Privacy Policy

Our contact details


Name: HR FiiT Ltd

Address: Building 1, Chalfont Park, Gerrards Cross, Bucks, SL9 0BG  

Phone Number: 07832 217841


Client privacy notice


HR FiiT Ltd is committed to protecting the privacy and security of your personal information.  This privacy notice describes how we collect and use personal information about you and your employees and how long it will usually be retained for, in accordance with the UK General Data Protection Regulation (UK GDPR). 

HR FiiT Ltd is a third party “controller”.  This means that we are responsible for deciding how we hold and use personal information about you and your employees.  We are required under data protection legislation to notify you of the information contained in this privacy notice.

Data protection principles


We will comply with data protection law.  This says that personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

Cookie policy


Our website uses cookies to distinguish you from other users of our website.  This helps us to provide you with a good experience when you browse our website and allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.  Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

Strictly necessary cookies.  These are cookies that are required for the operation of our website.  They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical or performance cookies.  These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it.  This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies.  These are used to recognise you when you return to our website.  This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies.  These cookies record your visit to our website, the pages you have visited and the links you have followed.  We will use this information to make our website and the advertising displayed on it more relevant to your interests.  

We do not share the information collected by the cookies with any third parties.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.  However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

The type of personal information we collect


Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data).

There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation.  Information about criminal convictions also warrants this higher level of protection.

We will collect, store, and use the following categories of personal information about you and your employees:

  • Information provided in relation to your employees or directly from employees or third parties (e.g., previous employers) including:

    • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses

    • Date of birth

    • Gender

    • Marital status and dependants

    • Next of kin and emergency contact information

    • National Insurance number

    • Bank account details, payroll records and tax status information

    • Salary, annual leave, pension, and benefits information

    • Start date and, if different, the date of your continuous employment

    • Leaving date and reason for leaving

    • Location of employment or workplace

    • Copy of driving licence

    • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)

    • Employment records (including job titles, work history, working hours, holidays, training records and professional memberships)

    • Compensation history

    • Performance information

    • Disciplinary and grievance information

    • CCTV footage and other information obtained through electronic means such as swipe card records

    • Information about your use of our information and communications systems

    • Photographs

    • Results of HMRC employment status check


We may also collect, store, and use the following more sensitive types of personal information:


  • Information about employee race or ethnicity, religious beliefs, sexual orientation, and political opinions.

  • Information about employee health, including any medical conditions, health, and sickness records.

  • Information about employee criminal convictions and offences.


How is your personal information collected?


We collect personal information about employees from the following sources:

  • You, the employer

  • The employee, directly

  • Previous employers

  • Payroll providers

  • Breathe HR cloud based software

  • Employment solicitors

  • Occupational health providers

  • Medical practitioners

  • HMRC

  • Background check providers

How will we use information about you?


We will only use the personal information we collect about you and your employees when the law allows us to. Most commonly, we will use personal information in the following circumstances:

  1. Where we need to perform the contract we have entered into with you.

  2. Where we need to comply with a legal or statutory obligation.

  3. Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.

  4. To allow us to provide employment advice and guidance to you.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests).

2. Where it is needed in the public interest or for official purposes.

If you fail to provide personal information


If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into, or we may be prevented from complying with our legal obligations.

How will we use particularly sensitive information?


In general, we will not process particularly sensitive personal information about you or your employees unless it is necessary for performing or exercising obligations or rights in connection with employment.  The situations in which we will process particularly sensitive personal information are listed below:

  • We will use information about your employees physical or mental health, or disability status, to advise you appropriately.

  • We will use information about your employees’ race or national or ethnic origin, religious, philosophical, or moral beliefs, or sexual orientation, to enable us to advise you on equality in the workplace. 

Information about criminal convictions


We may only use information relating to criminal convictions where the law allows us to do so.  This will usually be where such processing is necessary to carry out our obligations.

We do not envisage that we will hold information about criminal convictions of your employees.

We will only collect information about criminal convictions of employees upon your request and where we are legally able to do so.  Where appropriate, we will collect information about your employees’ criminal convictions as part of the recruitment process or we may be notified of such information directly by you. 

Automated decision making


You and your employees will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.

Why might we share your personal information with third parties?


We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you, or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?


"Third parties" includes third-party service providers (including contractors and designated agents).  The following third-party service providers may process personal information about you for the following purposes:

  • Albion Legal employment disputes insurance to support clients with risk management

  • Employment Solicitors representing clients with employment matters 

  • Advisory Conciliation and Arbitration Service (ACAS) supporting clients with conciliation and tribunals

  • Occupational Health Providers for independent medical advice to support health and wellbeing

  • Breathe HR cloud-based HR system to assist clients storing employee personal data, and records relating to employment.

  • Eventbrite event management tool used to book training and events

  • Mailchimp online system used to send out newsletters, promotional materials, and marketing-related communications to clients and prospective clients

  • Microsoft 365 used to manage emails, calendars and file storage including information that has been collected through our website or other sources relating to marketing and surveying activity.

  • Zoom video conferencing used for online communications.

  • Crunch online accounting software and services used for accounting purposes.

  • Calendly scheduling software used for diary management.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.  We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data security?


We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long will you use my information for?


We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you are no longer client of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Rights of access, correction, erasure, and restriction


Under certain circumstances, by law you and your employees have the right to:

  • Request access to their personal information (commonly known as a "data subject access request").  This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

  • Request the restriction of processing of your personal information.  This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal information to another party.

If you or your employees want to review, verify, correct, or request erasure of personal information, object to the processing of personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing.

What we may need from you


We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).  This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent


You have the right to withdraw your consent for processing your or your employees’ data at any time.  To withdraw your consent, please contact us.  Once we have received notification that you have withdrawn your consent, we will no longer process your information, unless we have another legitimate basis for doing so in law.

Changes to this privacy notice


We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

How to complain


If you have any concerns about our use of your personal information, you can make a complaint to us at HR FiiT Ltd, Building 1, Chalfont Park, Gerrards Cross, SL9 0BG.

You can also complain to the ICO if you are unhappy with how we have used your data:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: