Privacy Notice

Last updated: January 2025

1. Introduction

1.1 Grace Pariser HR ("we", "us", "our") is a registered Data Controller with the Information Commissioner's Office (ICO).

1.2 This Privacy Notice sets out how we collect, store and use personal information through The HR Vault in accordance with the UK General Data Protection Regulations (UK GDPR) and Data Protection Act of 2018.

1.3 It applies to all users of The HR Vault website and platform.

1.4 We reserve the right to amend this Privacy Notice at any time. It does not form part of any contract with us.

1.5 By using our platform, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Information

Company: Grace Pariser Human Resources

Contact Person: Grace Pariser

Email: grace@gp-hr.co.uk

Phone: 07591 844703

3. The Information We Store

3.1 We collect, store and use the following categories of personal information through The HR Vault:

Account Information:

  • First name and surname
  • Email address
  • Company name (optional)
  • Professional role (HR Consultant or In-House HR)
  • Account preferences and settings

Subscription and Payment Data:

  • Stripe customer ID and payment method information
  • Subscription plan type (monthly/annual, HR Consultant/In-House HR)
  • Payment history and transaction records
  • Billing dates and subscription status

Usage and Activity Data:

  • Documents downloaded and access history
  • Login times and session information
  • Download count and remaining allowances
  • Platform usage patterns and preferences

Technical and Security Data:

  • IP addresses and device information
  • Browser type and operating system
  • Session tokens and authentication data
  • Security logs and access records

Communication Data:

  • Support enquiries and correspondence
  • Feedback and service requests
  • Email communication preferences

4. Data Collection Process

4.1 Account Registration: When you create an account on The HR Vault, we collect your name, email address, company details, and professional role.

4.2 Subscription Process: When you subscribe to premium services, we collect payment information through Stripe and link it to your account.

4.3 Platform Usage: When you use our platform, we automatically record your document downloads, access patterns, and usage statistics.

4.4 Communications: When you contact our support team or provide feedback, we store your communications for service improvement.

5. Information Automatically Collected

5.1 When you use The HR Vault, we may automatically collect:

  • Technical Data: IP address, browser type, operating system, device information
  • Usage Data: Pages visited, documents accessed, time spent on platform, download patterns
  • Session Data: Login/logout times, session duration, authentication tokens
  • Performance Data: Page load times, error logs, system performance metrics

5.2 Our platform may contain links to other websites. Once you leave our platform, this privacy policy no longer applies.

6. How We Use Personal Information

6.1 We process personal information for The HR Vault under the following legal bases:

Contract Performance:

  • Providing access to HR documents and templates
  • Managing your subscription and billing
  • Delivering premium features and services
  • Processing downloads and tracking usage limits
  • Providing customer support and technical assistance

Legitimate Interests:

  • Improving platform functionality and user experience
  • Analyzing usage patterns to develop new features
  • Maintaining platform security and preventing fraud
  • Conducting business operations and administration
  • Communicating important service updates

Legal Obligations:

  • Compliance with financial and tax regulations
  • Data protection and privacy law compliance
  • Responding to legal requests and investigations
  • Meeting regulatory reporting requirements

Consent (where applicable):

  • Sending marketing communications (HR updates and industry insights)
  • Analytics and performance tracking (via cookies)
  • Optional premium features requiring additional consent

7. Sharing Data with Third Parties

7.1 We share your data with trusted service providers who help us operate The HR Vault:

Essential Service Providers:

  • Stripe: Payment processing and subscription management
  • Brevo (formerly Sendinblue): Email communications and newsletters
  • Web Hosting Provider: Platform hosting and technical infrastructure
  • Backup Services: Data backup and disaster recovery

Analytics (with your consent):

  • Google Analytics: Website usage analytics and performance monitoring

7.2 We do not sell, trade, or rent your personal information to third parties.

7.3 All data processing agreements with third parties include appropriate privacy and security safeguards.

7.4 We will not transfer personal data outside the UK unless adequate protections are in place.

8. Data Storage and Retention

8.1 We retain your data for different periods depending on its purpose:

Account and Profile Data:

Retained while your account is active, plus 6 years after account closure for legal and business purposes.

Subscription and Payment Data:

Retained for 6 years after the end of your subscription for financial, legal, and tax compliance.

Document Access Logs:

Retained for 2 years from the date of access for usage analytics and platform improvement.

Communication Records:

Support enquiries and correspondence retained for 3 years from last contact.

Technical and Security Logs:

IP addresses and security logs retained for 12 months for security and fraud prevention.

Marketing Communications:

Retained until you unsubscribe or request deletion.

Cookies and Analytics:

Analytics data retained for up to 26 months (Google Analytics default).

8.2 We conduct annual data reviews to ensure we only retain necessary information.

8.3 When data is no longer needed, it is securely deleted or anonymized.

9. Data Security

9.1 We implement comprehensive security measures to protect your data:

Technical Safeguards:

  • SSL/TLS encryption for all data transmission
  • Encrypted database storage
  • Secure authentication and session management
  • Regular security updates and patches
  • Firewall protection and intrusion detection

Organizational Measures:

  • Access controls limiting data access to authorized personnel
  • Staff training on data protection and security
  • Regular security assessments and audits
  • Incident response and breach notification procedures
  • Data processing agreements with all service providers

9.2 However, no internet-based system is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

10.1 Under UK GDPR, you have the following rights regarding your personal data:

Right of Access:

Request copies of your personal data and information about how we process it.

Right to Rectification:

Request correction of inaccurate or incomplete personal data.

Right to Erasure:

Request deletion of your personal data in certain circumstances.

Right to Restrict Processing:

Request limitation of how we process your data in specific situations.

Right to Data Portability:

Receive your data in a structured, machine-readable format for transfer to another service.

Right to Object:

Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:

Withdraw consent for processing where consent is the legal basis.

10.2 To exercise any of these rights, please contact us at grace@gp-hr.co.uk.

10.3 You can also update your account information and privacy preferences through your account settings.

11. Marketing Communications

11.1 We may send you marketing communications about HR industry updates, new documents, and platform improvements if you have:

  • Given us your consent, or
  • Subscribed to our services and not opted out

11.2 You can unsubscribe from marketing emails at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Emailing us at grace@gp-hr.co.uk
  • Updating your preferences in your account settings

12. Children's Privacy

12.1 The HR Vault is designed for business and professional use and is not intended for individuals under 18 years of age.

12.2 We do not knowingly collect personal information from children under 18.

12.3 If we become aware we have collected data from a child, we will take steps to delete that information promptly.

13. Changes to This Policy

13.1 We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

13.2 We will notify you of significant changes by:

  • Posting the updated policy on our platform
  • Updating the "Last updated" date
  • Sending email notifications for material changes
  • Displaying a notification on the platform

13.3 We encourage you to review this Privacy Policy periodically.

14. Contact and Complaints

14.1 Grace Pariser is responsible for data protection matters. For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Email: grace@gp-hr.co.uk

Phone: 07591 844703

Subject Line: "Data Protection Enquiry"

14.2 We aim to respond to all data protection enquiries within 30 days.

14.3 If you remain unhappy with our response, you can raise your concerns with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

ICO Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint