Data Protection Policy.
Purpose
This Data Protection Policy outlines how Astreo HR collects, uses, stores, and protects personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to ensuring that personal data is handled lawfully, transparently, and securely at all times.
Scope
This policy applies to all personal data processed by Astreo HR, including data relating to:
- Clients and prospective clients
- Employees, contractors, and associates
- Website users and individuals making enquiries
It applies to all staff, contractors, and third parties who process data on behalf of the business.
Definitions
Personal Data: Any information relating to an identified or identifiable individual
Processing: Any operation performed on personal data (e.g. collection, storage, use, disclosure)
Data Subject: The individual to whom the personal data relates
Data Protection Principles
We adhere to the following principles when processing personal data:
- Lawfulness, fairness, and transparency
- Purpose limitation – data is collected for specified, legitimate purposes
- Data minimisation – only necessary data is collected
- Accuracy – data is kept up to date
- Storage limitation – data is retained only as long as necessary
- Integrity and confidentiality – data is kept secure
Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests (provided these are not overridden by individual rights)
Types of Data Collected
We may collect and process:
- Contact details (name, email, phone number)
- Employment and business-related information
- Client or candidate HR data (where acting on behalf of clients or candidates)
- Technical data (e.g. IP address, website usage)
Where we process special category data (e.g. health or diversity data), we will ensure additional safeguards are in place.
Data Use
Personal data is used for:
- Delivering HR consultancy services
- Managing client relationships and contracts
- Responding to enquiries and booking consultations
- Meeting legal and regulatory obligations
- Improving business operations
Data Sharing
We do not sell personal data. We may share data with:
- Service providers (e.g. IT systems, scheduling platforms)
- Professional advisers (e.g. accountants, legal advisers)
- Regulatory authorities where required
All third parties are required to process data securely and in compliance with data protection laws.
Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Secure storage systems
- Password protection and access controls
- Encryption where appropriate
- Staff awareness and training
Data Retention
Personal data is retained only for as long as necessary to fulfil its purpose or meet legal requirements.
Retention periods are defined within our Data Retention Policy.
Data Subject Rights
Individuals have the right to:
- Access their personal data
- Request correction of inaccurate data
- Request erasure of their data
- Restrict or object to processing
- Data portability (where applicable)
- Withdraw consent at any time
Requests will be handled within statutory timeframes.
Data Breaches
Any data breach will be:
- Assessed promptly
- Reported to the relevant authority where required
- Communicated to affected individuals if there is a high risk to their rights
All breaches must be reported internally immediately.
Responsibilities
Astreo HR is responsible for ensuring compliance with this policy.
All staff and contractors must:
- Handle personal data in accordance with this policy
- Report any concerns or breaches
- Complete any required data protection training
Third-Party Processing
Where third parties process data on our behalf, we ensure:
- A written agreement is in place
- They provide sufficient guarantees of data protection compliance
Policy Review
This policy will be reviewed regularly and updated as necessary to reflect changes in legal or regulatory requirements.
Contact
For any data protection queries or requests, please contact:
Marcelle Stewart, Managing Director
Astreo HR Limited, Unit 1, The Cam Centre, Wilbury Way, Hitchin, SG4 0TW
