Privacy Policy

This policy explains how The HRologist Ltd processes personal data across: (1) parent/coaching services (B2C) and (2) delivery to schools/MATs and partners (B2B).

1) Who we are (Data Controller)

Organisation: The HRologist Ltd (Company no. 15461549)

Data protection contact: naomi.withers@thehrologist.co.uk

Service contact (general): hello@thehrologist.co.uk

Registered address:  Mansfield, Nottingham NG20 8HZ (UK)

In most cases, The HRologist Ltd acts as a data controller for the personal data described in this policy. In some school/MAT engagements, the school/MAT may be the controller for pupil data and The HRologist Ltd may act as a processor (this will be set out in the contract).

2) What data we may collect

Depending on the service, we may process:

  • Contact details: name, email, phone number, organisation/role (B2B).

  • Service admin: bookings, attendance, invoices, payment records (where applicable).

  • Communications: emails/messages related to delivery or support.

  • Intake information (B2C): information you choose to share via intake forms and sessions.

  • Session / delivery notes: kept minimal, factual, and bounded.

  • Safeguarding or risk information: where relevant, this may include child-related or special category information (e.g., health/SEND/safeguarding-related details). We aim to collect the minimum necessary.

We avoid collecting “nice-to-know” sensitive information.

3) How and why we use your data (purposes)

We use personal data to:

  • deliver services and agreed outcomes

  • administer bookings, delivery, and invoicing

  • respond to enquiries and complaints

  • safeguard and manage serious risk (where relevant)

  • improve quality (prefer anonymised/aggregated reporting where possible)

4) Lawful bases (UK GDPR)

Depending on context, we rely on one or more of:

  • Contract (delivering the service)

  • Legitimate interests (running and improving the service)

  • Legal obligation (e.g., safeguarding duties where applicable)

  • Vital interests (serious risk scenarios)

  • Consent (used sparingly and not relied on where there is an imbalance of power)

5) Sharing your data

We share personal data only where necessary and lawful, and on a need-to-know basis. Depending on context, recipients may include:

  • the school/MAT’s named safeguarding route (DSL / safeguarding lead) where required

  • essential suppliers (e.g., booking, email, file storage) acting as processors

  • professional advisers (e.g., accountant) where necessary

  • statutory agencies where required by law or safeguarding duties

In school/MAT settings, pupil/safeguarding information (if any) should follow the setting’s approved route and agreements.

6) International transfers

Where we use suppliers that may process data outside the UK, we ensure appropriate safeguards are in place (e.g., UK IDTA / SCCs as applicable).

7) How long we keep data (retention)

We keep personal data only as long as necessary for the purposes above, and in line with our retention rules.

See: Records Retention & Destruction Policy (available on request).

8) Your rights

Under UK GDPR you may have rights including:

  • access to your personal data (SAR)

  • rectification

  • erasure (where applicable)

  • restriction

  • objection

  • portability

If we are acting as a processor for a school/MAT, the school/MAT (controller) will lead SAR handling and we will support as required.

9) Complaints

If you have a concern about how we have handled your personal data, please email:

naomi.withers@thehrologist.co.uk (subject line: “Data Protection Complaint”).

If you remain dissatisfied, you may raise your concern with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

10) Updates to this policy

We may update this policy from time to time. The latest version will be available on request and/or published on our website.