Last updated November 2023. 

OVERVIEW

Your HR Friend values the trust you place in us when providing personal data. We aim to protect your data to the highest of standards  as we provide our services and products to you and provide transparent information on how it is handled. This Privacy Policy was last updated on 2 November 2023.

It applies to personal data collected across Your HR Friend's services, including our website, consultations, events and communications. This Privacy Policy provides information on:

• What personal data we collect
• How and why we use your personal data
• How we share your personal data
• Your rights and choices
• How we protect and store personal data

Please take time to read this policy carefully. Contact us if you have any questions!

SCOPE OF THIS POLICY 

This Privacy Policy describes how we process the Personal Data of our existing and prospective customers, and end-users who use or request our Services, visitors of our websites, partners, and those who participate in our promotions or events (“you” or “your”). It also describes your data protection rights, including your right to object to some of the processing activities which we carry out.

This policy applies to all Personal Data that we collect, use, or disclose when providing our websites, platforms, apps, products, and services owned or operated by us. ( together, the "Services"). 

We take the protection of your privacy very seriously. We treat your Personal Data with the utmost care and in compliance with the applicable data protection laws. We may also provide you with additional information when we collect Personal Data where we feel it would be helpful to provide relevant and timely information.

This Privacy Policy describes our independent privacy and data processing practices as a data controller.

If you are applying for a role with Your HR Friend, please refer to our Candidate Privacy Policy. 

WHO WE ARE

In this policy, "Your HR Friend", "we", "us" or "our" refers to Your HR Friend Ltd, a UK-based HR consultancy service - the go-to HR support solution for UK employees needing help navigating workplace issues. 

A brand new perspective - focusing on using our extensive HR expertise to essentially help you , the employee,  "beat" the system companies often use to protect themselves. Unlike internal HR departments that protect company interests, Your HR Friend provides unbiased expertise focused solely on advocating for your rights, needs, and success as an employee. 

We level the playing field through personalised consultation, dispute coaching, ongoing access to advice, and genuine caring. With Your HR Friend by your side, you approach employee relations from a position of knowledge, confidence, and clarity.

WHAT IS PERSONAL DATA?

Personal Data (also known as “Personal Information”) is any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

Special Categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation (“Special Categories of Personal Data”).

If you can’t be identified, then this notice does not apply to you. An example of this is when your Personal Data has been aggregated and/or anonymised.

WHAT INFORMATION DO WE COLLECT?

The Personal Data we collect and process will vary depending on your dealings with us and the Services we provide to you.

We may also collect and process Special Categories of Personal Data with your explicit consent when providing our Services to you, which includes Special Categories of Personal Data submitted by you, or on your behalf, through our website or our internal operating platforms : ODOO. 

Information we collect when you use or request our Services

We collect the information you provide to us when you do things such as request, sign up for and use our Services, update your user profile, or voluntarily engage with us in other ways. The following shows the information we collect and how it relates to our Services:

• Contact details (name, email, phone number, postal address and social media handles)
• Employment details ( including occupation or job title, information relating to your current employer, information relating to your former employer and role, key dates relating to your current role and/or past roles, employemnt issues, salary and/or pension details including documents such as payslips and payment summaries, citizenship and visa status for work eligibility purposes, and tax information)
• Special Categories of Personal Data (including health or disability information, biometric information, immigration information, criminal history and background checks, and certain diversity related information)
  
• Communications and consult notes
• Event registration details
• Payment information (banking, or debit/credit card details)

Information we collect from your other interactions with us

We collect information when you interact with us, such as when you use our websites, communicate with us via email, telephone, SMS, video conference, social media or chatbots, attend or participate in our events or promotions, or when we collect feedback from you on the Services we provide. The information we may collect in these circumstances include your name, business name, address, email, phone number, company/employer information, job function, team size, reason for contacting us, survey and research responses, social media information, and video and call recordings.

Information that we automatically collect from you

We automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes digital interactions data, i.e., how you use our digital properties (including our websites, third-party websites, social media sites, apps and electronic communications), metadata (collected on an anonymous basis), consumer analytic data (collected on an anonymous basis but which can be attributed to you based on other information we have about you), log file information, information about the type of device and operating system used by you, location information, computer IP addresses, and marketing and cookie preferences, including any consent you have given us.

Information we collect from third parties

We may collect Personal Data about you from third parties in the process of providing our Services to you where you have provided consent, or where such Personal Data is provided to us under a legal basis. This includes where Personal Data is collected through third-party APIs, or by third party service providers, including social media sites who are permitted to disclose that information to us under a legal basis, or to support our delivery of Services or direct marketing activities. We may also collect Personal Data about you through our affiliates.

Google API policies

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google reCaptcha

We have implemented Google reCAPTCHA Enterprise on certain products and services to prevent malicious software from engaging in abusive activities on our Services. Your use of reCAPTCHA Enterprise is subject to Google’s Privacy Policy and Terms of Use.

Google Analytics

We may use Google Analytics to obtain certain analytics information regarding your interactions with our Services. You may opt-out from the Google Analytics service using your information by installing the Google Analytics Opt-out Browser tool. 

We also automatically collect certain data from your use of our website and services through cookies, web beacons, and other technologies. This may include:

• IP address
• Browser type and language
• Referring site and exit pages
• Operating system
• Date/time stamps
• Browsing behaviour within the site
• Interactions with site content and emails

Information we collect from you about third parties

From time to time, you may provide us, and we may collect from you, Personal Data of or about a third party (for example, information you put into our systems as an employee about your employer). When you provide the Personal Data of a third party, it is your responsibility to ensure that the necessary consent has been acquired or other lawful basis is relied on, and that those individuals are aware of this Privacy Policy, and that they understand it and agree to accept it.

We use Plausible Analytics which utilises anonymous usage analytics cookies to understand site traffic.

HOW AND WHY WE PROCESS THIS INFORMATION

We must have a legal basis to process your Personal Data and we explain these legal bases below. We also explain the purposes for which we process your Personal Data, the processing operations that we carry out, and the categories of data that we use for each purpose.

LEGAL BASIS

a) Contractual performance – we have obligations under our contract with you. To fulfil those obligations, we will have to use your data.

b) Consent – in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data, and the purposes for which the data will be used.

c) Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing activity taking place.

d) Legal obligation – as an organisation, we are obliged to comply with applicable legal and regulatory requirements. In certain cases, we will have to use your data to meet these obligations.

PURPOSES

We may process your data for different purposes. We may also provide you with notices that further specify the purposes for some of the processing described below, and on the rare occasions when we need to ask for your consent, we will only do so at the time we collect your Personal Data.

a) Provision of Services and administration of our contract with you (Contractual Performance or Consent)

We use your Personal Data to administer aspects of our relationship with you so we can fulfil the obligations we have in the contract between you and us or based on your explicit consent.

We process your information:

• to fulfil a contract, or take steps linked to contractual obligations;
• to provide our Services, including ancillary Services such as customer support;
• to take payment for our Services (where applicable); or
• to send you service, technical and other administrative emails, messages, and other types of communications relating to our Services.

b) Our business purposes (Legitimate Interests)

We have an interest in maintaining, developing, and protecting our business interests and legal rights.

We process your information:

• to ensure our Services are working as intended, such as tracking outages or troubleshooting issues that you report to us, to make improvements to our Services, and to help us develop new products and services;
• to ensure your experience with our Services is personalised and customised, and to tailor our communications and marketing to you;
• to analyse data about your use of our Services to do things like optimise product or service design;
• to conduct surveys and other market research to ensure our Services are relevant to your needs;
• to investigate any complaints by or about you;
• to investigate any suspected breach of any of our terms and conditions or unlawful activity engaged in by you;
• to investigate, raise or defend ourselves from legal claims;
• to comply with our compliance, regulatory, auditing, investigative and disciplinary obligations (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements;
• to verify your identity and/or carry out credit report checks, and enable us to monitor suspicious or fraudulent activity;
• to protect the security of our premises, assets, systems, and intellectual property, and to enforce company policies, including monitoring communications as permitted by law; or
• where our business interests involve undertaking mergers, acquisitions, reorganisations, or disposals, as permitted/required in accordance with applicable law.

c) Marketing communication and preferences (Consent)

In some cases, we may send you direct marketing based on our legitimate interests or where you have provided us with explicit consent. These communications may be sent in various forms, including mail, social media, SMS, or email.

You have an absolute right to opt out of direct marketing at any time. You can do this by following the instructions in the communication within the electronic message we send to you, or by contacting us via our website.

We may still send you important notices relating to your account, operational activities, and technical updates, even after you have opted out of receiving marketing communications.

d) Cookies and third-party technologies (Consent)

The Services we provide use cookies and similar technologies on our platform, app and websites. Cookies are small text files containing a string of alphanumeric characters which are sent to your computer that uniquely identifies your browser and lets us enhance your experience when using our Services. Cookies also convey information to us about how you use our Services.

When you use our Services, we may use cookies and similar technologies for the purpose of authenticating your use, remembering your preferences and settings, determining the popularity of content, and analysing and understanding your interactions with our Services.

The information that may be recorded includes information regarding your:

• server address;
• domain name;
• date and time of visit;
• previous websites visited;
• use of our sites; and
• browser type.

You can also read our Cookies Policy to further understand how cookies and similar technologies may be used to collect and use your Personal Data.

e) Compliance with law (Legal Obligation)

We analyse and sometimes process your Personal Data to comply with our obligations and exercise our rights under applicable laws.

Those legal obligations, and the processing operations they require us to undertake, are:

• Tax laws and similar obligations (these include tax laws and obligations that apply to us in each of the jurisdictions in which we operate). These require us to undertake tax and national insurance reporting, filing and withholding; and
• Anti-money laundering laws and similar obligations (these include anti-money laundering laws and obligations that apply to us in each of the jurisdictions in which we operate). These require us to undertake specific action to prevent money laundering as part of or in relation to the use of our Services.

Sometimes it is also necessary for us to comply with requirements to respond to court orders, subpoenas, or other legal processes.

In these circumstances we use your personal identification information, contractual relationship information and, in some circumstances, information about your use of the Services.

HOW WE SHARE YOUR PERSONAL DATA

a) Sharing of information when providing our Services

We may share your Personal Data with our affiliates and with other third parties from time to time for the purposes and means described in this Privacy Policy. We may disclose your information to:

• Members and personnel of Your HR Friend – we may share your information between our affiliates and business functions, including with our employees, contractors and representatives for the purposes of the delivery and operation of our Services, and fulfilling requests by you;
• Vendors who support the delivery of our Services – we may disclose your Personal Data (including via APIs) to specific third-party service providers who facilitate the delivery of our Services as this may be necessary to analyse the performance of our Services and deliver them to you at the highest quality. These third parties are given access to your Personal Data only to perform these tasks on our behalf or for our benefit, and are required not to disclose or use it for any other purpose;
• Web browser extensions providers – our sharing of your Personal Data with third parties may occur through the use of verified web browser extensions. These web browser extensions will only be used by the business if it is developed by the third party provider of the standard version of that product or service;
• Legal and regulatory authorities – we may share your information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws;
• Parties involved in a business sale – in the event that we undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business;
• Event partners – we may share your data with event or promotion partners for the purpose of delivering such event or promotion; and
• Business partners – we may share your data with our existing or potential agents, business partners, or joint venture entities to enable us to perform our business activities in relation to our services.

INTERNATIONAL DATA TRANSFERS

We may disclose Personal Data outside of the country in which our customers and users are based in connection with the purposes identified in this Privacy Policy, and the Services described. International data transfers may occur when we share Personal Data with Your HR Friend’s team members and affiliates based globally, including locations from which the team members may work remotely. International data transfers may also occur when we share Personal Data with third-party service providers located globally where it is deemed reasonably necessary for us to make such transfers.

We take measures to ensure that international data transfers take place in compliance with applicable laws relating to international data transfers and in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that Personal Data. If you are a EEA or UK customer or user of our Services, your Personal Data is transferred outside the EEA or the UK in compliance with the relevant requirements under the GDPR.

Adequacy decisions

Where the European Commission or the UK government has determined that certain countries outside of the EEA or the UK have an adequate level of Personal Data protection, Personal Data can be transferred to such a country from the EEA or UK without any further safeguards being necessary. A full list of such adequate countries is available here (for the EEA) and here (for the UK).

Where information is transferred outside the UK, or the EEA to a location that is not subject to an adequacy decision by the European Commission or the UK government, we ensure data is adequately protected. We may transfer your Personal Data (as described in section "What information do we collect" above) for the purposes described in section "How and why we process this information" above to another country by relying on the EU Standard Contractual Clauses for the transfers from the EU, or the International Data Transfer Agreement or International Data Transfer Addendum to the EU Standard Contractual Clauses for the transfers from the UK, or relying on such other data transfer mechanisms as available under applicable data protection laws.

A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

STORAGE AND SECURITY OF PERSONAL DATA

Personal Data held by us will be stored and managed by our third-party suppliers who store data on secure data centres. Further details on our third-party storage provider’s location and security can be found here.

Please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Data we have collected from you.

You can also play an important role in keeping your Personal Data secure by maintaining the confidentiality of any password and accounts used on the Services. Please notify us immediately if there is any unauthorised use of your account by any other internet user, or any other breach of security relating to your account via email at info@yourhrfriend.com.

DATA RETENTION

We store data for as long as necessary to provide our Services and in accordance with our internal Data Retention Policy. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. You can delete some Personal Data whenever you like, some data is deleted automatically, and some data we retain for longer periods of time.

For example:

• We keep account information for as long as your subscription or agreement continues or for as long as it is necessary to deliver our Services.
• We will keep a record of the fact that you have asked us not to send you direct marketing, so that we can respect your request in future. If you unsubscribe from receiving direct marketing, then we will remove your details from our direct marketing mailing list.
• We will keep the usage information and analytics data relating to your use of the Services to understand how people use our Services. We will do this through the use of cookies and tracking technologies to provide us with user analytics data to improve our Services and enhance your user experience. More information about the retention period of cookies can be found in our Cookie Policy.

Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, and for an extended period of time. Reasons we might retain some data for longer periods of time include security, fraud prevention, financial record-keeping, complying with legal or regulatory requirements, ensuring the continuity of our Services, and when you have had direct communications with us.

YOUR RIGHTS AND CHOICES

You have the right to ask us for a copy of your Personal Data to correct, delete or restrict processing of your Personal Data, and to obtain the Personal Data you provide to us on a contractual basis or with your consent, in a structured, machine-readable format.

You can also correct and delete some Personal Data through your account provided by our Services. 

In addition, you can object to the processing of your Personal Data in some circumstances, i.e., when we process your Personal Data based on our legitimate interests or where we are using the data for direct marketing.

These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, including obtaining a copy of your legitimate interest balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.

For the provision of information marked as mandatory when you register to use our Service, if such information is not provided, then you will not be able to use our Services. All other provision of your information is optional. If you do not provide such information, our provision of certain Services to you may be detracted from.

Where we rely on your consent, such as in relation to direct marketing communications, you will always be able to withdraw that consent at any time.

If you ask to withdraw your consent to our processing of your data, this will not affect any processing which has already taken place.

DIGITAL PAYMENT TERMS

For our digital payment terms, click here: terms and conditions of sale of products and services

HOW TO GET IN TOUCH WITH US

If you have any questions or concerns about how we process your data, please contact us via our contact us form on our website.

ENFORCEMENT AND COMPLAINTS

If you have a complaint regarding this Privacy Policy or any breach of applicable data protections laws, please contact us in accordance with section "Storage and security of Personal Data" above. Once we receive a complaint, we will commence an investigation as soon as practicable. We may contact you during the process to seek any further clarification if necessary. We will also contact you to inform you of the outcome of the investigation and if appropriate to confirm how we will comply with our obligations under the Privacy laws in relation to a notifiable data breach.

We will aim to ensure that all questions and concerns are resolved in a timely and appropriate manner. If you are not satisfied with the outcome of your complaint, or require further information on privacy, you are entitled to contact your local data protection supervisory authority.

The supervisory authority that applies to customers and users in the country in which we operate : United Kingdom are set out below.