Privacy Policy

This privacy policy sets out how HR&OD Business Solutions Limited (“HR&OD”) uses and protects your personal data.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED?
  4. HOW WE USE YOUR PERSONAL DATA
  5. DISCLOSURES OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA RETENTION
  9. YOUR LEGAL RIGHTS
  10. CONTACT DETAILS
  11. COMPLAINTS
  12. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
  13. THIRD PARTY LINKS
  14. DATA BREACHES


1. Important Information and Who We Are

This privacy policy gives you information about how HR&OD collects and uses your personal data through your use of this website, including any data you may provide when you register with us, sign up to our newsletter, purchase a product or service, or take part in a competition.

This website is not intended for children, and we do not knowingly collect data relating to children.

Controller HR&OD Business Solutions Limited, with its registered office at 1st Floor, Northgate House, Northgate, Sleaford, NG34 7BZ, is the controller and responsible for your personal data (referred to as “HR&OD,” “we,” “us,” or “our” in this privacy policy).

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the information set out in the “Contact Details” section below.

Please note that if we process data on behalf of your employer, then this is covered under a separate agreement we have called a Data Sharing Agreement, and your employer is a Controller of your data and we are Processors. You should make any requests for your data directly to your employer.

HR&OD will ensure that all such persons or parties involved in the processing of Personal Data are subject to:

  • confidentiality undertakings or are under an appropriate statutory obligation of confidentiality; and
  • user authentication processes when accessing personal data.

HR&OD acknowledge that security requirements are constantly changing and that effective security requires frequent evaluation and regular improvements of outdated security measures. HR&OD will therefore evaluate the technical and organisational measures it has implemented on an on-going basis and will tighten, supplement and improve these measures in order to maintain compliance with Data Protection Laws.

Sub-Processing

HR&OD shall not engage any Sub-processor to process Personal Data other than with the prior specific or general written authorisation of the Controller, whether in the agreement between both parties or otherwise.

In the case of general written authorisation, HR&OD shall inform the Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Controller the opportunity to object to such changes.

With respect to each Sub-processor, HR&OD shall:

  • carry out adequate due diligence on each Sub-processor to ensure that it is capable of providing the level of protection for the Personal Data, including without limitation sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of Data Protection Laws.
  • supervise compliance thereof;
  • insofar as that contract involves the transfer of Personal Data outside of the EEA, incorporate the Standard Contractual Clauses or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-processor to ensure the adequate protection of the transferred Personal Data, or such other arrangement as the Controller may approve as providing an adequate protection in respect of the processing of Personal Data in such third country(ies).

2. The Types of Personal Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data includes information about how you interact with and use our website, products, and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, and your communication preferences.

We also collect, use, and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity.

3. How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may provide personal data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes when you:
  • Apply or enter into a contract with us for our products or services;
  • Create an account on our website;
  • Subscribe to our service or publications;
  • Request marketing to be sent to you;
  • Enter a competition, promotion, or survey; or
  • Give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. –
  • Third parties or publicly available sources. We may receive personal data about you from third parties as set out below:
  • Analytics providers such as Google based outside the UK;
  • Advertising networks based inside or outside the UK; and
  • Search information providers based inside or outside the UK.
  • Your employer, if we are processing payroll on their behalf, based inside the UK.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To register you as a new customer;
  • To process and deliver your order, including managing payments, fees, and charges;
  • To manage our relationship with you, including notifying you about changes to our terms or privacy policy;
  • To administer and protect our business and this website;
  • To deliver relevant website content and advertisements;
  • To use data analytics to improve our website, products/services, and customer relationships;
  • To make personalised suggestions and recommendations to you about goods or services that may be of interest.
  • To fulfil our contractual obligations, including any contract we have in place with you directly or with your employer.

5. Disclosures of Your Personal Data

We may share your personal data with third parties, including:

  • Service providers acting as processors who provide IT and system administration services;
  • Professional advisers including lawyers, bankers, auditors, and insurers;
  • Payroll providers and software companies;
  • Regulators and other authorities who require reporting of processing activities in certain circumstances.

6. International Transfers

Your personal data may be transferred outside the UK to countries that do not provide the same level of data protection as the UK law. We ensure that appropriate safeguards are in place before any transfer takes place.

7. Data Security

We have implemented measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected.

9. Your Legal Rights

Under data protection laws, you have rights including access, correction, erasure, objection, and restriction of processing.

10. Contact Details

If you have questions about this policy or wish to exercise your rights, contact us at:

  • Email: [email protected]
  • Address: 1st Floor, Northgate House, Northgate, Sleaford, NG34 7BZ

11. Complaints

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

12. Changes to the Privacy Policy

We keep our privacy policy under regular review. This version was last updated on 24 January 2025.

13. Third Party Links

Our website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We are not responsible for their privacy policies.

14. Data Breaches

In the case of a Personal Data Breach, HR&OD will immediately and, where feasible, not later than 24 hours after having become aware of it, notify the Personal Data Breach to the Controller providing the Controller with sufficient information which allows the Controller to meet any obligations to report a Personal Data Breach under Data Protection Laws. Such notification shall as a minimum:

  • describe the nature of the Personal Data Breach, the categories and numbers of data subjects concerned, and the categories and numbers of Personal Data records concerned;
  • communicate the name and contact details of the Processor’s data protection officer or other relevant contact from whom more information may be obtained;
  • describe the likely consequences of the Personal Data Breach;
  • describe the measures taken or proposed to be taken to address the data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where HR&OD is the Processor, HR&OD will fully co-operate with the Controller and take such reasonable steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each Personal Data Breach, in order to enable the Controller to (i) perform a thorough investigation into the Personal Data Breach, (ii) formulate a correct response and to take suitable further steps in respect of the Personal Data Breach in order to meet any requirement under Data Protection Laws.

The parties agree to coordinate and cooperate in good faith on developing the content of any related public statements or any required notices for the affected persons. The Processor shall not inform any third party without first obtaining the Controller’s prior written consent, unless notification is required by law to which the Processor is subject, in which case the Processor shall to the extent permitted by such law inform the Controller of that legal requirement, provide a copy of the proposed notification and consider any comments made by the Controller before notifying of the Personal Data Breach.