ThistleHaven HR - Empowering Workforces for Tomorrow | Human Resources Services Edinburgh

Privacy Policy for ThistleHaven HR

At ThistleHaven HR, we are committed to protecting the privacy and security of the personal data we collect and process. This Privacy Policy outlines how we collect, use, disclose, and protect information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and UK data protection legislation.

Information We Collect

We collect various types of information to provide our human resources services, which include talent acquisition, employee relations, payroll management, training and development, compliance consulting, and workforce planning. The information we collect depends on the nature of our engagement and may include:

Personal Identification Information: Name, contact details (email address, phone number, physical address), date of birth, gender, and nationality.
Professional Information: Employment history, educational background, skills, qualifications, references, CVs, and résumés.
Financial Information (for payroll management): Bank account details, tax identification numbers, and salary information.
Sensitive Personal Data: In limited circumstances and where strictly necessary for our services (e.g., for compliance or diversity reporting if legally required and with explicit consent), we may collect information regarding health, trade union membership, or other special categories of data. We always do so with individuals' explicit consent and in accordance with legal requirements.
Website Usage Data: Information about how you interact with our online platform, such as IP addresses, browser types, pages viewed, and access times. This data is primarily used for analytics and improving our site's functionality.

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide our HR services, including talent acquisition (matching candidates with roles), managing employee relations, processing payroll, developing and delivering training programs, providing compliance consulting, and assisting with workforce planning.
Communication: To communicate with clients, candidates, and employees regarding our services, updates, and relevant opportunities.
Legal and Compliance: To comply with legal obligations, enforce our terms and conditions, and protect our rights and the rights of others.
Internal Operations: For internal record-keeping, administration, and improving the quality of our services.

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: Processing is necessary for compliance with a legal obligation to which ThistleHaven HR is subject.
Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by ThistleHaven HR or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Consent: Where sensitive personal data is processed, or in specific instances where other legal bases do not apply, we will obtain your explicit consent. You have the right to withdraw consent at any time.

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

Clients (for talent acquisition): With your consent, we may share your professional information with prospective employers who are our clients.
Service Providers: Third-party vendors and service providers who assist us in operating our business and providing our services (e.g., IT support, payroll processing platforms, background check providers). These providers are contractually obligated to protect your data and only use it for the purposes specified by us.
Legal and Regulatory Authorities: When required by law or in response to valid legal processes, such as subpoenas or court orders.

Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. This includes encryption, access controls, secure networks, and regular security audits.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are determined based on the type of data, the purpose of processing, and applicable legal or regulatory obligations.

Your Data Protection Rights

Under GDPR and UK data protection law, you have the following rights regarding your personal data:

Right to Access: To request a copy of the personal data we hold about you.
Right to Rectification: To request that we correct any inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): To request the deletion of your personal data under certain conditions.
Right to Restriction of Processing: To request that we restrict the processing of your personal data under certain conditions.
Right to Object to Processing: To object to our processing of your personal data under certain conditions.
Right to Data Portability: To request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month from receipt.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Privacy Policy on our online platform.

Contact Us

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, please contact us:

ThistleHaven HR
4502 Heatherfield Road, Suite 8
Edinburgh, EH12 9QW
United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights.