Privacy Policy

Last updated: 3 December 2025

1. Who we are

Eagles HR Limited (“we”, “us”, “our”) provides HR consultancy services to organisations, including advice and support on matters such as TUPE transfers, restructures, organisational change, and employee relations.

For most of the activities described in this notice, we act as a data controller – we decide how and why your personal data is used (for example, in relation to our website, our own business contacts, and our own suppliers).

In some cases, particularly when we handle employee information on behalf of our clients (for example, during a TUPE transfer or restructure), we may act as a data processor and process personal data under our client’s instructions. In those cases, our client’s privacy notice will also apply.

Our details:

• Company name: Eagles HR Limited
• Registered address: 19 Oxleys, Olney, MK46 5PJ
• Email for privacy/enquiries: [hello@eagleshr.co.uk]
• Website: [https://eagleshr.co.uk]

If you have any questions about this notice or how we use your personal data, you can contact us using the details above.

2. The personal data we collect

The types of personal data we collect depend on how you interact with us.

2.1 Website visitors and business contacts

We may collect:

• Contact details: name, email address, phone number, job title, organisation.
• Enquiry information: what you tell us in contact forms or emails (e.g. details of your HR query).
• Marketing preferences: whether you wish to receive updates from us.
• Technical / usage data: IP address, browser type, device identifiers, pages visited and how you use our website (via cookies and similar technologies).

2.2 Employees and workers of our clients

In the course of providing HR consultancy services (for example, TUPE, redundancies, restructures, disciplinary or grievance processes), we may process personal data about:

• current, former or prospective employees and workers of our clients
• contractors engaged by our clients

Depending on the project, this may include:

• Identification details (name, job title, employee number)
• Contact details (work email, work address, and sometimes personal contact details if provided)
• Employment information (employment history, role, department, salary band or grade, working hours, benefits, length of service)
• Information relevant to organisational change (e.g. selection criteria, scoring matrices, role profiles, consultation notes)
• Information relevant to employee relations matters (e.g. disciplinary or grievance information, investigation notes, witness statements)
• For TUPE projects: details of employees assigned to a transferring undertaking, terms and conditions, continuity of service, and other information typically included in employee liability information (ELI)

We regularly process special category data in the context of HR consultancy work where this is relevant and necessary, for example:

• health and sickness information
• disability-related information and reasonable adjustments
• trade union membership (e.g. in TUPE situations)
• information about protected characteristics where relevant to the matter

We only process this type of data where it is necessary for our work and in line with our clients’ instructions and applicable law.

2.3 Payment information

If you purchase services or products from us via our website, your payment will be processed by a third-party payment provider. We receive confirmation of payment and limited payment details (for example, the last four digits of your card and the payment status), but we do not have access to or store your full card details.

2.4 Our own suppliers and professional contacts

We also hold limited personal data about:

• individuals at suppliers and professional advisers (e.g. accountants, lawyers, IT or marketing providers)
• networking contacts and referrers

This is usually limited to business contact details and correspondence.

3. How we collect personal data

We collect personal data in a few ways:

• When you fill in a form on our website or contact us by email, phone or social media
• When we work with you or your organisation as a client or supplier
• When our clients share employee data with us so that we can provide HR consultancy services (for example, employee lists for a TUPE transfer or restructure)
• When we attend meetings, events or networking activities and you share your details with us
• Automatically, when you visit our website, via cookies and similar technologies

4. How we use personal data and our legal bases

We must have a lawful basis under UK data protection law (UK GDPR and the Data Protection Act 2018) for each way we use personal data.

4.1 Providing HR consultancy services to our clients

What we do

We use personal data to:

• deliver HR consultancy services (e.g. advising on TUPE, restructures, redundancies, consultations, employee relations matters)
• review and analyse information provided by clients (e.g. employee lists, selection criteria, consultation documents)
• prepare advice, documentation and recommendations
• participate in consultations and meetings (sometimes involving or relating to employees)
• maintain records of our work for the client

Whose data?

• Client representatives and decision-makers
• Employees, workers and contractors of our clients

Legal bases

• Legitimate interests (Article 6(1)(f)) – our legitimate interest, and our clients’ legitimate interests, in receiving and providing professional HR advice and managing employment relationships and organisational change.
• Contract (Article 6(1)(b)) – where we need to process data to perform our contract with the client.

For special category data, we only process this where it is necessary and typically under one or more of the conditions in Article 9 UK GDPR and the Data Protection Act 2018, such as:

• where processing is necessary for the purposes of employment, social security and social protection law, subject to appropriate safeguards; and/or
• where processing is necessary for the establishment, exercise or defence of legal claims.

In many cases, we act as a processor for our clients, and they are responsible for providing appropriate privacy information to their employees.

4.2 Responding to enquiries and managing our relationship with you

What we do

• Respond to contact form submissions, emails and phone enquiries
• Provide quotes and information about our services
• Maintain records of communications and engagements
• Onboard and manage clients and suppliers

Legal bases

• Contract (Article 6(1)(b)) – to take steps at your request before entering into a contract, or to perform a contract with you or your organisation.
• Legitimate interests (Article 6(1)(f)) – our legitimate interest in running and growing our business and communicating with clients, prospective clients and suppliers.

4.3 Marketing and business development

What we do

• Send newsletters, updates, and information about our services, events or content we think might be relevant to you
• Run our social media channels and post content

Legal bases

• Consent (Article 6(1)(a)) – where you have opted in to receive marketing from us (you can withdraw consent at any time).
• Legitimate interests (Article 6(1)(f)) – for some business-to-business communications, where permitted by law, and where you can opt out at any time.

You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in our emails or by contacting us.

4.4 Operating and improving our website

What we do

• Use cookies and analytics tools to understand how visitors use the site
• Keep our website secure and up to date
• Troubleshoot and improve performance and content

Legal bases

• Legitimate interests (Article 6(1)(f)) – our legitimate interest in maintaining a secure and user-friendly website.
• Consent (Article 6(1)(a)) – for non-essential cookies and similar technologies, where required by law.

4.5 Legal, regulatory, and business obligations

What we do

• Keep appropriate business records
• Respond to legal requests or regulatory enquiries
• Manage and defend legal claims
• Comply with tax, accounting and other legal obligations

Legal bases

• Legal obligation (Article 6(1)(c)) – where processing is necessary for us to comply with the law.
• Legitimate interests (Article 6(1)(f)) – our legitimate interest in protecting our rights and defending or bringing legal claims.

5. Who we share personal data with

We do not sell personal data.

We may share personal data with:

• Our clients – where we are providing HR consultancy services that involve their employees’ data.
• Our service providers, who help us run our business, such as:
  • IT and website hosting providers
  • cloud storage and document management services (for example, Microsoft 365 and OneDrive for email and document hosting)
  • accounting and invoicing systems (for example, Xero, which we use for our business accounts and issuing invoices)
  • tools we use to schedule meetings and calls (for example, Calendly)
  • customer relationship management (CRM) and email platforms
  • professional advisers such as accountants, lawyers and insurers
• Regulators, law enforcement bodies, courts or authorities where we are required to do so by law or to protect our legal rights.
• Payment providers – where you make a purchase through our website, your payment information is processed directly by our third-party payment provider(s) who act as independent controllers or processors of your data in accordance with their own privacy notices.

Where our service providers process personal data on our behalf, we ensure they are subject to appropriate contracts and obligations to keep the data secure and to use it only in accordance with our instructions.

6. International transfers

We use reputable service providers (for example, Microsoft, Xero and Calendly) who state that they comply with UK/EU data protection law and use appropriate safeguards where they transfer data internationally.

7. How long we keep personal data

We keep personal data only for as long as necessary for the purposes set out in this notice, and to meet legal, accounting and reporting requirements.

• Client matter files (including related employee data provided to us by clients): 7 years from the end of the matter or the relationship, unless a longer period is required in case of potential legal claims.
• General enquiries (no contract formed): up to 3 years after we last hear from you.
• Marketing contacts: until you unsubscribe or we identify you as inactive for a period of 2 years.
• Supplier and professional contact records: while we have a relationship with you and for a reasonable period afterwards.

We may retain data for longer where necessary for the establishment, exercise or defence of legal claims.

8. Your rights

Depending on the circumstances and subject to certain conditions, you have the following rights regarding your personal data:

• Right of access – to obtain a copy of the personal data we hold about you.
• Right to rectification – to have inaccurate or incomplete data corrected.
• Right to erasure – to ask us to delete your data in certain circumstances.
• Right to restrict processing – to ask us to limit how we use your data in certain circumstances.
• Right to object – to object to our processing where we rely on legitimate interests, and to object to direct marketing at any time.
• Right to data portability – to receive certain data in a structured, commonly used format and to have it transmitted to another organisation, in certain circumstances.
• Right to withdraw consent – where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before consent was withdrawn.

To exercise any of these rights, please contact us using the details in section 1. We may need to verify your identity before responding.

If we are processing your data on behalf of one of our clients (for example, in a TUPE or restructure project), it may be appropriate for you to exercise your rights directly with that client as the data controller. We can help direct you if you are unsure.

9. Cookies and similar technologies

Our website uses cookies and similar technologies to:

• make the site work properly
• remember your preferences
• understand how visitors use the site (analytics)

Where required, we will ask for your consent before setting non-essential cookies. You can manage your cookie preferences through our cookie banner (if present) and your browser settings.

For more detailed information about the cookies we use, please see our Cookies Policy or the cookies section on our website.

10. Complaints and how to contact the ICO

If you have any concerns about how we use your personal data, we would encourage you to contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Changes to this privacy notice

We may update this privacy notice from time to time. When we do, we will update the “Last updated” date at the top of the page. We encourage you to review this page periodically to stay informed about how we use personal data.