Privacy Policy

privacy policy

Privacy Policy.

Who we are BeyondHR is committed to ensuring that your privacy is protected. This Privacy Policy statement, together with our Data Protection Policy, sets out the basis on which any personal data we collect from and about you, or that you provide to us, will be processed by us. Please read the following carefully to understand

We will collect and process the following data about you:

Information we collect about you:

We collect information about you when you visit our website, sign up to our HR services to receive newsletters and email updates, use our training services, use our recruitment services, apply for a job with us, attend one of our events and engage in business activities with us. You are not obliged to provide us with your personal information. However, if you do not, we might not be able to carry out the services you have requested of us.

Information you give us:

This is information about you that you give us by corresponding with us by phone, e-mail or otherwise. It includes the information you supply us with when you engage in our services. The information you give us may include, but is not limited to, your name, address, e-mail address, phone number, bank account information, special requirements etc.


Privacy Notice

For the purposes of this notice BeyondHR is the data controller unless it has been specifically noted otherwise.

This notice relates to the collection and processing of personal data for BeyondHR, it does not cover processing we do in relation to the service we provide to our clients, in that regard BeyondHR is the data processor acting on the instruction of our clients. To that end, as a data processor we offer broadly the following services:

  1. HR Management software solution for clients,
  2. On-site HR and Health & Safety support,
  3. Health and safety risk assessments and follow up services, and
  4. Recruitment management services.

There are also elements of these services where we also operate as a data controller.

Processing activities that are covered

This notice applies to the processing of personal data collected by us when you:

  • Visit our social media pages
  • Visit our website (
  • Visit our offices
  • Receive communications such as emails and phone calls
  • Register for and/or attend events where we participate or host
  • Are an applicant to join BeyondHR
  • Are a client where our services are of a data controller (employment law, responsible person for Health and Safety purposes)
  • For sales and marketing
  • For the understanding, development, growth, and administration of our business

Where we use social media or where you click a social media icon on our website, be aware that these companies are independent to BeyondHR, they manage their own affairs and they will be a data controller in their own right. If you have any questions pertaining to how they process your personal data, you should review their privacy notices which will be available on their websites.

Finally, our websites may contain links to other websites for your ease and convenience, we are not responsible for them, how they operate or their security provision.

The Personal Info we collect

We collect personal data directly from you when:

  • You express an interest in our services either over the phone, via email, social media, webforms, webinar attendance, contact us provision, when signing up to newsletters and other communications, when downloading certain content from our websites, at events we attend or host or through the live chat on our websites. The information we may require is contact information, name, phone number, email address, job title, company name, company address.
  • If you contact our helpline you may be asked for your name and company name.
  • When you make a purchase of our services we will require financial information for invoicing and collection purposes, this may include bank details, invoice name, address and point of contact.
  • If you attend an event where we are participating, you may have given additional consents to be contacted by us following the event. This information may include name, phone number, email address, company name and job title.
  • If you connect with us through a social media channel, we will know your social media handle and any other information including photos you make available through our interactions and your profile.
  • If you use our websites or email’s we will have details about your usage of our sites through cookies, beacons, and similar technologies. This information may include IP address and information about your visit.
  • If you complete surveys or enter competitions they may require contact information such as name, phone number, email address, company name and job title.
  • If you complete a registration form on our website when downloading content, we will ask for details such as name, email, company name and phone number
  • When you interact with live chat we will need name and email address for the functionality to work.
  • If you are an applicant for a role at BeyondHR we will require information relating to your career history which could include name, address, phone number and email address along with the positions you held and the date range you held those positions in different companies along with any qualifications.
  • If you participate in our referral program, we strongly advise you to give our details to the individual you want to refer to use and facilitate the process that way. If you decide to provide us with their details you represent that you have their authority to do so, act in accordance with data protection legislation and in accordance with this privacy notice.
  • If we are delivering a Health and Safety service where our qualifications or role for your company requires an authorised person or in dealing with an accident, we may require information such as name, health information, working patterns, contact information such as address, phone number. The information we may require will be specific for that scenario and will be advised in full. We will only ask for the information that is necessary to fulfil our purpose and in many cases is a legal requirement. This may also be information we gather from your employer if you are involved in an accident or incident.

Personal Data we collect from other sources

We will also gain personal information from other sources, this includes third parties we purchase data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.

Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.

Data from your device, usage of our website and applications

When you access our website we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services.

This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of BeyondHR services and applications. The collection of this type of data may either on its own, or when combined with other data we have, become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.

Cookies, beacons and similar technologies on our website and in email communications

Our use of cookies, beacons and similar technologies is to better understand how you interact with our website and email communications.

We use cookies on our website for a variety of reasons including remembering your settings, load balancing, marketing and analytics. These will be either our cookies or third-party

cookies, all of which can be configured by you using the cookie preference centre to configure the settings you are most comfortable with.

We use session cookies which expire after the session is closed, we also use persistent cookies which remain on your computer when you close the browser or turn your computer off. We also use beacons and pixels in our email communications and on our website, this enables us to understand if our communications are useful to you or not and how you then interact with the website or our service as a result of those email communications.

Where we use 3rd party cookies such as Google Analytics or third parties we use for advertising purposes we are joint controllers with them, if you do not wish for Google to have your IP address and understand your browsing actions please do decline cookies.

The cookies we use fall into four basic categories, they are:

Type of Cookie


Strictly necessary cookies

These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request in service, such as setting privacy preferences, logging, or completing a form. You can set your browser to block or alert you about these cookies, but some parts of the site may not work.

Functional cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose service we may have added to these pages. If you do not allow these cookies, then some or all of these services may not function properly.

Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve our site. This helps us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know you have visited our site, and will not be able to monitor its performance.

Targeting cookies

Targeting cookies may be set through our site by advertising partners. They may be

used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on unique identifiers in your browser and device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media

Our website uses social media icons such as Facebook and Twitter logos and other social sharing widgets. By using these features, you will be connecting to and sharing information from your browsing session with these organisations. If you are logged into your social media account, it is also possible that they will connect your activity on our site to your social media account.

This is also the case if you access our social media pages on a social media platform. The respective social media company may add your interaction to any information they may already have about you or your interests.

In all cases, in that transfer of data the social media provider is a data controller in their own right and responsible for what they do with your personal data. If you want to find out more, it is worth accessing their privacy notices.

Purpose of processing and legal basis we rely on

We collect and process personal data for the following purposes and with the following legal bases engaged:

  • Where our website is concerned, we are processing your personal data with your consent if it is required and for other elements of our website we are processing based on the legitimate interest to operate and administer the site. Where site security is concerned and the activities through our cookies that enable a secure site, this is administered as a legitimate interest.
  • To download some content from our site you are required to complete a form, this is done with your consent. We may also get in touch with you either by email and/or phone as a result of the download.
  • We may ask you for personal data when dealing with enquires, this data would be processed as a legitimate interest in being able to effectively follow up on your enquiry. This is also the case where it relates to a service enquiry or complaint, unless of course it is linked to a contractual obligation, this could include service updates and client communications, in which case it is processed as part of the fulfilment of our contract.
  • Setting up and managing your journey as a client is again done as part and parcel of the performance of the contract. This is also the case when it comes to good administration of matters relating to your contract with BeyondHR.
  • Where you use the chatbot on our website you are freely inputting your questions and so consenting to processing. Where we then used pseudonymised data to either train the AI or improve our services we are doing as a legitimate interest. Your reference ID from the chat is also used to provide information specific to your question and may also be a reference point back to your organisation, which could in turn enable us to better tailor services and promotional messages accordingly.
  • Managing event registration and administration of the event is done as a legitimate interest in ensuring the efficient administration and follow up of the event. We also rely on legitimate interests for processing client contact data for service surveys. If you choose to complete the survey with our partner this is done on the basis of consent.
  • Managing your payments relating to the service we provide. This also includes the entirety of the payment process in line with the terms and conditions of our service. We may also from time to time have to escalate this process to a third-party debt collection service. This disclosure of such data would be as a legitimate interest and further processed as part of the contractual terms.
  • The identification of opportunities both with prospects and opportunities within our existing client base is done in furthering the legitimate interests of the business.
  • If you provided a testimonial of our service, you will be doing so of your own free will and it will be retained until you ask us to remove it.
  • If we provide employment law and tribunal services, we will do so under the performance of a contract. This is also the case for some of our health and safety services where we are investigating accidents, liaising with the local authorities and acting as a competent individual.
  • Where you have applied as a candidate for a role at our company we will process your information in order to progress your application, contact you with updates, assess your qualities and capabilities against the requirements of the role and against other candidates. You will also be asked for proof of qualifications, references and other right to work information such as identification documents. This processing is done in part as a legitimate interest, in part with your consent and in part as a legal obligation. We may also use recruitment companies from time to time, where data is shared with these organisations we will both be data controllers and you will have been referred to us from them. Further data protection information regarding their activities can be gained from them.
  • We will send sales and marketing communications such as emails related to our services and those complementary services of approved partner organisations only if we can do so in accordance with data protection legislation.
  • There are legal obligations that we must comply with, these could be tax-related or generally dealing with local or national government, authorities, agencies or courts and professional advisors. It may be in our legitimate interest to protect our rights and if necessary, to disclose information for the protection of these rights or complying with court orders.
  • Running, managing and administration of our business are critical to its success and the successful delivery of our service. It includes but is not limited to aspects such as account management (sales, service and financial), IT (support to clients, use of or migration to platforms, running and improving the business and its security) and development of our applications, reporting and improvement. The legal bases for these activities will differ from performance of contract to legitimate interests and if there is information required by the government (such as tax information) this would be a statutory obligation.

Who we may share data with

We may share your personal data in the following circumstances:

  • Where we are using contracted service partners for services such as IT, HRMS and recruitment management software, web conferencing, hosting and system administration, email communications, analytics and research, data enrichment, survey providers and customer support. All these purposes and legal bases for processing are done in accordance with the information provided above
  • If you registering for events where we are partnering with another organisation or if a third party is running the event on our behalf, we may be required to share your details for the purpose of registration, security and administration of the event. This will be done in accordance with the legal bases noted above.
  • Where you interact with third party social media companies either through our website or directly through your social media profiles your data will be shared by you with them. This is also the case if you do not switch off third party cookies where advertising, targeting and analysis is concerned. These parties are likely to be data controllers in their own right.
  • To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • To enforce or apply our Terms of Service or other agreements or to protect BeyondHR and its customers (including with other companies and organisations for the purposes of fraud protection and credit risk reduction)
  • To any other person with your consent to the disclosure.
  • Finally, we may share anonymised or aggregated data gathered in the normal course of the administration and good running of our business with third parties or service providers to enable greater analysis, improvements, industry or service related trends to be identified and action taken accordingly.

How long do we hold data for?

We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a short period of time, for instance, as an unsuccessful job applicant we may retain your records for 12 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so in order to comply with the legal requirement; this is typically 6 years.

Once your data is no longer required it shall be deleted or if it is technically not possible to delete, we shall ensure sufficient controls are in place to put it beyond future use.

International transfers

Our data is typically hosted in the UK and other parts of the EEA, there are however some of our contracted technical service providers that process from the US and India. Where these transfers and any other transfer that may occur in the future are concerned, we ensure that there is a legal bases for the transfer and a lawful transfer mechanism in place prior to any transfers in place.

Any such transfers currently done are done using either a transfer to a country with an adequacy ruling or using European Commission Standard Contractual Terms.

Your rights

Under data protection legislation, you have rights as an individual which you can exercise in relation to the information, we hold about you.

These rights include:

  • The Right of Subject Access – this is the right to access data we hold about you and, where required, an explanation of that data.
  • The Right to Rectification – this is the right to have inaccurate or incomplete data rectified.
  • The Right to Erasure – this is also known as the ‘right to be forgotten’ and means that in certain circumstances you have the right to ask us to delete data we hold on you.
  • The Right to Restrict Processing – this is where you can request that we restrict/block processing of personal data (but still retain it)
  • The Right to Data Portability – this allows people to reuse their personal data by requesting it in a useable format.
  • The Right to Object – this right allows you to object to us processing your personal data. This is typically related to processing based on legitimate interest, performance of a task in the public interest, direct marketing, and processing for scientific or historical research.

Security of personal data

We take every reasonable and commercially viable precaution to protect personal and commercial data. These are organisational, technical, and physical measures to protect against unlawful or accidental access, disclosure, loss or alteration.

Whilst we have taken a robust stance to security no method of storage and transmission is 100% secure and, in some instances, out of our control. For that reason, you are entirely responsible for password security, controlling access to your devices, access to your environment in our partner HRMS and signing out and closing down web sessions once completed.

Data from your device, usage of our website and applications

When you access our website we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services.

This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of BeyondHR services. The collection of this type if data may either on its own, or when combined with other data we have become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.

Complaints and Queries

BeyondHR tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.

We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below

Data Protection Officer

22-24 Henry Street


BT43 2AH

or by email to [email protected]

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law.

Changes to this privacy notice

We keep our privacy notice under regular review and would encourage you to do so to. This privacy notice was last updated on 20 December 2023.