0844 854 6704 hello@risehr.co.uk

Privacy Policy

RISE HR LTD (“We, our, us”) are committed to protecting and respecting your privacy.

This notice (together with our Terms of Service, where applicable, and any other documents referred to in the Terms of Service) sets out:

  • the basis on which any personal data we collect from you, or that you provide to us, will be processed by us
  • What we do with your personal data and who we may share it with, and
  • Your rights in connection with our processing of your personal data.

This notice relates to personal data about our clients, prospective clients, suppliers, and individuals within those businesses, those who contact us or interact with our business, and anyone visiting our website at risehr.co.uk (referred to in part in this policy as “You”).

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This notice only relates to personal data processed by us as a controller. A ‘controller’ is defined by law as a legal person that determines the purposes and means of processing personal data.

Rise HR also acts as a processor on behalf of its clients, whereby it processes personal data (for example relating to the client’s employees) on the client’s behalf and on its instructions. This notice does not apply to such processing, which is governed by our client’s processing policies. If you have any queries relating to personal data held about you by a third party controller, you should contact that controller directly.

WHO WE ARE AND WHAT WE DO

Rise HR Ltd is a company incorporated and registered in England and Wales. Its registered office is at Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Stroud, GL6 0BS. Rise HR provides a full range of HR consulting services to its clients, and in addition we have a range of HR resources and tools available on our website and within our HR Software.

Our lead for all data protection requirements and to contact with any issue pertaining to our data arrangements is: Kirsty Senior, Rise HR Limited, Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Gloucestershire, GL6 0BS. Email: kirstys@RiseHR.co.uk.

INFORMATION WE MAY COLLECT AND HOW WE USE IT

We collect information about clients with whom we contract and suppliers we use to help us provide our services. The information we collect about our clients and suppliers is normally limited to contact details and financial information. However, we may also collect other information which clients and suppliers provide to us. We do this so that we can have the best business relationships with everyone we interact with in the course of our business.

We may also collect and use information relating to prospective clients and suppliers, in order to communicate with them about the products and services we offer or receive, and with website users that interact with us or any contact or interactive features accessible via the website.

Generally, information we may collect will include:

  • Information provided by you. During the course of accessing our website, using our products and services, contacting us, providing goods and services to us, or otherwise dealing with us, you may provide us with a range of personal data that we will use in the course of our business. This personal data may include:
    • Your name or other unique identifier
    • Your address
    • Your age and/or date of birth
    • Your contact details, such as landline telephone number, mobile telephone number, and/or email address
    • Payment or other financial details
    • Professional information, such as job title and/or type, skills and qualifications
    • Other related information
  • Information we collect automatically. If you visit and interact with our website and services, we may collect certain information automatically, such as your IP address, geographical location, browser type and version, and operating system. For further information on cookies please see our separate Cookie Policy, which sets out in detail which cookies we use and why they are important not only for us but also to ensure that all of our clients, and other visitors get an optimised experience and that the content you see is of interest to you personally.
  • Information provided by third parties. Occasionally we may receive information about you from other sources (such as our suppliers, customers, or group companies), which we will add to the information we already hold about you in order to help us operate our business effectively.
  • Those who interact with us on social media: Rise HR does not take any data outside of social media platforms on which you make contact with us unless you have asked us to do so – for example when answering queries raised through Facebook or you have indicated through Linkedin that you would like to receive communications from us. We do collect your social media username or profile to re-tweet you for example but this remains within the social media platform itself.

We may process your data for a variety of reasons, including because:

  • we are legally obliged to e.g. to confirm your identity;
  • the processing is necessary for the performance of the contract with you to provide our Services; or
  • it is in our legitimate business interests to do so.

In some instances, we will rely on your consent to process personal data and where we do this, it will be flagged to you at the time.

Our main processing activities for personal data, and the legal basis on which we perform those activities are:

Prospective clients/marketing recipients:

We will process your personal data in order to contact you in relation to our products and services and keep a record of our communications (e.g. telephone calls, quotations and offers).

Our legal basis for doing so is our legitimate interests, which allows us to market our products and services to individuals provided there is a business case for doing so and our interests do not override the rights of the individuals in question. If you wish to object to direct marketing, you may do so by contacting us.

Clients/users:

We will process your personal data in order to provide our products/services to you or your employer and to provide you with information and updates regarding the same. Our legal basis for doing so is that the processing is necessary for the performance of a contract. We will also keep a record of your data and use it for related purposes, including account management, customer support, and audit purposes, on the basis that we have a legitimate interest in doing so.

We may also contact you in relation to our products and services. Our legal basis for doing so will be the same as for prospective customers, as set out above.

Suppliers, service providers etc.:

We will process your personal data in order to receive goods and/or services from you and to manage our relationship, including making payments to you, dealing with accounts issues, placing orders etc. Our legal basis for doing so is that the processing is necessary for the performance of a contract.

 

WEBSITE AND THIRD-PARTY LINKS

Our website includes links to third-party websites, plug-ins and applications – for instance when you click on a link in a blog inside of our knowledge hub. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their own privacy policies, which may differ from ours. Therefore, if you use these links to leave our Site and visit websites operated by third parties, we cannot be responsible for the protection and privacy of any information that you provide to them. Please check these policies before you submit any personal data to these websites.

Rise HR website uses Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our websites.

 

SOCIAL MEDIA

Information or comment you post or disclose on Rise HR social media platforms (for example, Facebook, Linkedin, Twitter, or other social media applications) is public and will be treated as such for the purposes of this notice and Rise HR use of that data. Rise HR cannot control the use of information disclosed in such platforms. You should always take care and exercise caution when posting or disclosing information in public spaces, this includes personal information or data. Content posted in Rise HR’s social media pages including advice and opinions, represents the views of the individuals who post that content and such individuals bear sole and exclusive responsibility for the posting of that content. Rise HR does not necessarily endorse, support, verify, or agree with any content posted on our social media pages and forums.

 

SOCIAL MEDIA WIDGETS

Rise HR’s website include social media widgets, such as the Facebook, LinkedIn, Twitter buttons and widgets. Social Media widgets are either hosted by a third party or hosted directly on Rise HR’s website. Your interactions with these widgets are governed by the privacy policy of the company providing it. These widgets may collect (a) your IP address, (b) which Rise HR webpage you are visiting, and (c) may set a cookie to enable the feature to function properly. Rise HR advises anyone using these widgets to be aware of the privacy notices related to each widget.

 

Legal grounds for processing data

There are six grounds that are available to process data lawfully. In the course of its work Rise HR process information:

  1. With consent of the data subject

In specific and very limited situations, we process your data with your consent. If processing is based on your consent, you have the right to withdraw your consent at any time by contacting us.

 

  1. To fulfil contractual requirements with clients and suppliers. For example where we need your data to deliver our service.
  2. To fulfil legal requirements such as HMRC reporting requirements.
  3. On occasion, we also process data where it is in our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact the rights or freedoms of the data subjects to whom the information relates.

 

Sharing personal information

We sometimes share your personal data with trusted third party suppliers which act only on our instruction (known as “data processors”). Data processors might be, for example, Microsoft which stores data for us, and Alcumus Safe HR who supply our HR software.

Where we share information with these companies or individuals we ensure that all the correct data processing clauses are in place so that they also keep your data secure and that they also protect your rights. To this end, amongst other checks, we make sure that:

 

  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them and that any transfers of your data meet expected standards
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

 

Sharing your data with third parties for their own purposes (“joint controllers”) eg our clients, HMRC, accountants, legal advisors:

We will only do this in very specific circumstances, for example:

  • With your consent;
  • Where we have a data sharing agreement in place with the other party; and/or
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of Rise HR Limited, our customers, employees or others.

 

WHERE WE STORE YOUR PERSONAL DATA – AND KEEPING IT SECURE

We do not routinely transfer your data, whether gathered via the website or in our general consultancy work, outside of the UK or EEA. However, from time to time we may pass personal data, such as your name and email address, to other services that we use to send out communications (both electronic and print). However, your personal data will remain in the UK or EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Where we use companies based outside of these destinations for example Australia or the USA we ensure that adequate data provisions are in place to ensure your personal data is adequately protected and that your rights remain enforceable, e.g. through Standard Contract Clauses.

We will use technical and organizational measures to safeguard your personal data.

 

HR Software users:

We work hard to keep our site as secure as possible. We have our service constantly monitored and carry out regular “penetration tests” to test our security processes. We use online security specialists for this work and regularly review which companies we use here in order to stay as up to date as we can with changes in online security. We believe that our security is sufficiently strong that your information is more secure with us than it would be in a traditional employer’s office filing system.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with all data protection laws and this privacy notice.

We offer Two-Factor Authentication to all clients at no extra charge. This makes it much harder for unauthorised people to access the information we store.

The data about you that is provided to or collected by us, through the HR Software usage, will be transferred and stored in the United Kingdom with a secure data hosting company which will be subject to local data protection laws. Data stored with the hosting company is in encrypted form, and the hosting company are not authorised to access, use or disclose personal data stored with them. Through this system data is also encrypted whilst in transit.

We back our data up daily to one separate secure physical location in the UK and another separate physical location in the EU.

We encrypt all data transmitted between our servers and the devices our users use to access our website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We do not process any payment or other financial transactions through the website.

We do not keep any paper records and all electronic storage of data must, at all times, be stored, processed and accessed by Rise HR and our employees in accordance with our Data Protection, IT and Data Security policies.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.

 

How long we retain DATA

We only retain data for as long as it is required for its original or related purpose. We also seek to keep only the minimum amount of data required to fulfil the purpose. In the course of our work for example:

  • When a client ceases to use our service, they are able to request that we delete any data of theirs which we have stored, and this will in any event be carried out upon the expiry of six months from the date when we ceased to provide services under the Terms of Service.
  • We retain information contained in any HR advice we give to our clients for seven years in order to satisfy our professional obligations and indemnity requirements.
  • In respect of information we retain about our clients and suppliers we retain data for as long as our contract remains in place. Beyond that we retain financial information for seven years to fulfil reporting requirements. All other information is retained for seven years in order for us to exercise our legitimate interest – specifically to allow good continuing business relationships with clients and suppliers.

 

YOUR RIGHTS

You have the following rights, which you can exercise free of charge:

 

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

To be forgotten

The right to require us to delete your personal data—in certain situations

Restriction of processing

The right to require us to restrict processing of your personal data—in certain circumstances, eg if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal data being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

 

If you would like to exercise any of those rights, please contact Kirsty Senior: Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Gloucestershire, GL6 0BS or via email at kirstys@risehr.co.uk

 

OTHER RIGHTS

Where we rely on your consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting Kirsty Senior Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Gloucestershire, GL6 0BS kirstys@risehr.co.uk.

 

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. 

We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.

 

Checking your identity

To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make under this Privacy Notice. 

For us to check your identity please:

  • let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

 

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

 

If we choose not to action your request we will explain to you the reasons for our refusal.

 

Your right to contact the ICO

 

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

 

You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites).

 

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. You also have the right to take to seek a judicial remedy.

 

You can seek to exercise your rights under local data protection law or GDPR at any time by contacting Kirsty Senior, Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Gloucestershire, GL6 0BS, or emailing us at kirstys@risehr.co.uk.

 

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

 

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Kirsty Senior, Unit 32, Nailsworth Mills Estate, Avening Road, Nailsworth, Gloucestershire, GL6 0BS, or emailing us at kirstys@risehr.co.uk.