header

Privacy Policy

Our Commitment to Privacy

When you engage with Modern HR you trust us with your information. Your privacy is important to us.

Who we are

Modern HR Ltd (“Modern HR”, “we”, “us”) provides HR consultancy and leadership services in the UK. Company number: 10339943 (England & Wales)

What this policy covers

This explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and your rights.

1) The roles we play

Data Controller (our website & marketing): We control the data you give us when you browse our site, make an enquiry, purchase a product, or join our mailing list.

Data Processor (client employee data): When we process personal data about your employees as part of HR work, we do so under your instructions and our Data Processing Agreement (DPA). In that scenario, you are the controller.

2) The data we collect

  • Contact details: name, email, phone, job title, organisation.
  • Account / purchase details: billing address, delivery address (if applicable), items purchased, invoices.
  • Communications: emails, messages, notes from calls/meetings.
  • Marketing preferences: what you subscribe to, your consent choices.
  • Website usage & cookies: IP address, device/browser details, pages viewed, via cookies and similar tech (see our Cookie Policy).
  • Recruitment (if you apply): CV, work history, references and any information you choose to provide. We’ll only collect special category data (e.g., health, ethnicity) where required by law or you choose to share it.

3) How we collect it

  • Directly from you (forms, email, checkout, phone, contracts etc). 
  • Automatically via our website and cookies. 
  • From third-party tools we use for payments, email marketing, scheduling or analytics (only what’s necessary). 

4) Why we use your data (lawful bases)

We only use your data when we have a lawful reason to do so:

  • To provide our services or fulfil a contract (Article 6(1)(b)): handling enquiries, delivering services/products, invoicing, customer support. 
  • To comply with the law (Article 6(1)(c)): tax, accounting, record-keeping. 
  • For our legitimate interests (Article 6(1)(f)): running and improving our business and website, sending relevant service updates, preventing fraud/abuse. We balance this with your rights. 
  • With your consent (Article 6(1)(a)): optional marketing emails and certain cookies. You can withdraw consent at any time. We will ask for consent before using your information for any purpose not covered here.

5) How we use your data

Respond to enquiries and deliver services you request. Set up and manage accounts, take payment, and send invoices/receipts. Send service messages (e.g., changes to terms or privacy). Send marketing emails only if you opt in (you can unsubscribe any time). Improve our website, content and services (analytics and feedback). Recruit for roles at Modern HR (if you apply). When acting as a processor for a client, we only process employee data as instructed in the DPA and never use it for our own purposes.

6) Who we share data with

We share data only when necessary with trusted service providers (“processors”) who help us operate our business, for example: Website, hosting and e-commerce (e.g., Shopify for store/checkout). Email marketing and CRM tools. Scheduling, video conferencing and file storage tools. Accountancy, payment gateways and banking. All providers are contractually bound to keep your data secure and act only on our instructions. We don’t sell your data.

7) International transfers

Some providers may process data outside the UK. When they do, we ensure appropriate safeguards are in place (e.g., UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs) and assess their security.

8) How long we keep data

We keep data only as long as needed for the purpose collected, then delete or anonymise it. Typical retention: Client and financial records: 6 years (legal/accounting). General enquiries: up to 12 months. Marketing contacts: until you unsubscribe or we detect inactivity for 24 months. Recruitment: usually 6 months after a process ends (or longer with your consent). Where we act as processor for a client, retention is set by the client’s instructions/DPA.

9) Security

We use appropriate technical and organisational measures to protect your data (access controls, encryption where appropriate, least-privilege access, secure disposal). We limit access to those who need it and have confidentiality obligations. We will notify you and the ICO of a personal data breach where legally required.

10) Your rights (UK GDPR)

You have the right to: Access your personal data and receive a copy. Rectify inaccurate or incomplete data. Erase data (where applicable). Restrict or object to processing (in certain cases, including legitimate interests or direct marketing). Data portability (for data you provided, where processing is by consent or contract and automated). Withdraw consent at any time (for consent-based processing). Complain to the ICO (see below).

To exercise these rights, email mandy@modernhr.co.uk . If we are acting as a processor for your employer (our client), please contact your employer first so they can instruct us.

11) Cookies and similar technologies

We use cookies to run our site and understand how it’s used. Where required, we’ll ask for your consent. You can change your preferences in your browser or via our Cookie Policy.

12) Third-party links

Our website may link to other sites. Their privacy practices and content are their responsibility. Please review their policies.

13) Children

Our services and website are not intended for children under 13.

14) Changes to this notice

We may update this privacy policy from time to time. We’ll post the new version on this page with the “Last updated” date. Material changes may also be notified by email or site notice.

15) How to contact us or make a complaint

Please send your questions or requests: mandy@modernhr.co.uk

If you’re unhappy with how we handle your data, please contact us first so we can put it right. You can also complain to the Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint or call 0303 123 1113.

Last updated: 1 January 2025