top of page

Privacy Policy

Last updated: 01/06/2025

​

Introduction

HRBespoke, operated by Emma Beech ("we," "us," or "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our HR consultancy services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 
Who We Are

Data Controller: Emma Beech (HRBespoke)
Address: Worthing, West Sussex
Phone: 07566 264988
Email: info@hrbespoke.co.uk

As the data controller, we are responsible for deciding how your personal data is processed and for what purposes.

 
Information We Collect

 

Personal Information You Provide

When you contact us or use our services, we may collect:

  • Contact details: Name, email address, phone number, business address

  • Business information: Company name, job title, industry sector, number of employees

  • Communication records: Emails, phone calls, meeting notes, consultation records

  • Service information: Details about HR services required, project specifications

  • Payment information: Billing details, invoice information (payment processing handled by secure third-party providers)

 

Information We Collect Automatically

When you visit our website, we may automatically collect:

  • Technical information: IP address, browser type, device information, operating system

  • Website usage: Pages visited, time spent on site, referral sources

  • Cookies and tracking data: As detailed in our Cookie Policy

 

Information from Third Parties

We may receive information about you from:

  • Professional networks: LinkedIn, industry associations

  • Referrals: From existing clients or business partners

  • Public sources: Company websites, business directories

 
How We Use Your Information

We process your personal data for the following lawful purposes:

​

Legitimate Business Interests

  • Providing HR consultancy services and advice

  • Managing client relationships and communications

  • Improving our services and website functionality

  • Marketing our services to potential clients

  • Maintaining business records and compliance

 

Contractual Obligations

  • Fulfilling our service agreements with you

  • Processing payments and invoicing

  • Delivering contracted HR support and documentation

 

Legal Compliance

  • Meeting employment law requirements

  • Complying with accounting and tax obligations

  • Responding to legal requests or regulatory requirements

 

Consent (where applicable)

  • Sending marketing communications (where you've opted in)

  • Using your data for specific purposes you've agreed to

 
Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

  • Contract: Where processing is necessary to perform our services

  • Legitimate interests: For business operations, client management, and service improvement

  • Legal obligation: To comply with legal and regulatory requirements

  • Consent: Where you've specifically agreed to certain processing activities

 
How We Share Your Information

We may share your personal data with:

 

Service Providers

  • IT support: Website hosting, email services, cloud storage

  • Payment processors: Secure third-party payment systems

  • Professional services: Accountants, legal advisors, insurers

  • Marketing tools: Email marketing platforms, analytics services

 

Legal Requirements

  • Regulatory bodies: CIPD, HMRC, other relevant authorities

  • Legal proceedings: Courts, tribunals, legal representatives

  • Law enforcement: Where required by law

 

Business Transfers

In the event of a business sale, merger, or acquisition, your data may be transferred to the new entity under equivalent privacy protections.

 
Data Retention

We retain your personal data for as long as necessary to:

  • Active clients: Throughout our business relationship plus 7 years for compliance

  • Potential clients: Up to 3 years from last contact (unless you opt out)

  • Website visitors: Analytics data retained for 2 years

  • Marketing data: Until you unsubscribe or withdraw consent

  • Legal obligations: As required by employment and tax law (typically 7 years)

 
Your Rights

Under UK GDPR, you have the following rights:

 

Right of Access

Request a copy of the personal data we hold about you

​

Right to Rectification

Request correction of inaccurate or incomplete data

​

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances

​

Right to Restrict Processing

Request that we limit how we use your data

​

Right to Data Portability

Request transfer of your data to another organisation

​

Right to Object

Object to processing based on legitimate interests or direct marketing

​

Rights Related to Automated Decision Making

Right not to be subject to automated decision-making (where applicable)

​

How to Exercise Your Rights

Contact us using the details below. We will respond within one month of receiving your request.

​

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

​

Technical Measures

  • Encryption: Data encrypted in transit and at rest

  • Access controls: Restricted access to personal data

  • Secure systems: Regular security updates and monitoring

  • Backup procedures: Secure data backup and recovery systems

​

Organisational Measures

  • Staff training: Regular data protection training

  • Policies and procedures: Clear data handling guidelines

  • Incident response: Procedures for handling data breaches

  • Vendor management: Due diligence on third-party processors

  • ​

International Transfers

We primarily process data within the UK. If we transfer data internationally, we ensure appropriate safeguards are in place:

  • Adequacy decisions: Transfers to countries with adequate protection

  • Standard contractual clauses: EU/UK approved contract terms

  • Binding corporate rules: For transfers within multinational organisations

​

Cookies and Website Analytics

Our website uses cookies and similar technologies. For detailed information about:

  • What cookies we use

  • Why we use them

  • How to control them

​

Please see our separate Cookie Policy.

Marketing Communications
​

How We Contact You

We may send you:

  • Service updates: Information about our HR services

  • Industry insights: Employment law updates and HR guidance

  • Event invitations: Webinars, workshops, networking events

  • Newsletter: Regular updates about our business

​

Your Choices

  • Opt-in: We only send marketing emails with your consent

  • Opt-out: Unsubscribe at any time using links in our emails

  • Preferences: Update your communication preferences by contacting us

​

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

​

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO: Within 72 hours of becoming aware

  • Inform you: If the breach is likely to result in high risk to you

  • Take action: Implement measures to mitigate any harm

​

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in law or regulation

  • Updates to our business practices

  • Improvements to our data protection measures

​

How we'll notify you:

  • Website update: New version posted with updated date

  • Email notification: For significant changes (where we have your consent)

  • Service communication: As part of our regular client updates

 
Contact Us

Data Protection Queries

Email: info@hrbespoke.co.uk
Phone: 07566 264988
Post: HRBespoke, Worthing, West Sussex

​

Complaints

If you're unhappy with how we've handled your personal data, you can:

  1. Contact us directly using the details above

  2. Complain to the ICO:

    • Website: ico.org.uk

    • Phone: 0303 123 1113

    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 
Additional Information
​

Professional Obligations

As a CIPD-qualified HR professional, we also comply with:

  • CIPD Code of Professional Conduct

  • Professional confidentiality requirements

  • Industry-specific data protection guidelines

 

Client Data

When providing HR services, we may process personal data on your behalf. In these circumstances:

  • You remain the data controller

  • We act as your data processor

  • We'll enter into a separate Data Processing Agreement

  • We'll only process data according to your instructions

 

This privacy policy was last reviewed on: 01/06/2025
Next review date: 01/06/2026

 

If you have any questions about this Privacy Policy or our data protection practices, please don't hesitate to contact us.

bottom of page