Privacy Policy
This policy explains how The HRologist Ltd processes personal data across: (1) parent/coaching services (B2C) and (2) delivery to schools/MATs and partners (B2B).
1) Who we are (Data Controller)
Organisation: The HRologist Ltd (Company no. 15461549)
Data protection contact: naomi.withers@thehrologist.co.uk
Service contact (general): hello@thehrologist.co.uk
Registered address: Mansfield, Nottingham NG20 8HZ (UK)
In most cases, The HRologist Ltd acts as a data controller for the personal data described in this policy. In some school/MAT engagements, the school/MAT may be the controller for pupil data and The HRologist Ltd may act as a processor (this will be set out in the contract).
2) What data we may collect
Depending on the service, we may process:
Contact details: name, email, phone number, organisation/role (B2B).
Service admin: bookings, attendance, invoices, payment records (where applicable).
Communications: emails/messages related to delivery or support.
Intake information (B2C): information you choose to share via intake forms and sessions.
Session / delivery notes: kept minimal, factual, and bounded.
Safeguarding or risk information: where relevant, this may include child-related or special category information (e.g., health/SEND/safeguarding-related details). We aim to collect the minimum necessary.
We avoid collecting “nice-to-know” sensitive information.
3) How and why we use your data (purposes)
We use personal data to:
deliver services and agreed outcomes
administer bookings, delivery, and invoicing
respond to enquiries and complaints
safeguard and manage serious risk (where relevant)
improve quality (prefer anonymised/aggregated reporting where possible)
4) Lawful bases (UK GDPR)
Depending on context, we rely on one or more of:
Contract (delivering the service)
Legitimate interests (running and improving the service)
Legal obligation (e.g., safeguarding duties where applicable)
Vital interests (serious risk scenarios)
Consent (used sparingly and not relied on where there is an imbalance of power)
5) Sharing your data
We share personal data only where necessary and lawful, and on a need-to-know basis. Depending on context, recipients may include:
the school/MAT’s named safeguarding route (DSL / safeguarding lead) where required
essential suppliers (e.g., booking, email, file storage) acting as processors
professional advisers (e.g., accountant) where necessary
statutory agencies where required by law or safeguarding duties
In school/MAT settings, pupil/safeguarding information (if any) should follow the setting’s approved route and agreements.
6) International transfers
Where we use suppliers that may process data outside the UK, we ensure appropriate safeguards are in place (e.g., UK IDTA / SCCs as applicable).
7) How long we keep data (retention)
We keep personal data only as long as necessary for the purposes above, and in line with our retention rules.
See: Records Retention & Destruction Policy (available on request).
8) Your rights
Under UK GDPR you may have rights including:
access to your personal data (SAR)
rectification
erasure (where applicable)
restriction
objection
portability
If we are acting as a processor for a school/MAT, the school/MAT (controller) will lead SAR handling and we will support as required.
9) Complaints
If you have a concern about how we have handled your personal data, please email:
naomi.withers@thehrologist.co.uk (subject line: “Data Protection Complaint”).
If you remain dissatisfied, you may raise your concern with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
10) Updates to this policy
We may update this policy from time to time. The latest version will be available on request and/or published on our website.