be updated by contacting us at joanne@extrahrsolutions.co.uk  and completing a Personal Data Control Form.

 

You have a right to have your Personal Data deleted if:

 

  • it is no longer necessary for the purpose we originally collected and processed it for

  • you withdraw your consent

  • you object to the processing of your Personal Data and we have no legal reason

to continue to process it

  • your Personal Data was unlawfully processed by us

 

If you wish to object to us processing your Personal Data, this must be on grounds relating to your particular situation and you must explain this in your request.  We will agree to stop processing your Personal Data unless we can show you that we have compelling legitimate or legal grounds for processing it.

 

If you wish to obtain and re-use your Personal Data under your right to data portability, you can do this if you provided the Personal Data to us and where the processing is based on your consent or related to a contract we have with you.

 

When you request to access your Personal Data or for it to be updated, deleted or moved, or you object to it being processed, we will normally respond to you within one month of the request being received. Sometimes, we may need to extend this timescale to three months and if this is the case we will tell you.

 

 

 

Data Security

 

In order to protect you and your Personal Data we will collect, use, store and share your data safely and securely. To ensure this, we have appropriate security measures in place to prevent your Personal Data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed.  

 

Client files are held electronically on Google Drive and backed up regularly using a cloud-based application. Hard drives are backed up using Apple’s FileVault technology.  Firewall and anti-virus software is also installed.

Files are only accessible via individual secure log-in and password credentials. If we have given (or where you have chosen) a password which allows you to access applications and files for the delivery of our services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Client files containing contact details and assignment information are also stored in hard copy format in a locked filing cabinet.  Only Joanne Dingwall, Director has access to this filing cabinet.

Transferring Your Personal Data Outside of EEA

We do not transfer Personal Data outside of the EEA.

 

Retention Of Data

 

We will only retain your Personal Data for as long as is necessary to fulfil the purpose we collected and processed it for as outlined in this Privacy Policy. This includes any legal and reporting obligations in the UK.

 

  • In relation to the HR consultancy services we provide as part of a contract we have with you , we will retain relevant Personal Data for the length of the contract and for a minimum of six years afterwards.

 

  • Any recruitment related Personal Data for your unsuccessful job applicants will be deleted after 6 months.

 

We will not retain your Personal Data if you have asked for it to be deleted and there is no legal or compelling legitimate reason for us to keep it.

 

When we dispose of your Personal Data, electronic files will be deleted and hard copy files will be shredded.

 

 

Complaints

 

We aim to meet the highest standards when collecting and using your Personal Data.  However, if you wish to make a complaint about the way that we have processed your Personal Data, you can do this by contacting Joanne Dingwall, Director at ExtraHR Solutions Ltd by email at

joanne@extrahrsolutions.co.uk

or by post to

5 Mulloch Avenue, Falkirk, FK2 7GA.

If you are not satisfied that we have addressed your concerns adequately, you have the right to complain to the ICO by calling their helpline on 0303 123 1113 or by contacting them on-line at https://ico.org.uk/make-a-complaint/

 

 

Data Breaches

 

We aim to ensure that we process your Personal Data in a transparent and lawful way, respecting your rights as an individual. However, if we become aware of a suspected Personal Data breach we will investigate this immediately.

 

If having assessed the situation, we believe that the Personal Data breach is likely to result in a risk to the rights and freedom of an individual then we will report the breach to the ICO within 72 hours of becoming aware of it. Examples of this may be Personal Data breaches that result in financial loss or loss of confidentiality, discrimination, damage to your rights as an individual, or our company reputation. We will also inform all individuals affected by the breach.

Other Websites

As part of our services to you we may provide links to other websites for your convenience and information. Please be aware that these sites may have different security and privacy policies. We recommend that you read these as we have no control over and take no responsibility for any information submitted to these other sites.

Changes To Our Privacy Policy

 

This Privacy Policy is effective from 25 May 2018.

 

It will be amended as required to ensure it is up to date and reflects how we use your Personal Data as well as a result of any changes in relevant laws or regulatory requirements. If there is a significant change, where practical we will notify you of this.  However, we recommend that you review this Policy from time to time.

bottom of page