Who we are
We are Heard HR Solutions Limited, a Human Resources consultancy based in Torfaen, South Wales. We are registered under company number 11014165.
If you have any questions about this Privacy Notice, please contact:
- Heard HR Solutions Ltd
- E: firstname.lastname@example.org
- T: 01633 960 197
What personal information do we hold and where does it come from?
We only collect personal data that is needed, adequate and relevant for the specific purpose. We collect, process and use personal information in a number of different ways depending on who has provided the information and for what purposes:
Job applicants, current and former employees
When individuals apply to work for us, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau, we will not do so without informing the applicant beforehand, unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that information.
Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
People who contact us
We may record personal information provided to us by telephone, email, in person or otherwise in writing or electronically. We will only use your information for the purposes that you provided it to us and for administrative purposes, and always in compliance with Data Protection law.
People who visit and use our website
Our site may invite you to sign up for certain features, such as newsletters, email updates, demo requests and other general interactive features. Where you provide information for these purposes, we will use your information to provide the relevant service or feature that you have requested and to manage your preferences. We may also gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our newsletters and email subscriptions. You will have the ability to unsubscribe from any repeat communications at any time.
Interactions on social media
Clients and their job applicants, current and former employees
We hold client contact information, and we collect and process the personal information of our clients’ job applicants, employees and former employees on behalf of our clients. This information is supplied to us by our clients and we only hold this data with the permission and upon the request of our clients.
The personal information we hold may include sensitive personal data. Examples of the personal information we collect and use on behalf of our clients are:
- Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers)
- Date of birth and age
- National Insurance number
- Marital status
- Family, lifestyle or social circumstances, if relevant to the service provided
- Education and employment details/employment status
- Health records
- Salary information
What we do with personal information
We collect and use personal information only for specified, explicit and legitimate purposes:
- We use personal information to help us manage and perform our contractual obligations, and for the establishment and defence of our own and our clients’ legal rights.
- Data we collect is used for the legitimate interests of our clients in support of their good governance, accounting and auditing practices and to assist in managing their business operations in compliance with Employment, Health and Safety, Data Protection and other applicable laws.
- We do not collect sensitive personal data on our website.
- We do not use any personal information for marketing purposes, at any time.
- Heard HR Solutions Ltd does not use automated decision making and no profiling is conducted by us by automated means.
Who we share personal information with
We may share your personal information with third party service providers who perform various functions to enable us to provide our services and help us operate our business, such as: website hosting and design; sending email communications; fraud detection and prevention; customer care, or performing analytics.
Our contracts with these third parties require them to maintain the confidentiality of any personal information they may access or that we provide to them. They may only act on our behalf and under our instructions, and they may not use personal information for purposes other than the product or service they provide to us, or to you on our behalf:
- Heard HR Solutions Ltd uses Microsoft Office 365. Office 365 is the brand name Microsoft uses for a group of secure cloud-based subscriptions that provide productivity software and related services. We use Microsoft to manage our administrative and financial records and email.
- Heard HR Solutions partners with BreatheHR, which is the trading name of Centurion Management Systems Ltd., a company registered in England and Wales under company number 3020608. We partner with BreatheHR to provide our clients with a Human Resources management system. The BreatheHR system is a secure, cloud computing platform that offers high availability and dependability to support our clients’ Human Resources operations.
- We use WordPress.com to develop our website. WordPress is an online publishing platform developed by Automattic Inc., a company registered in the United States of America.
How we and our partners secure personal information
Heard HR Solutions Ltd process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing:
- Microsoft Office 365 is certified to the information security standard ISO 27001 and meets the physical, logical, process and management controls of ISO 27001:2013. Microsoft is also independently verified as complying with ISO 27018, which establishes a uniform, international approach to protecting the privacy of personal information stored in the cloud.
- BreatheHR operates and maintains an Information Security Management System (ISMS) to control information appropriately. Certification to the information security standard ISO 27001 will be achieved in the first half of 2018. Breathe implements human, organisational and technological security controls to protect personal data from unauthorised access, unwanted disclosure, modification, theft/loss, denial of service attacks or any other threat.
- Automattic Inc. continually monitors security threats and issues immediate security releases upon discovery of any potential vulnerabilities. Heard HR Solutions automatically implements all website security enhancements and updates upon release. All traffic through our website is automatically encrypted by WordPress.
Where personal information is stored
- Microsoft Office 365 holds our business data in its data centre in Dublin.
- Our BreatheHR partner uses Amazon Web Services (AWS) which is located in Ireland to store its databases and production environment. These services are supported by BreatheHR’s disaster recovery site in Germany.
- Automattic Inc. is based in the United States of America and acts in compliance with US law. A EU-US Privacy Shield framework agreement is in effect with the US government which imposes strong data protection obligations on companies in the US receiving personal data from the EU. Automattic Inc. is a certified participant in the EU-US Privacy Shield.
How long information is stored for
We only keep personal data we collect for as long as it is needed. In addition, our data subjects have the right to request erasure of their individual data.
Data subject’s rights
As a ‘data controller’, Heard HR Solutions Ltd complies with all data subject rights and requests. As a ‘joint controller’ and/or ‘data processor’ for our clients, we make every effort to support our clients’ compliance with the data protection rights of their job applicants, employees and former employees:
Right of Access
We try to be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
The Right of Erasure (‘Right to be Forgotten’)
You have the right to request that Heard HR Solutions Ltd (as the data controller) erase all personal data we have about you, and we must respond to that request without undue delay. There are some conditions that apply with this right, but we will make every attempt to respond to a ‘Right to be Forgotten’ request within 30 days of receiving it.
The Right to Rectification
If you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.
The Right to Restriction
In circumstances where data cannot be removed immediately you have a right to request we restrict using it. The right to restriction is there to protect you in cases where an immediate resolution cannot be found. In the unfortunate event of this type of request being received, we will cease all processing activates immediately.
The Right to Withdraw Consent
Should the time come where you no longer wish for us to have or use your personal data you may withdraw your consent, and you may do so at any time without detriment. We may contact you to verify the request. To withdraw your consent for us to process your data you can contact us at Heard HR Solutions Ltd’s main telephone number or email address below.
The Right to Object
The right to object is a basic freedom all democracies enjoy, and Heard HR Solutions Ltd is no different. If you wish to object to the way we use, or have used, your personal data you may do so freely.
The Right to Portability
This is a legal right afforded to you that most companies already provide; it basically states that if you request it, we must pass on all of the details you have given to us to another provider of your choosing.
The Right to Complain
The Heard HR Solutions Ltd will always try to maintain the highest standards and encourage the confidence our customers have in us as an organisation. In order that we can achieve this we respectfully request that any complaints be first brought to our attention so we can properly investigate matters. If, however, you would like to complain about Heard HR Solutions Ltd to a supervisory authority you may do so by contacting the Information Commissioners Office on 0303 123 1113, or anyone of the other reporting methods listed on their website – https://ico.org.uk/concerns
Heard HR Solutions Ltd