One of the main reasons I joined The HR Dept was because I wanted to be part of a community of like-minded HR professionals that I could call on if I needed help. I was not disappointed! "
David Hudson – Clapham

Privacy Dashboard

In compliance with data protection regulations, this Privacy Notice explains what personal information we collect from you when you visit our website, interact with us or use our services.

We are committed to processing personal information in ways that comply with our legal and regulatory obligations, and to being clear with you about what we do with your personal information.

We are committed to protecting and respecting your privacy and we do not share personal information with other companies for marketing purposes.

The HR Dept Limited is part of a group company called The HR Dept Group Ltd.

The HR Dept operates as a franchise, which means that HR Dept offices around the UK and Ireland are individual registered companies operating under licence to use the HR Dept brand and resources. We refer to this as the HR Dept Network.

In this Privacy Notice, whenever you see the words ‘we’, ‘us’, ‘our’ it refers to HR Dept Network.

If you are browsing our HR Dept Franchising website and enquiring about or using our services, this Privacy Notice applies to you. If you are an HR Dept Network customer or licensee, are an organisation that receives HR support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our main website, our central Privacy notice applies to you and can be found here.

If you are an employee of HR Dept Network (current team customer, job applicant or previous team customer) we have created specific policies for you, and they will have been made available to you at the appropriate point in time.

We are registered as a data controller at the UK Information Commissioner’s Office under number Z9156222

In line with the expectations of the Data Protection Act (2018) and the UK GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively.

The HR Dept may collect and process information about you from several sources or processes which are outlined here:

  • When you use our website or subscribe to our newsletter.
  • When information is received through networking activity by a staff member of any business in the HR Dept Network about yourself or your company, and where it is understood there is a legitimate interest in you receiving communications from us.
  • When you submit personal information, a CV or other application information to the HR Dept for the purposes of applying to become a franchisee. The types of information you may share with us include your personal information including contact details, financial information, identity documents and proof of address, and also details relating to your business such as Registered Company and VAT registration.
  • From time to time and as part of the franchise application process, HR Dept may use the following types of third parties to support them with various suitability checks on franchisee applicants; credit-checking companies to support with financial checks on franchisee applicants, organisations to support with personality profiling. In such circumstances, the data privacy notice for the third-party company will be available through their own website.

We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.

Personal information is provided to us in a number of ways and depends on your relationship with us. Personal data may be provided to us by our corporate clients who subscribe to our services, or it may be provided to us directly, for example if you looking to become a HR Dept Network Franchisee.  

A small amount may also come from publicly available sources: e.g. Companies House, company websites etc.  

We then process it for one of the following reasons: 

  • To manage our relationship with you 
  • To respond to your enquiries  
  • To manage the services we provide to you 
  • To assess your suitability and eligibility to join the HR Dept Network 
  • To take pre-contractual and contractual steps with you 
  • To comply with our legal obligations as a business 

Here are some further examples of how we use your personal data:  

  • To analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest. 
  • To personalise your repeat visits to our website.  
  • To answer your enquiries and provide you with the appropriate support and guidance as your navigate your journey towards becoming a HR Dept Franchisee. 

If you provide your information to us through this website, we  consider this to mean you have a legitimate interest in our services, that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you. 

Where we process your personal data so you cannot be identified anymore 

We may anonymise and aggregate any of the personal data we hold (so that you can no longer be identified by it). 

We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new products and services. 

Data sharing 

Sometimes we might share your data with third parties as part of an essential element of the service we provide. We also use third parties to help us host our infrastructure and applications, communicate with customers, power our systems and emails etc as we believe they are the best in their field at what they do. 

This could include: 

  • Service providers we use for specific purposes, such as for our IT systems.   
  • Regulatory authorities, law enforcement agencies and courts.  
  • If we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them 


Reasons for processing your personal information 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing your personal information are:  

  • Your consent. This means that you have given clear consent for us to process your personal data for a specific purpose. You can change your mind though. If you have previously given us consent to process your data for a specific purpose you can freely withdraw such consent at any time. You can do this by emailing us at or unsubscribing where appropriate. If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights. Please note, where you update your consent directly with us, this change may take up to 7 days to take effect. 
  • We have a contractual obligation- We process your personal data where is necessary for a contract that you have with us, or because we have asked you to take specific steps before entering into that contract. 
  • We have a legal obligation - We process your personal data because we need to comply with a legal or regulatory obligation, or for the establishment, exercise or defence of legal claim. 
  • We have a vital interest - If we need to process the personal data to protect someone’s life. The processing must be necessary. If we can reasonably protect the person’s vital interests in another less intrusive way, we will not rely on this basis. 
  • We have a legitimate interest – We may use your personal information if we consider it necessary for our legitimate business interests, or the legitimate interests of a third party, so that we can operate as an efficient and effective business and a responsible organisation. This is subject to ensuring that those interests are not outweighed by your own rights and interests in relation to the relevant personal data and to that end where we wish to use legitimate interest we will carry out legitimate interest impact assessment for each of these.   

For our general day-to-day data processing activities, we use third party organisations to help us administer and monitor the services we provide:

  • For the provision of IT and software services to enable the management of our customers, staff and office administration.
  • For financial accounting.
  • To share newsletters, promotional detail, industry news or other information that may be of interest to you.
  • To help us improve our services.
  • For the administration of our website and customer interactions.
  • For any legal guidance in the provision of our services.

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations.  We do not, and will never, sell your personal information to other third parties.

Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.

We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct it.

We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.

However, we understand that even the best laid plans can sometimes go wrong, and therefore we have developed and rehearsed a breach management process. In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will endeavour, where required, to notify you, and other relevant parties such as the ICO, within 72 hours of becoming aware of the incident. We will do this by informing you via the contact details that we have recorded for you.

We will only store your personal data for as long as is necessary to fulfil the purposes outlined in this Privacy Notice or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights.  

This means that your data will be retained in line with statutory and regulatory requirements. For example, we retain details on services and products delivered for a minimum period of 6 years post the end of the transaction.  

The HR Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, the criteria used to determine these retention periods includes: 

  • To comply with the minimum regulatory retention requirements as set in law. 
  • To comply with the statutory retention periods for accounting records, as set by the Companies Act and HM Revenue & Customs (HMRC). 
  • To align with our marketing strategy we will retain the personal data you have provided to us for up to 4 years. 
  • Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include: 
    • To enable us to provide you with our products and services. 
    • To allow us to resolve any disputes or complaints. 
    • For the detection and prevention of fraud. 

If you believe any information held by the HR Dept is incorrect and wish to amend it, please contact us at 

Our website may contain links to other external websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

You have various rights in relation to your personal information. You only have the benefits of some of the rights in limited circumstances, which depend on the legal reason why we collected your personal data. 

  • Your right of access - You have the right to ask us for copies of your personal information.  

Some or all of the personal data may be exempt from such requests in a particular circumstance. If an exemption applies, we will tell you this when responding to your request. Should you wish to exercise this right, please contact us with a description of the information you would like to see. 

  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. The right to erase your personal data can be made on the following grounds: 
    • Your personal data is no longer necessary in relation to the purpose for which it was collected or processed. 
    • If the processing is based on consent, you choose to withdraw your consent and there is no other legal ground for processing. 
    • You object to processing, and there are no overriding legitimate grounds to continue the processing. 
    • Your personal data has been processed unlawfully. 
    • Your personal data must be erased for compliance with a legal obligation. 
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defence of legal claims. 
  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances. 
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

You are not required to pay any charge for exercising your rights.  

We’ll try to respond to all requests within one month. If your request is complex or if you make lots of requests, we may extend our time to respond – if this is the case, we’ll let you know. 

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information.  

The ICO website has some useful information on your rights as a data subject 

Please contact us if you wish to make a request. 

Who to contact 

Our contact details  

Registered Office: The HR Dept. Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL 

Tel: 0345 208 1120 


Company number: 04479417 


Making a complaint 

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We would ask that if you do wish to do this that you please tell us first so that we have a chance to address your concerns.  

If you are not satisfied with our response or you are unhappy with how we have used your data, you can also complain to the ICO. 

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

Helpline number: 0303 123 1113 

ICO website: 


Document History 

Date this Privacy Notice was last reviewed: September 2023