1. Introduction

This Privacy Notice explains how personal data is collected, used, and protected in the course of our business activities, including through our website, booking systems, and delivery of consulting services.

We process personal data in accordance with applicable data protection legislation, including:

  • the General Data Protection Regulation (EU) 2016/679 (GDPR)
  • the Data Protection Act 2018 (Ireland)
  • relevant ePrivacy Regulations (where applicable)

We are committed to ensuring that personal data is handled lawfully, fairly, and transparently, and that appropriate safeguards are in place at all times.

2. Data Controller

The data controller is:

HR Initiatives Ltd. 
Contact E-mail: hello@hr-initiatives.ie

3. Categories of Personal Data

We may collect and process the following categories of personal data:

Standard Personal Data
  • Name, email address, and contact details
  • Organisation name, role, and professional information
  • Information provided through enquiries, bookings, or engagements
Sensitive (Special Category) Data

We do not intentionally collect special category personal data. However, in the course of HR advisory or consulting work, such data may arise (e.g. data relating to health, disciplinary matters, or other employment-related information).

Where this occurs:

  • it is processed strictly in accordance with GDPR requirements
  • appropriate safeguards are applied
  • access is restricted to authorised personnel only
4. Purpose of Processing

Personal data is processed for the following purposes:

Service Delivery
  • responding to enquiries
  • scheduling and delivering advisory, consulting, or interim services
  • supporting organisational HR and workforce-related activities
Business Operations
  • maintaining accurate records
  • managing client relationships
  • ensuring service quality
Communications
  • providing relevant updates relating to engagements
  • sending insights, professional updates, or newsletters where consent is provided
Legal and Regulatory Obligations
  • complying with legal, regulatory, or contractual obligations
  • supporting governance, audit, and accountability requirements
5. Legal Basis for Processing

Personal data is processed under one or more of the following legal bases:

  • Contractual necessity (Article 6(1)(b))
  • Legal obligation (Article 6(1)(c))
  • Legitimate interests (Article 6(1)(f))
  • Consent (Article 6(1)(a)) – where applicable, particularly for marketing communications

Where special category data is processed, an additional condition under Article 9 GDPR is relied upon, such as:

  • processing necessary for employment, HR, or organisational management purposes
  • explicit consent where required
6. Data Sharing and Processors

Personal data may be shared with:

  • IT service providers (e.g. hosting, email, booking systems)
  • professional advisers (legal, accounting)
  • client organisations (where relevant to service delivery)
  • regulatory or public authorities (where required by law)

All third-party processors are required to:

  • process data on documented instructions
  • implement appropriate technical and organisational measures
  • comply with GDPR obligations

We do not sell or share personal data for third-party marketing.

7. International Data Transfers

Where data is transferred outside the European Economic Area (EEA):

  • appropriate safeguards are implemented
  • transfers are made under approved legal mechanisms (e.g. Standard Contractual Clauses)
8. Data Retention

Personal data is retained only for as long as necessary to:

  • fulfil the purpose for which it was collected
  • meet legal, regulatory, or contractual requirements
  • maintain appropriate business and audit records

Retention periods are determined based on:

  • the nature of the data
  • the purpose of processing
  • applicable legal requirements
9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • secure systems and platforms
  • access controls and confidentiality measures
  • data minimisation and limited retention
  • appropriate handling procedures for sensitive HR-related data

These measures are regularly reviewed to ensure continued effectiveness.

10. Data Subject Rights

Under GDPR, individuals have the right to:

  • access their personal data
  • request correction of inaccurate data
  • request erasure (where applicable)
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent at any time (where applicable)

Requests can be made via the contact details above.

11. Marketing Communications

Where consent is provided, we may send:

  • HR insights and updates
  • newsletters and professional content
  • information about relevant services

You may withdraw consent or unsubscribe at any time.

12. Complaints

If you have concerns regarding the processing of your personal data, please contact us in the first instance.

You also have the right to lodge a complaint with:

Data Protection Commission (Ireland)
https://www.dataprotection.ie

13. Governance and Accountability

We maintain appropriate governance arrangements to ensure ongoing compliance with data protection obligations, including:

  • defined roles and responsibilities
  • data protection awareness and good practice
  • periodic review of data processing activities
  • implementation of appropriate policies and procedures
14. Updates to this Notice

This Privacy Notice may be updated from time to time to reflect changes in legal requirements, business operations, or data processing practices.

The most recent version will always be available on this website.

© Copyright HR Initiatives