Privacy Policy

Last updated: 22.06.2026

1. About this policy

Totally HR Ltd is committed to protecting your privacy and handling personal data fairly, lawfully and transparently. This Privacy Policy explains how we collect, use, store and protect personal information when you use our website, contact us, make an enquiry, or use our HR consultancy services.

2. Who we are

Totally HR Ltd is a company registered in England and Wales under company number 7048407. Our registered office is St Andrews Castle, St Andrews Street South, Bury St Edmunds, IP33 3PH. You can contact us at info@totally-hr.co.uk or by telephone on 01284 774726. Totally HR Ltd is registered with the Information Commissioner’s Office.

3. Our role under data protection law

Totally HR Ltd is the data controller for personal data collected through our website, enquiries, marketing activity and our own business administration. Where we provide HR consultancy services to a client and process personal data on that client’s behalf, we may act as a data processor, or in some circumstances as a data controller, depending on the nature of the service and the arrangements agreed with the client.

4. Personal data we may collect

  • Contact details, such as your name, job title, business name, email address, telephone number and postal address
  • Information you provide when you contact us, make an enquiry, request services or complete website forms
  • Information needed to provide HR consultancy services, which may include employee relations, employment, payroll, absence, performance, disciplinary, grievance or workplace information supplied by clients
  • Technical information about how you use our website, such as IP address, browser type, device information and website usage data
  • Marketing preferences, where you have chosen to receive updates from us

5. How we use personal data

  • To respond to enquiries and communicate with you
  • To provide HR consultancy services and manage our client relationships
  • To prepare proposals, contracts, advice, documentation and related service materials
  • To manage billing, accounts and business administration
  • To improve our website, services and user experience
  • To send relevant updates, newsletters or marketing communications where permitted by law
  • To comply with legal, regulatory and professional obligations

6. Lawful basis for processing

We only use personal data where we have a lawful basis to do so. This may include where processing is necessary to perform a contract, to take steps before entering into a contract, to comply with a legal obligation, for our legitimate business interests, or where you have given consent. Where we rely on legitimate interests, we will only do so where those interests are not overridden by your rights and freedoms.

7. Special category data

In the course of providing HR consultancy services, we may process special category data where it is necessary and appropriate. This may include information about health, sickness absence, disability, trade union membership, workplace adjustments, disciplinary matters, grievance matters or other sensitive employment-related information. We will only process special category data where we have a lawful basis and a relevant condition under data protection law, and where appropriate safeguards are in place.

8. Marketing communications

We may send marketing communications, newsletters or updates where permitted by law. You can opt out of receiving marketing communications at any time by contacting us using the details in this policy or by using any unsubscribe option provided in the communication.

10. Sharing personal data

We may share personal data with trusted service providers and professional advisers where necessary, including IT providers, cloud storage providers, accountants, insurers, legal advisers and other professional support services. We may also share personal data where required by law, regulation, court order or a competent authority. We do not sell personal data.

11. International transfers

Where personal data is transferred outside the UK, we will take appropriate steps to ensure it is protected in accordance with applicable data protection law. This may include using recognised safeguards such as adequacy regulations or approved contractual protections.

12. How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected, including to provide services, respond to enquiries, meet legal obligations, resolve disputes, maintain business records and protect our legal position. We retain records in line with legal, contractual, regulatory and business requirements. Retention periods may vary depending on the type of information and the context in which it was provided.

13. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. However, no method of transmission over the internet is completely secure.

14. Your rights

Depending on the circumstances, you may have rights to request access to your personal data, correction of inaccurate data, deletion of data, restriction of processing, objection to processing, data portability, and withdrawal of consent where processing is based on consent. To exercise your rights, please contact us using the details in this policy.

15. Complaints

If you have concerns about how we handle your personal data, please contact us first so that we can try to resolve the matter. You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection matters.

16. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page.