Privacy notice

Who we are

Inspiring People HR Ltd is a UK‑registered HR consultancy. Our registered office is 57 Ashford Road, Brighton, BN1 6LL. We are registered with the Information Commissioner’s Office and act as a data controller for our own business operations. When providing HR services to clients, we usually act as a data processor of client employee information on the client’s instructions.

If you have any questions about this notice or how we handle personal data, contact:

The Managing Director

Inspiring People HR Ltd

57 Ashford Road, Brighton, BN1 6LL

dataprotection@inspiringpeoplehr.com

The personal data we process

We collect and process personal data in the following contexts.

a) Prospective clients and clients

  • Identification and contact details

  • Organisation, role and enquiry details

  • Service history and communications

  • Website interaction data such as IP address and analytics

b) Client employee data we process to deliver HR services

Depending on the engagement and the client’s instructions, this may include:

  • Identity and contact details

  • Employment and contractual records

  • Pay and benefits information

  • Attendance and performance information

  • Grievance and disciplinary information

  • Medical information where relevant to employment

  • Equality and diversity information, including racial or ethnic origin, where lawfully collected for monitoring or necessary in discrimination and harassment cases

  • Other information necessary for the HR service agreed with the client

Our role and lawful bases

a) For our own business operations, we act as a controller and rely on:

  • Contract, for providing requested services

  • Legal obligation, for record keeping and employment law requirements

  • Legitimate interests, for managing our relationship with clients and prospective clients in a proportionate way

b) For client employee data, we generally act as a processor

  • The client is the controller and determines the purposes and lawful bases

  • We process the data only on the client’s documented instructions under a written contract

Special category data

Where HR services require the processing of special category data such as health or ethnic origin information, we do so only where a lawful basis applies and, for the controller, a relevant Schedule 1 condition under UK law. Typical conditions include obligations in employment law, and the establishment, exercise or defence of legal claims. We may also handle equality and diversity information, including racial or ethnic origin, where lawfully collected for monitoring or where necessary in discrimination and harassment cases. We maintain an Appropriate Policy Document and apply additional safeguards consistent with UK GDPR.

How we collect personal data

  • Directly from you when you contact us, engage our services, or interact with our website

  • From clients and their authorised representatives when we provide HR services

  • From third parties where lawful, for example referees or professional advisers

  • Automatically via cookies and analytics when you visit our website. You can manage cookies in your browser settings

How we use personal data

We use personal data to:

  • Provide and manage HR consultancy services

  • Administer our relationship with clients and prospective clients

  • Respond to enquiries and send service communications

  • Maintain our records, manage risk and ensure quality

  • Meet our legal and regulatory obligations

We do not use client employee information for marketing.

Sharing personal data

We do not sell personal data. We share it only where necessary:

  • With clients and their authorised representatives to deliver services

  • With our service providers who host, store or support our systems

  • With professional advisers and insurers

  • Where required by law, regulation or court order

We remain responsible for our processors and require them to protect personal data under written contracts.

International transfers

Some of our service providers may process personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as the UK Addendum to the EU Standard Contractual Clauses together with technical and organisational measures. We complete and keep under review transfer risk assessments for key services. See the “Service providers and international transfers” section for more detail.

Security

We use appropriate technical and organisational measures to protect personal data, including access controls, least‑privilege permissions, strong authentication, encryption in transit, staff training and supplier due diligence. For systems that support it, we enable multi‑factor authentication and apply role‑based access controls. We review access regularly and monitor activity proportionately to the risk.

Retention and deletion

We keep personal data only for as long as necessary for the purposes set out in this notice or as required by law. Indicative periods:

  • Prospective client contact data: 5 years from last contact unless you opt out sooner

  • Client contact and engagement records: 7 years after our contractual obligations are fulfilled, aligned to limitation periods

  • Client files: During an engagement, we process client employee data as a processor on client instructions. After the engagement concludes, we retain the complete client file (including client employee data and our work product) for 7 years to defend potential professional negligence claims, based on our legitimate interests aligned to limitation periods. As a sole practitioner, access to archived files is restricted to the principal only

  • Meeting recordings and transcripts: We operate a proportionate retention approach for recordings and transcripts of client meetings. Recordings and transcripts are reviewed monthly once they reach 4 months old, with default deletion unless retention is necessary for an ongoing employment matter, professional negligence defence, or legal obligation. Where retained, they are kept for the duration of our working relationship plus up to 7 years. Meeting transcripts are excluded from all backup procedures. Full details of our recording and transcription practices are provided in client engagement agreements.

When we delete data, we ensure it is removed from backup copies and archives according to our schedule. Where systems automatically save previous versions, we have controls in place to ensure these are also deleted once the retention period ends.

Subject to conditions and exemptions in UK law, you have the right to:

  • Access your personal data and receive a copy

  • Rectify inaccurate or incomplete data

  • Erase data in certain circumstances

  • Restrict or object to processing in certain circumstances

  • Data portability for information you provided to us where processing is by automated means

Where we act as a processor on behalf of a client, we will forward your request to the relevant client controller. To exercise your rights, contact us using the details above. We will respond within one month, or explain if more time is needed in complex cases.

Complaints

If you have concerns about how we handle personal data, contact us using the details above. You also have the right to complain to the Information Commissioner’s Office. See www.ico.org.uk for contact details.

Service providers and international transfers

We use reputable cloud and collaboration providers to deliver our services. Some providers may process personal data outside the UK. We use recognised safeguards such as the UK Addendum to the EU Standard Contractual Clauses and assess provider security measures. We keep this list under review and may update it from time to time.

Current core providers

  • Microsoft 365 Email, document and collaboration services used for business communications and working files. Microsoft’s international transfer safeguards apply, and we maintain a transfer risk assessment for these services.

  • Notion Labs, Inc. Workspace platform used to store and organise client and HR records under our instructions, operating under a Data Processing Addendum that incorporates the EU and UK SCCs. We use Notion's AI features to assist with drafting and summarisation on a zero-retention basis. Data residency options differ by plan. We assess Notion's technical and organisational measures and sub‑processors and maintain a transfer risk assessment.

If you would like more information about our current processors, transfer safeguards or risk assessments, contact us at dataprotection@inspiringpeoplehr.com.

Changes to this notice

We may update this notice from time to time. We will post the updated version on this page and indicate the revision date. If changes are material, we will take reasonable steps to inform you.

Last updated: 28 Nov 2025