Privacy Policy

In compliance with data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, interact with us or use our services.

We are committed to processing personal information in ways that comply with our legal and regulatory obligations, and to being clear with you about what we do with your personal information.

We are committed to protecting and respecting your privacy and we do not share personal information with other companies for marketing purposes.

The HR Dept is part of a group company called The HR Dept Group Ltd.

The HR Dept operates as a franchise, which means that HR Dept offices around the UK and Republic of Ireland are individual registered companies operating under licence to use The HR Dept brand, intellectual property and resources. We refer to this as The HR Dept.

In this Privacy Policy, whenever you see the words ‘we’, ‘us’, ‘our’ it refers to The HR Dept.

How can you contact our team?

Telephone: (0044) 0345 208 1120

Email: info@hrdept.ie

Postal Address: Central Office, The HR Dept. Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL

If you are an HR Dept client or Licensee, are an organisation that receives HR support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our website, this Privacy Policy applies to you.

If you are a UK HR Dept Network customer or licensee, are an organisation that receives HR support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our main website, our HR Dept Network UK Privacy notice applies to you and can be found at: www.hrdept.co.uk/privacy-policy

Due to the nature of our business, sometimes we may act as a data controller, sometimes we act as a data processor.

Where we act as the ‘data controller’ of your personal data, this means we determine how and why your personal data is processed and this privacy notice will apply to you.

Where we act as the ‘data processor’ of your personal data (for example, if your employer uses the services of The HR Dept) this means we are acting on their behalf and processing your personal data under their instructions, and we would recommend you review their data privacy information; it is likely that they are the data controller and will be best placed to help.

If you are an employee of The HR Dept client, job applicant or previous team member we have created specific policies for you, and they will have been made available to you at the appropriate point in time.

We are registered as a data controller at the UK Information Commissioner’s Office under number Z9156222.

In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively.

The HR Dept may collect and process information about you from several sources or processes which are outlined here:

• When you use our website or subscribe to our newsletter.
• When information is received through networking activity by a staff member of any business in The HR Dept about yourself or your company, and where it is understood there is a legitimate interest in you receiving HR services from The HR Dept. The data controller would be the business within The HR Dept you provided the information to, and The HR Dept Ltd is a sub-processor.
• When your company or employing company enters into a client agreement with a business in The HR Dept and provides information about you to that HR Dept business for the purposes of receiving HR services. In this case, only information about you that is relevant to the delivery of these services should be shared by your employer with The HR Dept. The data controller for this information is your company or employing company. The business within The HR Dept you provided the information to, and The HR Dept Ltd, are sub-processors.
• When you submit personal information, a CV or other application information to an HR Dept office for the purposes of recruitment, that HR Dept office’s registered limited company is the data controller. That HR Dept office will process your information in accordance with the purpose for which it was submitted only. For the purposes of recruitment on behalf of one of its clients, that HR Dept office will share with its recruiting client only the appropriate data necessary for the purposes of undertaking the recruitment application for which you submitted your data. From time to time, HR Dept offices may use recruitment companies or similar third parties to support them with recruitment activity. In such circumstances, the data privacy policy for the third-party recruitment company will be available through their own website.

We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.

Personal information is provided to us in a number of ways and depends on your relationship with us. Personal data may be provided to us by our clients who subscribe to our services, or it may be provided to us directly, for example if you are an HR Dept Licensee.

A small amount may also come from publicly available sources: e.g., Companies House, company websites etc.

We then process it for one of the following reasons:

• To manage our relationship with you
• To respond to your enquiries
• To manage the services we provide to you
• To take pre-contractual and contractual steps with you
• To comply with our legal obligations as a business

Here are some further examples of how we use your personal data:

• To analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest.
• To personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing HR Services through The HR Dept, we will pass on your information to a franchise business operating under license from The HR Dept Ltd that is located closest to you or can appropriately service you, so that they may offer you their products and services.
• To survey contacts about activity directly related to HR Dept marketing activity, service delivery or directly related projects undertaken by The HR Dept Ltd.
• To provide outsourced HR services to your company or employing company in line with client agreements made with the company.
• To provide recruitment services to its client companies for which you have submitted your data for the purposes of/in relation to an application for employment.

If you provide your information to us through this website, we consider this to mean you have a legitimate interest in our services, that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.

We may anonymise and aggregate any of the personal data we hold (so that you can no longer be identified by it).

We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new products and services.

Sometimes we might share your data with third parties. This could include:

• Service providers we use for specific purposes, such as for our IT systems.
• Regulatory authorities, law enforcement agencies and courts.
• In the event of a sale of all or a part of our business, the buyer and its professional advisers.
• Any other subsidiary within our Group business where required 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

• Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us
• We have a contractual obligation
• We have a legal obligation
• We have a vital interest
• We have a legitimate interest

For our general day-to-day data processing activities, we use third party organisations to help us administer and monitor the services we provide:

• For the provision of IT and software services to enable the management of our customers, staff and office administration.
• For financial accounting.
• To share newsletters, promotional detail, industry news or other information that may be of interest to you.
• To help us improve our services.
• For the administration of our website and customer interactions.
• For any legal guidance in the provision of our services.

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations.  We do not, and will never, sell your personal information to other third parties.

Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.

We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct it.

We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection and cyber security. The HR Dept Group Limited are also certified with Cyber Essentials provisioned by IASME. 

However, we understand that even the best laid plans can sometimes go wrong, and therefore we have developed and rehearsed a breach management process. In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will endeavour, where required, to notify you, and other relevant parties such as the ICO, within 72 hours of becoming aware of the incident. We will do this by informing you via the contact details that we have recorded for you.

We will only store your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights.

This means that your data will be retained in line with statutory and regulatory requirements. For example, we retain details on services and products delivered for a minimum period of 7 years post the end of the transaction.

The HR Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, the criteria used to determine these retention periods includes:

• To comply with the minimum regulatory retention requirements as set in law.
• To comply with the statutory retention periods for accounting records, as set by the Companies Act and HM Revenue & Customs (HMRC).

Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include:

• To enable us to provide you with our products and services.
• To allow us to resolve any disputes or complaints.
• For the detection and prevention of fraud.

If you believe any information held by the HR Dept is incorrect and wish to amend it, please contact us at dataprotection@hrdept.co.uk.

Our website may contain links to other external websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

Artificial Intelligence (AI) is emerging as a transformative technology, revolutionising professional services and the HR sector with its wide-ranging applications. However, ensuring the acceptable and controlled use of AI is vital to maintain quality of output, ethical standards and most importantly our trust with you.  

In The HR Dept, we use Artificial Intelligence (AI) in the form of Microsoft Copilot. Microsoft Copilot leverages built-in security features of Microsoft applications to protect sensitive information, ensuring compliance with our company's data protection policies and it integrates with our existing technology as an orgnaisation where we are using Microsoft products and services. 

As an organisation and franchise, we are committed to using AI responsibly and protecting your privacy every step of the way, and as we all learn to navigate these new technologies, we make the following commitment to you: 

• Before using any AI tools or services, we will ensure there is a clear case for their use, and that they are designed first and foremost with your privacy and security in mind and in accordance with our internal AI policies. 
• We will conduct specific due diligence which will include undertaking the appropriate data privacy and information security risk assessments, and where a tool or service does not meet our strict requirements, we will not use it. 
• We will make sure you know how AI is involved in the services we provide and how it might affect your data.
• Before we use AI to process any of your data, we’ll ask for your permission. We’ll make sure you know exactly what data we’re collecting, how it’ll be used, and why it’s needed. If you ever change your mind, you can always withdraw your consent. As an example, when having a call with one of our team an AI tool may be used to help to transcribe the meeting ensuring that accurate notes and actions are recorded, and we will always ask at the beginning of the meeting if you are comfortable with this.
• AI will not be making important or automated decisions that affect you nor be used for the purpose of providing you with advice. Any output generated by AI tools or services will always be subject to a human review by a member of the team who will check for those elements that need that more human focus such as empathy, fairness and pragmatism.  

You have various rights in relation to your personal information. You only have the benefits of some of the rights in limited circumstances, which depend on the legal reason why we collected your personal data.

Your right of access – You have the right to ask us for copies of your personal information.

Some or all of the personal data may be exempt from such requests in a particular circumstance. If an exemption applies, we will tell you this when responding to your request. Should you wish to exercise this right, please contact us with a description of the information you would like to see.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. The right to erase your personal data can be made on the following grounds:

• Your personal data is no longer necessary in relation to the purpose for which it was collected or processed.
• If the processing is based on consent, you choose to withdraw your consent and there is no other legal ground for processing.
• You object to processing, and there are no overriding legitimate grounds to continue the processing.
• Your personal data has been processed unlawfully.
• Your personal data must be erased for compliance with a legal obligation.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defense of legal claims.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights.

We’ll try to respond to all requests within one month. If your request is complex or if you make lots of requests, we may extend our time to respond – if this is the case, we’ll let you know.

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information.

The ICO website has some useful information on your rights as a data subject.

Please contact us if you wish to make a request.

Our contact details

Registered Office: Office Address: CENTRAL OFFICE, The HR Dept. Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL

Tel: 0345 208 1120

Email: dataprotection@hrdept.co.uk

Company number: Registration Number: 04479417

Please note: If you do not have a direct relationship with the HR Dept Network, then you should review their data privacy information; it is likely that they are the Data Controller and will be best placed to help you.

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We would ask that if you do wish to do this that you please tell us first so that we have a chance to address your concerns.

If you are not satisfied with our response or you are unhappy with how we have used your data, you can also complain to the : Data Protection Commission.

The DPC’s address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Helpline number: 01 7650100 / 1800437 737

DPC website: https://www.dataprotection.ie/en/contact/how-contact-us

Date this Privacy Policy was last reviewed: November 2025