Privacy Policy for Ablation HR

Ablation HR is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect information when you engage with our human resources consulting services or interact with our online platform. We operate in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the UK.

1. Information We Collect

We collect various types of information, including personal data, to provide our comprehensive HR consulting services. The specific data collected depends on the nature of your interaction with us and the services you seek.

• Directly from you:
  • Contact and Identification Data: Name, address, email address, phone number, job title, company name, and other similar contact details when you inquire about our services, engage us, or provide information for talent acquisition processes.
  • Professional and Employment Data: CVs, resumes, employment history, qualifications, performance reviews (when shared by clients in the scope of our services), compensation expectations, and other information relevant to recruitment and HR strategy.
  • Financial Data: Billing and payment information when you engage our services (though actual payment processing may be handled by third-party processors, subject to their privacy policies).
  • Communication Data: Records of correspondence and communications with us, including emails, phone calls, and feedback.
  • Diversity & Inclusion Data: Voluntarily provided diversity characteristics (e.g., gender, ethnicity, disability status) processed only with explicit consent and for specific, lawful purposes related to our Diversity & Inclusion Initiatives, and in compliance with legal requirements.
• From third parties: We may receive information from publicly available sources (e.g., LinkedIn, professional networking sites) or from third-party recruitment platforms and background check providers (with your consent where required) as part of our talent acquisition or HR compliance services.
• Automatically collected when you visit our online platform: Information about your device and browsing actions, such as IP address, browser type, operating system, referral source, length of visit, and pages viewed, primarily through cookies and similar technologies. This data helps us understand website usage and improve our services.

2. How We Use Your Information

We use the information we collect for various purposes, primarily to deliver our HR consulting services effectively, to communicate with you, and to improve our operations.

• Providing HR Consulting Services:
  • Facilitating Talent Acquisition & Recruitment.
  • Developing and implementing HR Strategy & Planning.
  • Managing Employee Relations and Performance Management.
  • Advising on Compensation & Benefits.
  • Implementing HR Technology Solutions.
  • Delivering Training & Development programs.
  • Assisting with Organisational Design & Change Management.
  • Ensuring HR Compliance & Risk Management.
  • Supporting Diversity & Inclusion Initiatives.
• Communication: To respond to your inquiries, provide information about our services, and send service-related notifications.
• Marketing: To send you updates, newsletters, and promotional materials about our services that may be of interest to you, based on your consent or legitimate interest. You can opt-out at any time.
• Improving our online platform: To analyse user behaviour, identify trends, and improve the functionality and user experience of our online platform.
• Legal and Business Operations: To comply with legal obligations, enforce our terms and conditions, prevent fraud, and for other legitimate business purposes.

3. Legal Basis for Processing Personal Data

Under GDPR, we process personal data based on the following legal grounds:

• Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., providing our consulting services).
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., improving our services, marketing, fraud prevention).
• Consent: Where you have given explicit consent for us to process your personal data for a specific purpose (e.g., for certain marketing communications or processing of sensitive personal data). You have the right to withdraw consent at any time.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax, employment law).

4. Disclosure of Your Information

We may disclose your personal information to third parties in the following circumstances:

• Service Providers: We may share information with third-party service providers who perform services on our behalf, such as IT support, web hosting, analytics, payment processing, or background check services. These providers are contractually bound to protect your data and only use it for the purposes for which we disclose it to them.
• Clients and Partners: For talent acquisition and recruitment services, relevant candidate data may be shared with prospective employers (our clients) with your consent.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
• With Your Consent: We may share your information with other third parties when we have your explicit consent to do so.

5. International Data Transfers

Ablation HR primarily processes data within the UK and the European Economic Area (EEA). If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as using Standard Contractual Clauses approved by the European Commission or where the recipient country has been deemed to provide an adequate level of protection.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, and destruction. These measures include encryption, access controls, secure servers, and regular security assessments. While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Your Data Protection Rights

In accordance with GDPR, you have the following rights regarding your personal data:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details provided below. We may require you to verify your identity before responding to such requests.

9. Cookies

Our online platform uses cookies to enhance your browsing experience, analyse site traffic, and personalize content. Cookies are small data files stored on your device. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, some parts of our online platform may become inaccessible or not function properly.

10. Links to Other Websites

Our online platform may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date. We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your data protection rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you are not satisfied with how we handle your data.