Privacy Policy of ThistleBridge HR
ThistleBridge HR is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, and share information in connection with our human resources services, including recruitment and talent acquisition, employee training and development, payroll management, HR compliance consulting, workforce planning, and performance management solutions.
1. Information We Collect
We collect various types of information to provide our services and manage our business operations. This may include:
- Personal Identification Information: Names, addresses, email addresses, telephone numbers, dates of birth, social security numbers, national insurance numbers, and other government identifiers.
- Professional Information: Job titles, employment history, résumés, curriculum vitae, cover letters, educational background, professional qualifications, skills, and references.
- Financial Information: Bank account details for payroll purposes, tax information, and other financial data necessary for compensation and benefits administration.
- Sensitive Personal Data: Health information (e.g., for benefits administration or accommodation requests), trade union membership, racial or ethnic origin, or other sensitive categories of data required for specific services or legal compliance, collected only with explicit consent where required by law.
- Technical and Usage Data: Information about your interaction with our online platforms, such as IP addresses, browser type, operating system, and access times.
2. How We Collect Information
We collect information through various methods, including:
- Directly from You: When you apply for a job, submit inquiries, sign up for our services, or communicate with us directly.
- From Clients and Employers: When they provide your information for HR services like payroll, training, or recruitment.
- From Publicly Available Sources: Professional networking sites, job boards, and publicly accessible databases.
- From Third-Party Service Providers: Background check providers or assessment tools, with your consent where required.
- Through Our Website: Via cookies or similar technologies for website functionality and analytics, as detailed in our Cookie Policy.
3. How We Use Your Information
We use the collected information for the following purposes, relying on various legal bases:
- Providing HR Services: To facilitate recruitment, manage payroll, administer training programs, provide HR compliance consulting, and support performance management. (Legal basis: Performance of a contract, legitimate interests).
- Client Management: To manage our relationship with clients, respond to inquiries, and provide support. (Legal basis: Performance of a contract, legitimate interests).
- Legal Compliance: To comply with legal obligations, such as tax laws, employment laws, and regulatory requirements. (Legal basis: Legal obligation).
- Business Operations: For internal record keeping, data analysis, improving our services, and preventing fraud. (Legal basis: Legitimate interests).
- Marketing Communications: To send you relevant information about our services, updates, or events, where you have provided consent or where we have a legitimate interest to do so. You can opt-out at any time. (Legal basis: Consent, legitimate interests).
4. Disclosure of Your Information
We may share your personal data with third parties in the following circumstances:
- Clients and Prospective Employers: For recruitment and talent acquisition services, your professional information may be shared with our clients.
- Service Providers: Third-party vendors who perform services on our behalf, such as IT support, payroll processors, background check providers, and cloud hosting services. These providers are obligated to protect your data.
- Legal and Regulatory Authorities: When required by law or in response to valid requests from public authorities (e.g., a court order or government agency).
- Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of the transaction.
- With Your Consent: We may share your information with other parties when we have your explicit consent to do so.
5. International Data Transfers
As a UK-based company, we primarily process data within the UK and European Economic Area (EEA). If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as using Standard Contractual Clauses approved by the European Commission or UK authorities, or ensuring the recipient country has been deemed to provide an adequate level of protection.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. This includes encryption, access controls, secure storage, and regular security assessments. While we strive to protect your data, no method of transmission over the internet or electronic storage is entirely secure.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of data and the purposes for processing. For example, recruitment data may be held for a period after a role is filled for legitimate business reasons, or employee data for the duration of employment and a legally mandated period thereafter.
8. Your Rights
Under applicable data protection laws, particularly the UK GDPR and GDPR, you have certain rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data in certain circumstances.
- Right to Restriction of Processing: Request us to limit the way we use your data.
- Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
- Right to Object: Object to the processing of your data, particularly for direct marketing purposes or where processing is based on legitimate interests.
- Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
To exercise any of these rights, please contact us using the details provided below. We may require you to verify your identity before fulfilling your request.
9. Complaints
If you have concerns about our data practices, we encourage you to contact us directly in the first instance. You also have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the new policy on our website.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
ThistleBridge HR
4502 Heather Lane
Suite 6B
Edinburgh, Scotland
EH3 9QJ