PRIVACY POLICY
Updated July 2025
Introduction
At HR Solutions, we are committed to keeping your personal and business information safe. This is our privacy notice, in which we tell you honestly how we use and look after your personal data. This privacy notice tells you what to expect us to do with your personal information if you choose to share it with us: this could be if you use our services or products or use our website. We will tell you what information we collect about you; how we use this data; with whom we share it; and how we store it and keep it safe.
We may update our privacy notice from time to time. We will communicate significant updates to you via email if we have your email address. You can also check this page for recent updates. If you would like a pdf version of this privacy notice, email [email protected].
We last updated this privacy notice in July 2025.
Who We Are
We are HR Solutions, a HR, Payroll and Health & Safety Consultancy. With over 23 years of dedicated experience, we have honed our expertise in delivering outsourced HR, Payroll and Health & Safety solutions. We support a wide range of sectors and sizes, from small care agencies to multi-national technology firms. Our growing team of expert consultants, advisors and administrators have extensive experience and are ready to support your HR and Health & Safety needs.
HR Solutions is part of a family of specialist companies in Axiom GRC, backed by Inflexion, dedicated to helping businesses thrive by providing expert support across key operational areas. As part of Axiom GRC, we bring together the most gifted practitioners in people management, health, safety and wellbeing, employment law, professional training, and business technology. We are proud to offer a broader range of services to help protect and nurture organisations of every size.
Business HR Solutions (Consultancy) Limited (trading as HR Solutions) is a company registered in England and Wales (company number 09457772) with a registered office at 2nd Floor, 20 Grosvenor Place, London, England, SW1X 7HN. Our team have an office based at Unit 6, Brooklands Court, Kettering, Northants, NN15 6FD.
HR Solutions is the data controller of personal information we collect and use. HR Solutions is registered with the Information Commissioner’s Office as a data controller under reference ZA139867.
HR Solutions is also a data processor when processing personal information on behalf of our clients. When acting as a data processor we process personal information in accordance with our contractual agreements.
For any queries, concerns, or complaints you may have about how HR Solutions collects, uses or stores your personal information, you can contact our Data Protection Officer at [email protected].
Or you can write to:
Data Protection Officer
Business HR Solutions (Consultancy) Limited
Unit 6
Brooklands Court
Kettering
Northants
NN15 6FD
Your legal rights
As a data subject, under UK data protection law you have the right to:
- Access: ask for copies of all information we have about you
- Rectification: ask us to correct personal information you think is wrong. You also have the right to ask us to complete information you think is incomplete
- Erasure: ask us to delete your personal information
- Restriction of processing: ask us to limit the processing of your personal information
- Objection to processing: say no to the processing of your personal information
- Data portability: ask that we transfer the personal information you gave us to another organisation, or to you
- Withdraw consent: if HR Solutions has asked your consent to use your data for a particular reason, you have the right to take back that consent so that HR Solutions cannot use your data like that in the future. However if you choose to withdraw your consent this will not change anything that HR Solutions has used your data for in the past with your consent.
You can choose to use any of these rights for free by contacting us at [email protected], or writing to us at our address (see ‘Who we are’) with your request.
We have one calendar month to respond to you from the time we receive your request. We do not have to agree to your request, but if we do not agree we have to tell you why.
Keeping Your Information Safe
It is your choice to share your personal information with us and you do so at your own risk. We take information security seriously at HR Solutions. We work hard to make sure that your personal information is looked after securely, and that we only process data in the ways that we say we do in this privacy notice. We put in place ways to protect personal data against unauthorised access, alteration, or disclosure.
We make sure that your personal information is only seen by people who need to access it to do their job. We check who has access to all personal information regularly.
Our staff complete data protection and cyber security training so that they know how best to look after your personal information.
However, even though we are very careful we can never 100% guarantee the security of any information you give to us. If you are not happy or have concerns about how we look after your personal information, please contact our Data Protection Officer at [email protected].
LINKS TO OTHER WEBSITES
The HR Solutions website contain links to other websites that are not run by us. These websites should have their own privacy and cookie notices for you to read. We do not have any responsibility for how these websites or organisations process your personal information.
Legal basis for using your information
Under UK data protection law we must have what is known as a legal basis for collecting and using your information. There are six legal bases, sometimes known as lawful bases:
- Consent: your permission.
- Performance of a contract: when we deliver the services you have requested.
- Legitimate interests: see the next section of our privacy notice.
- Vital interest: to save a life.
- Legal requirement: when we comply with UK law.
- Public interest: when data processing is beneficial for public good.
Complaints
For any queries, concerns, or complaints you may have about how HR Solutions collects, uses or stores your personal information, you can contact our Data Protection Officer at [email protected]
Or you can write to:
Data Protection Officer
Business HR Solutions (Consultancy) Limited
Unit 6
Brooklands Court
Kettering
Northants
NN15 6FD
If HR Solutions cannot resolve the issue, you can also make a complaint to the Information Commissioner’s Office (ICO: the UK supervisory authority for data protection) if you are unhappy with how we have used your data:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
ICO helpline number: 0303 123 1113
ICO website: ico.org.uk
For business clients
What information do we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity data includes first name, last name, username or similar identifier, title, date of birth and gender.
- Contact data includes billing address, email address and telephone numbers.
- Company information: company name, postcode, number of employees.
- Financial data includes bank account and/or payment details.
- Transaction data includes details of services we have provided to you.
- Engagement data: webinars you have attended, interactions with emails.
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile data includes your username and password, downloads made by you, your interests, preferences, feedback and survey responses.
- Usage data includes information about how you use our website and services.
- Marketing and communications data includes your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How do we collect information, and why do we have it?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Communicate with us about, or enter into a contract for, our services;
- Subscribe to our service or publications;
- Download any resource available on our website;
- Request marketing to be sent to you; or
- Give us some feedback.
- Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical data from analytics providers, such as Google, based inside and outside the EU;
- Contact, financial and transaction data from providers of technical, payment and delivery services based inside the EU;
- Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
- Identity and contact data from publishers of business information.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data. Please email [email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of Data | Lawful basis |
To register you as a new customer |
| Contract |
To process and deliver your order, including:
|
| Contract Legitimate interests (to recover debts due to us) |
To manage our relationship with you, including:
|
| Contract Legal obligation Legitimate interests (to keep our records updated and to study how our customers use our products and services |
To administer and protect our business and this website, including:
|
| Legal obligation Legitimate interests (running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
| Legitimate interests (to study how customers use our products and services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products, services, marketing, customer relationships and experience |
| Legitimate interests (to define customer types for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). To send marketing communications |
| Legitimate Interests (to develop our products and services and grow our business) |
To make suggestions and recommendations to you about goods or services that may be of interest to you.
|
| Legitimate Interests (to develop our products and services and grow our business) |
To share your contact information with companies within the Axiom GRC Group and to contact you with introductions to companies within the Group to promote our diverse range of products and services to you. |
| Legitimate Interests (to develop our products and services and grow our business) |
Opting out
You can ask us to stop sending you marketing messages at any time by contacting [email protected]. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of any use you make of HR Solutions’ services, which we will continue to process pursuant to the contractual obligations between us.
What if you fail to provide personal data?
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How do we store your information? How long for?
Your personal information is stored in WorkNest’s Salesforce database and for some partner members in HR Solutions’ Dynamics database.
We will only keep your personal information for as long as we need it to deliver services to you, and for as long as UK legislation tells us we must keep it.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Do we share your information?
HR Solutions will never sell, rent or lease your personal information, or insights generated from your information.
We will sometimes share your information within the Axiom GRC group. These companies are also all backed by Inflexion and provide different, and complementary, aspects of the services that HR Solutions as a whole provides to its customers.
We will sometimes share your information with trusted external third parties, including:
- Service providers, acting as processors, based within the European Economic Area who provide IT and system administration services.
- Professional advisers, acting as processors, including lawyers, bankers, auditors and insurers based within the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
- Companies involved in the possible sale or restructuring of the business.
- HM Revenue & Customs, regulators and other authorities in the United Kingdom who require reporting of processing activities in certain circumstances.
In some exceptional circumstances, we may need to share your personal information to protect you or someone else. We will share as little information as is needed, and we will share it in a way that keeps it safe.
Here are the reasons we may need to share your personal information:
- We are told to by law. We may need to give personal information to the police, legal advisors, professional regulators, or safeguarding agencies.
- You are at risk of serious harm, neglect, death or threat to personal safety.
- You tell us that someone else is at risk of serious harm, neglect, death or threat to personal safety.
- We believe a crime is happening or may happen if nothing is done to stop it. This includes financial fraud.
Which suppliers process your information on behalf of HR Solutions?
Please find a list of our data processors below. Data Processors process your information on behalf of HR Solutions. These organisations will not use or process your information for any purpose other than what we have asked them to do, or are they required to do so in accordance with UK law.
Processor | Purpose | Privacy notice |
ClickDimensions | Email marketing | https://support.clickdimensions.com/hc/en-us/articles/20925190434445-Privacy-and-Cookies |
EventBrite | Event management | https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy/ |
GoToWebinar | Webinar management | |
Microsoft Dynamics | Customer Relationship Management | https://learn.microsoft.com/en-us/dynamics365/get-started/privacy/ |
Salesforce | Customer Relationship Management | |
Pardot | Marketing automation | Salesforce tool: https://www.salesforce.com/company/legal/privacy/ |
PointerPro | Marketing assessment | |
Feefo | Review platform |
Do we send your information outside of the UK?
Where possible, we keep your personal information inside the UK. However, we share your information with companies that work for us as processors that process and store information outside of the UK and Europe.
When this is the case, we make sure that we have a lawful method of transferring your data, and that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.
We also have members of our team who work from outside of the UK, in the European Economic Area. These team members follow UK data protection law and HR Solutions policies to keep your information safe.
For Applicants
If you apply for any of the jobs posted on our website, you will be consenting to provide us with your personal details for this purpose. If candidates are unsuccessful, then HR Solutions will not hold this information on record for longer than 6 months. If the candidate is successful, then your information may be kept in order to provide a service to the ultimate recruiting company (our client).
We use Teamtailor as our recruitment management system. You can find out more about Teamtailor’s Privacy Policy here.
For website users
What information do we collect?
With regard to each of your visits to our website we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, browser plug-in types and versions, operating system and platform and the location of your Internet service provider; and
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page; and any phone number used to call our customer service number or e-mail address used to contact our helpdesk.
How do we use this information?
We use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes (this allows us to run our business and provide administration and IT services, network security and prevent fraud);
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer (this allows us to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy);
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our website safe and secure (this allows us to run our business and provide administration and IT services, network security and prevent fraud);
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you (this allows us to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy); and
- to make suggestions and recommendations to you and other users of our website about products or services that may interest you or them (this enables us to develop our products/services and grow our business).
For website users
We monitor the use of our website by using cookies. A cookie is a small file that asks permission to be stored on your computer’s hard drive. We use cookies to analyse web traffic and enhance your experience on our site.
You can read about cookies in more detail, and choose to opt in or out of our use of cookies in our cookie compliance tool on our website.
You may also like to visit our Cookie Policy: https://www.hrsolutions-uk.com/cookie-policy/
Your browser settings will also allow you to control your personal cookie settings. Further information can be found in the ‘Help’ section of your chosen web browser.
To find out more about cookies, including details of cookies and how to manage and delete them, please visit allaboutcookies.org
Definitions
Anonymise: to change data so that it cannot be linked to an individual person.
Cookie: a small file of information – like a username or password – that are stored on your device and identify the user. Cookies are used to work out what to show you, improving your web experience.
Consent: permission, usually only valid when you have been told exactly what you are consenting to. One of the ways that processing data can be justified under data protection law.
Contractual performance: the data processing needed to carry out an agreement with an individual. One of the ways that processing data can be justified under data protection law.
Data Controller: an organisation (or person) that makes decisions about how and why data is processed.
Data minimisation: collecting the smallest amount of personal data that you need.
Data Processor(s): an organisation (or a person) that carries out the instructions of the Data Controller and processes data on behalf of the Data Controller.
Data Protection Officer: a person who is an expert in data protection and looks after the interests of the data subject.
Data subject: the individual whose personal data is being processed.
Encrypted: encryption allows information to be hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or cypher. The hidden information is said to be encrypted.
Generative artificial intelligence (also generative AI or GenAI): is artificial intelligence capable of generating text, images, or other media, using generative models. Generative AI models learn the patterns and structure of their input training data and then generate new data that has similar characteristics.
Information Commissioner’s Office (ICO): the UK’s independent body set up to uphold information rights. The ICO has the power to investigate organisations which do not obey Data Protection laws.
Joint Controllers: two or more Data Controllers who together decide how and why data is processed.
Legal/lawful basis/bases: six reasons recognised by UK GDPR for processing personal information.
Legitimate interests: a strong reason (or reasons) for a Data Controller to process data for no other reason than that it is beneficial to the Data Controller if it does not have an adverse effect on the data subject. This is one of the ways that processing data can be justified under GDPR law, although whenever a Data Controller relies on it, they should have a written decision called a Legitimate Interest Assessment.
Personal information: any information about a real, living individual. For example, name, telephone number, address, health conditions, or qualifications. Information about organisations, such as annual turnover, is not personal information. Information about individuals working at organisations – for example, a business email address, or a job title – is personal information.
Privacy notice: a publicly displayed explanation of how organisations process data.
Purpose limitation: one of the principles of GDPR – personal data should only be used for the reasons it was collected.
Public interest: beneficial for the public. One of the ways that processing data can be justified under GDPR law.
Retention schedule: a table of how long organisations should store data.
UK GDPR: UK General Data Protection Regulation. This is a law designed to protect personal data stored on computers, or in an organised paper filing system. This law is the UK version of a law that is applied across many European countries.