GDPR Policy

  1. We will collect and store data relating to your business, including sensitive personal data regarding your employees (‘your data’), which will be handled in accordance with the Data Protection Act 1998 as amended, extended, re-enacted or consolidated from time to time (including without limitation the implementation of the General Data Protection Regulation 2016/679/EC) (data protection legislation).  We will use your information to ensure the proper performance of our service agreement with you and to comply with our legal obligations when providing our services to you.
  2. The majority of your information that we hold will have been provided by you, or an authorised person within your Company; but some may come from other sources such as from GP’s or Occupational Health Services, relevant witnesses during an investigation or the Employment Tribunal Services.
  3. We will use your name, address, email address and contact number to provide our services to you and this may require us to pass your personal information to our group companies.  We will also use any data relating to your employees which you may have to provide us with in order for us to provide our services to you, this may include sensitive personal data such as name, address, email address, contact number, recruitment information, health reports (from GP or Occupational Health Services), disciplinary and grievance records, performance records, appraisals, sickness absence records, holiday and other absence records, accident at work records.
  4. Your data may be shared internally, including other consultants within our business if access to the data is necessary for performance of their roles.  We will not share your data with any third party, except at your instruction.  We will not transfer any of your data to countries outside of the European Economic Area.
  5. We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is only accessed by authorised personnel.  If we engage with a third party at your instruction, we do so on the basis that they are also under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
  6. We will hold your data for the duration of time that we provide services to you and for three years thereafter.  If you wish to access a copy of any data relating to your business or employees, or if you require changes to incorrect or incomplete data; or if you want us to stop processing your data, you can contact your consultant at any time.  If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.

You may exercise your right to withdraw your consent to the processing of your data at any time by replying to this email or emailing your consultant.  Please be aware that should you chose to do so, this will hinder our ability to provide our services to you.