google-site-verification=3EpJybxs9h47oK_M22_JiQWip2BRmCJfPy2GMJe6o-8
top of page
Office Building

Privacy Policy

GHR Source Privacy Policy GHR Source is strongly committed to protecting personal data. This privacy policy describes why and how we collect and use personal data and provides information about the rights of individuals. This policy applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

 

“GHR Source” (and “we”, “us”, or “our”) refers to GHR Source, a partnership registered with the UK HMRC.

 

Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. GHR Source processes personal data for a number of purposes, and the means of collection, lawful basis of processing, use, disclosure and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

Security
We take the security of all data we hold very seriously. We adhere to best practice security standards and we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

When and how we share personal data
We will only share personal data with others where there is a UK legal requirement for us to do so. Your personal data will remain in the United Kingdom and will not be transferred or processed outside of the United Kingdom.

Individuals’ rights and how to exercise them
Individuals have certain rights over their personal data. Individuals’ rights include the rights:

  • of access,

  • to rectification/amendment,

  • to erasure,

  • to restriction of processing,

  • to object to processing to data portability,

  • to withdraw consent at any time (where processing is based on consent).


Your right of access to personal data
You have the right to obtain confirmation of whether we process personal data about you, to receive a copy of your personal data held by us and to obtain information about how and why we process your personal data. This right may be exercised by emailing us.

Your right to rectification/amendment of personal data
You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name and address) and to have any incomplete personal data completed. To update your personal data submitted to us please contact us by email.

Your right to erasure
You have the right to request deletion of your personal data in certain circumstances:

  • the personal data are no longer necessary in relation to the purposes for which they were collected and processed;

  • our legal basis for processing is consent, you withdraw that consent and we have no other lawful basis for the processing of your personal data (this will only apply in very limited circumstances);

  • our legal basis for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have over-riding legitimate grounds;

  • you object to our processing for direct marketing purposes;

  • your personal data have been unlawfully processed; or

  • your personal data must be erased to comply with a legal obligation to which we are subject.


Your right to restrict processing
You have the right to restrict our processing of your personal data in the following cases:

  • for a period enabling us to verify the accuracy of your personal data where you have contested the accuracy of the personal data;

  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;

  • your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; or

  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.

    To restrict our processing of your personal data, please contact us by email.

 

Your right to object to processing
You have the right to object to our processing of your personal data in the following cases:

 

  • our legal basis for processing is that the processing is necessary for our legitimate interests or those of a third party; or

  • our processing is for direct marketing purposes.

To object to our processing of your personal data, please contact us by email.

Your right to data portability
Where our legal basis for processing your personal data is either consent or performance of a contract, you have a right to receive personal data provided by you to us and to have this sent to another organisation (by us where technically feasible). To exercise your right to data portability, please contact us by email.

Your right to withdraw consent
Where we process personal data using only your consent, you have a right to withdraw this consent at any time. Note that we do not generally process personal data based on consent (as we usually rely on another legal basis) and so the right to withdraw consent may not be applicable. However if you wish to exercise the right to withdraw your consent please contact us by email.

The relevant “use of personal data” sections of this privacy statement explain our processing of personal data using the legal basis of consent.

Complaints
We hope you will never need to complain about our use of your personal data, but if you do please email us with the details of your complaint. We will investigate your complaint thoroughly and communicate back to you in a timely manner.

You also have the right to complain to the Information Commissioner’s Office (“ICO”) in the UK. The ICO is the UK’s data protection regulator. For further information please visit the ICO website.

Policy Review
Our Privacy Policy is reviewed on a regular basis to ensure that it continues to comply with our obligations under the ICO. This policy was last reviewed in June 2021.

Appendix Collection of Personal data relating to our individual clients


Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data with us where it is strictly needed for those purposes. Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to the data subjects concerned regarding use. We collect and use contact details for our clients in order to manage and maintain our relationship with those individuals. Given the diversity of services we provide to our clients, we may process a number of categories of personal data, including:
• Personal details (e.g. name, age/date of birth, gender, marital status)
• Contact details (e.g. email address, contact telephone number, postal address)
• Financial details (e.g. salary, payroll details and other financial-related details such as income, employment benefits and tax status); and
• Job details (e.g. job role, grade, seniority, performance information and other information about co-workers and line management).

For certain services or activities, we may process special categories of personal data (such as in performing know your client (KYC) checks). This will involve us in the processing of government identification documents that may contain biometric data or data revealing a protected characteristic.

bottom of page