Privacy Policy

Birch-HR is aware of its obligations under the UK data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy in Electronic Communication Regulations (PECR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with data protection obligations, the types of data that we hold. It also sets out how we use that information, how long we keep it for and other relevant information about your data. It also explains your rights in relation to your personal data, in the event you have a complaint. Birch-HR is a ‘data controller’, meaning that it determines the processes to be used when processing personal data as part of its business functions however Birch-HR is a ‘data processor’, meaning that it only processes under instruction, when processing any personal data on behalf of a client.

Our contact details

Name:  Birch-HR Limited

Address: Spaces, Crossway, 156 Great Charles Street, Birmingham, West Midlands. B3 3HN.

Phone Number: 0121 6744230

Privacy notice: 30 March 2021 (updated)

Registered Data Controller ICO number: ZA232071

E-mail: dataprivacy@birch-hr.co.uk

Personal data, or personal information, means any information about an individual from which that person can be identified.

Given the nature of our services, it is impractical to list all the categories of personal information and we will only collect this when we have a HR basis to do so. We currently collect and process the following information: Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are ‘special categories’ of more sensitive personal data and confidential data which require a higher level of protection. The personal data about you which we collect, store, and use may include but is not limited to the following categories:

• personal contact details such as full name, title, addresses, telephone numbers, date of birth, photographs and personal email addresses etc;
• information to enable us to verify your identity, such as driving licence, utility bill or passport to ensure eligibility to work in the UK;
• a copy of your signature including copies of documents you sign in your name or on behalf of a business;
• financial information such as bank details;
• details of your professional social media presence, such as LinkedIn;
• details of your spouse/ partner, dependants, wider family and care givers;
• your employment details, including salary and benefits, misconduct, sickness, performance or grievance;
• your nationality and immigration status and information from related documents;
• details of your pension and payroll arrangements including allowances, remuneration, statutory entitlements and deductions;
• HR data required to enable the delivery of professional advice, representation and employee relations casework activities.
• HR data required to produce contracts of employment and other associated documents throughout the lifecycle of the employment contract.
• HR data, contract and budget information for workforce planning, restructures, redundancies and other leadership and people monitoring purposes.
• Personal contact and other details of CEO’s, CSELs, leaders, teachers, support staff, directors, governors, trustees associated with the school/MAT/MAC/LA or business/charity. This includes details of committees, board meetings, minutes, casework files, addresses and individual contact details.
• sensitive data relating to employees, governors/trustees/directors and young people, such as criminal convictions and offences data for the matter we are advising on.
• management of recruitment support in line with national and local conditions of employment.
• any other personal data relevant to our clients’ matters or the operation of our business and in order to perform the contract that we are party to;
• job application details relating to the job vacancy, e.g. date of birth, employment history, qualifications, references, equality, CV’s, interview notes, assessment material and diversity monitoring information; Job application details will be retained for 4 weeks and deleted after this time.
• ‘special category data’, including data relating to health (including disabilities), ethnicity, race, religious beliefs, trade union membership, sex life or sexual orientation, genetic information and biometric data;
• information about criminal convictions and offences;
• audio, video and CCTV recordings; and/or
• information gathered through the automated monitoring of our websites, computer networks, communication and phone systems and connections e.g., Google Analytics, Google AdWords or Bing.

For details about information we collect automatically from your use of our website, please refer to our Cookie Notice.

We collect most of your personal data from you or the client direct and this will usually start when we undertake to enter into an annual contract and/or day rate terms of engagement or other contract with you. We require the data in order to perform the contract that we are party to, to carry out legally required duties, to implement HR policies, have legitimate interests, to protect your interest, where something is done in the public interest and where we have your consent.  However, we may also collect information via / from third party sources. Those third-party sources include but are not limited to:

• third parties (with your consent) such as your bank / building society, your employer and trade union, your doctors and other health professionals, consultants, legal, payroll, pensions, and other professionals with whom we may engage in relation to your matter;
• correspondence with us by e mail or post, speaking to us in person, on the phone or virtually, visits to our office, providing feedback (survey), by issuing your business card or registering for one of our online webinars, events.
• networking and social events;
• correspondence we may receive from third parties about you or your matters;
• third parties relevant to an application for employment (e.g. referees);
• cookies on our website – see our cookies policy;
• online client portals;
• case management systems;
• automated monitoring of our websites, computer networks, communications systems and connections; publicly accessible sources such as Companies House, websites, social media etc;

We will only process your personal information where we have a lawful and legitimate basis for doing so. Under the General Data Protection Regulation, there are six lawful bases, four of which are applicable to our business and the processing of your personal information. We have given some examples of where each basis applies, as follows:

• to decide whether to enter a contract with you or to perform that contract with you. We rely on this lawful basis to process your personal information to perform our contract for HR Consultancy services or employment with you;
• to comply with a HR and employment obligation. We rely on this lawful basis where, for example, we are required to provide your personal data to an employment tribunal, court, regulatory authority or required by our client to meet their legal/statutory obligations/interests/public interest;
• where we have a legitimate interest to process your information, provided your interests and fundamental rights do not override those interests. This includes dealing with legal and HR claims made against us, preventing fraud, ensuring our HR, administrative and IT systems are secure and robust against unauthorised access. We may market our services to you on the grounds of legitimate interest, but we will always give you the option to opt-out of those communications; and/or
• where you have given us your consent. Where we cannot rely on any other lawful basis, we will request your consent to process your personal information. This might be relevant if we need to process your ‘special category data’ for any reason other than carrying out our contract for HR services for you. Special categories of data are data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.

Some of the above grounds for processing can overlap and there may be several grounds which justify our use of your personal information.

We may use your data in the following ways:

• to create client and HR records and files to enable us to provide HR services and in order to perform the contract that we are party to;
• to respond to a request for or query about your personal information;
• to process your application for employment or self employed contract for service;
• to process your request to provide services to us as a third party supplier and monitor your contractual arrangement with us;
• to send you marketing information, including updates on products, services and details of events in which we believe you might be interested;
• to process it in accordance with our operational policies and to provide statistical analysis, including checking for conflicts of interests, monitoring client service delivery, recording complaints and claims information and creating archiving records;
• to respond to enquiries or investigations by regulatory bodies or law enforcement agencies;
• as part of any report required for external audits and quality checks; and/or
• for the purposes of complying with our professional, HR and regulatory obligations.
• to conduct checks to identify our clients, such as Companies house.
• to conduct pre-employment checks

In the course of carrying out our work and your instructions we sometimes need to share your personal data with third parties to carry out our duties in line with our contract(s), including but not limited to:

• our clients, as part of the provision of HR consultancy services to them;
• professional advisers and suppliers, who we instruct on your behalf or refer you to, such as lawyers, barristers, recognised trade unions, data specialists, sub-contractors medical professionals, accountants, tax advisors, case management companies, payroll, pensions, LA, trade unions or other experts;
• Government and regulatory departments i.e. Companies House, DfE, TRA, DBS, LA etc
• our bank; and/or
• our data processors, including self-employed contractors, translators, IT providers, occupational health, payroll, pension providers etc
• providers of business support service including digital support, banking, insurance, litigation support;
• analytics and search engine providers that assist us in the improvement and optimisation of our website;

Additionally, we will disclosure your personal information to the relevant third party:

• in the event that we sell or buy any business or assets, in which case we will disclosure your personal data to the prospective seller or buyer of such business or assets;
• if we are acquired by a third party, in which case personal data about you held by us will be one of the transferred assets’ and
• if we are under a duty to disclose or share your personal data in order to comply with any HR or legal obligation

We only allow third parties to handle your personal data if we are satisfied, they take appropriate measures to protect it. If we share personal data with them, they will process that data in accordance with the data sharing requirements of the UK GDPR. We may disclose and exchange information with regulatory bodies to comply with our legal, regulatory and contractual obligations. Processing required in connection with any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business or assets.

We do not share your data with bodies outside of the UK without adequate safeguards as required under the UK General Data Protection Regulations.

The security of your personal data is of paramount importance to us. The majority of the personal data we hold is stored electronically, in our secure IT systems, or in hard copy, either at our secure office premises or at our HR consultants’ home in a locked cabinet. Our HR consultants do work from home. It may also be stored by third parties processing your data on our behalf (see who we share your data with) but in accordance with a data sharing agreement.

We retain your personal data in accordance with our Terms of Business. We do so for one (or more) of the following reasons:

• in accordance with regulatory, insurance or statutory requirements
• to respond to any enquiries, complaints or claims made by you or on your behalf; or
• where we have a legitimate interest or vital interest or contractual obligation in retaining your personal data (e.g., to prevent conflicts of interest or where you have indicated you would like to hear from us for marketing purposes).

Different retention periods apply for different types of data.

Where we process your personal data on the lawful basis of having obtained your specific consent, you are welcome to withdraw that consent at any time. Please contact dataprivacy@birch-hr.co.uk if you wish to withdraw consent. Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason/public interest for doing so. If you wish to exercise any of the rights explained above, please contact Samantha Hulson, HR Director info@birch-hr.co.uk.

Birch-HR follows the requirements of the Privacy in Electronic Communications Regulations (RECR) which requires us to provides you with choices around which marketing or other communications you receive from us. To ensure that we continue to provide you with the most relevant information, you can review and update your marketing preferences at any time by clicking ‘unsubscribe’ or ‘manage preferences’ in any of the emails.

In some cases, we need to process information about criminal convictions or offences where they are relevant to the HR advice being sought. For example, our HR Consultants regularly advises clients on misconduct matters involving criminal offences and offences and convictions data may be processed in the course of litigation matters. We process this data on the basis that it is necessary for HR and/or legal proceedings, obtaining expert advice or is otherwise necessary for the purpose of establishing, exercising or defending HR and legal claims.

Under UK data protection law, in certain circumstances, you have rights over your personal data, including:

• Right of access – to be provided with a copy of your personal data;
• Right to rectification – to require us to correct any mistakes in your personal data;
• Right to be forgotten – to require us to delete your personal data – in certain situations;
• Right to restrict processing – to require us to restrict processing of your personal data – in certain circumstances;
• Right to data portability – to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations;
• Right to object – to object to your personal data being processed for direct marketing and, in certain other situations, to our continued processing of your personal data;
• Rights related to automated decision-making – The right not to be subject to a decision based solely on automated processing;

You will not have to pay a fee to exercise any of your rights, however, we may charge a reasonable fee if a request for access includes duplicate copies, clearly unfounded or if it is deemed to be excessive. Alternatively, we may refuse to comply with a request in such circumstances. We will ask for proof of identity before we provide any personal information, to prevent any unauthorised access.

If you would like to exercise any of these rights, please contact dataprivacy@birch-hr.co.uk.

In line with data protection principles, we only keep your data for as long as we need it, which will be at least for the duration of your engagement with us though in some cases we will keep your data for a period after your engagement has ended. Retention periods can vary depending on why we need your data. Birch-HR operate a retention schedule to determine the length of time that documents containing personal data should be kept for. This schedule is in line with the recommended periods of retention published by the Information and Records Management Society (IRMS). Birch-HR will ensure that when obsolete, information is destroyed in a secure and appropriate manner.

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement), which has a significant impact on you.

We have security measures which strive to prevent personal data from being accidentally lost, or used or accessed unlawfully. We follow strict procedures as to how your personal information is processed, to prevent any unauthorised person obtaining access to it. All personal information you register on our website will be located behind a firewall and we will use our strict procedures and security features to prevent unauthorised access to our systems. Those processing your information within our business and on our behalf, will do so only in an authorised manner and are subject to a duty of confidentiality.

Birch-HR follows the relevant guidance on processing, storing, transporting, transmitting and destroying personal data securely, provided by the Information Commissioners Office (ICO) and the National Cyber Security Centre (NCSC).

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you would like to contact us to discuss any aspect of the Company data, please contact Samantha Hulson at dataprivacy@birch-hr.co.uk.

If you have any concerns about our use of your personal information, you can make a complaint to us at dataprivacy@birch-hr.co.uk.

The supervisory authority in the UK for data protection matters if the Information Commissioner’s Office (ICO). If you think that your data protection rights have been breached in any way by us, please provide us with an opportunity to consider your complaint, or you are able to make a complaint to the ICO.  The ICO’s address is:

Information Commissioner’s Office
Wyncliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk