Privacy Policy

1. Introduction

HNR Solutions Ltd (“HNR Solutions”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit our website www.hnr-solutions.co.uk, engage our services, register as a candidate, or contact us as a prospective client.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

By using our website or services, you confirm that you have read and understood how we process your personal data as described here.

2. Who we are

HNR Solutions Ltd is the data controller responsible for your personal data.

• Company name: HNR Solutions Ltd
• Company number: 13946184
• Registered office: Suite-3 Hillsboro, 377 Southchurch Road, Southend-on-Sea, Essex, SS1 2PQ
• Email: info@hnr-solutions.co.uk
• Phone: 01702 826220
• ICO registration number: ZB310578
• Data Protection Contact: Enquiries about data protection should be sent to info@hnr-solutions.co.uk marked FAO Data Protection.

3. Personal data we collect

We collect and process different categories of personal data depending on your relationship with us.

3.1 If you are a candidate or job seeker

• Identity and contact details: full name, date of birth, nationality, home address, phone number, email address, National Insurance number.
• Right-to-work information: passport, visa, biometric residence permit, share code, and any other document required to verify your right to work in the UK.
• Employment history: CV, previous employers, roles, dates of employment, reasons for leaving, reference contact details.
• Qualifications and training: academic certificates, professional qualifications, training records, and certifications relevant to the role (for example, Care Certificate, CSCS card).
• Financial information: bank account details for payroll, tax code, and P45 where applicable.
• Background checks: Disclosure and Barring Service (DBS) results where required, reference responses, and any declarations you make.
• Health information (special category data): relevant medical information required for safe placement in healthcare or care sector roles, and any reasonable adjustments you require.
• Criminal records information (special category data): where a role lawfully requires it, including DBS certificates.
• Interview notes and assessments made during our screening process.
• Availability, pay expectations, and preferred work locations.

3.2 If you are a client or prospective client

• Business contact details: name, job title, business email, business phone, company name, and registered business address.
• Hiring requirements and role specifications.
• Contractual and financial information for billing purposes.
• Correspondence and records of communications with us.

3.3 If you visit our website

• Technical information: IP address, browser type and version, operating system, device type, and referral source.
• Usage information: pages visited, time spent on the site, links clicked, and navigation paths.
• Form submissions: any information you provide through contact or enquiry forms.
• Cookies and similar tracking technologies (see our Cookie Policy).

4. How we collect your personal data

• Directly from you when you register with us, submit a CV, complete a form, email us, or speak to us by phone.
• From third parties such as referees, previous employers, background check providers, and the Disclosure and Barring Service.
• From publicly available sources such as LinkedIn, professional directories, and company websites, where lawful.
• From job boards and recruitment platforms where you have made your CV or profile publicly available.
• Automatically through cookies and similar technologies when you use our website.

5. Why we process your personal data and our legal basis

Under the UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on are set out below.

5.1 Performance of a contract

We process your personal data where it is necessary to take steps at your request before entering into a contract, or to perform a contract we have with you. This includes:

• Registering you as a candidate.
• Matching you to suitable roles.
• Arranging interviews and placements.
• Processing payroll and paying you for work completed.
• Providing recruitment and business support services to client organisations.

5.2 Legal obligation

We process personal data where we are required to do so by law, including:

• Verifying right to work in the UK under the Immigration, Asylum and Nationality Act 2006.
• Meeting obligations under the Conduct of Employment Agencies and Employment Businesses Regulations 2003.
• Complying with tax, national insurance, and HMRC reporting requirements.
• Responding to lawful requests from regulators, law enforcement, or courts.

5.3 Legitimate interests

We process personal data where it is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests. Our legitimate interests include:

• Running our recruitment business and providing our services effectively.
• Contacting candidates about roles we believe may be of interest.
• Marketing our services to businesses and prospective clients (B2B marketing).
• Maintaining and improving our website and services.
• Preventing fraud and protecting the security of our systems.
• Administering and managing our business.

5.4 Consent

In limited circumstances, we rely on your consent - for example, when sending direct marketing emails to individual (not business) contacts, or when using non-essential cookies. You may withdraw your consent at any time.

5.5 Processing special category data

Where we process special category data such as health information or information about criminal convictions, we rely on additional lawful bases under the UK GDPR and Schedule 1 of the Data Protection Act 2018, including:

• Processing necessary for carrying out obligations in the field of employment law (Article 9(2)(b) UK GDPR; DPA 2018 Schedule 1, Part 1, paragraph 1).
• Processing necessary for the establishment, exercise, or defence of legal claims.
• Your explicit consent, where appropriate and freely given.

6. Who we share your personal data with

We share your personal data only where necessary and in accordance with the UK GDPR. Recipients may include:

• Client organisations - where we present you as a candidate for a specific role, with your knowledge.
• Referees and former employers - to verify the references you have provided.
• Background check providers - including the Disclosure and Barring Service (DBS) and right-to-work verification services.
• Payroll providers and accounting software - to process payment for work completed.
• HMRC - to meet our tax and national insurance obligations.
• Professional advisers - including solicitors, accountants, and auditors, where necessary.
• IT service providers - including cloud hosting, CRM, and email providers who process data on our behalf under written contracts.
• Regulators and law enforcement - where legally required.

We do not sell your personal data to any third party for marketing or commercial purposes.

7. International transfers

HNR Solutions may expand its recruitment operations to include international candidate sourcing, including from countries outside the UK such as Bangladesh. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place as required by the UK GDPR, including:

• Transfers to countries that have been granted adequacy status by the UK.
• Use of the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses.
• Other approved transfer mechanisms.

8. How long we keep your personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, tax, accounting, or reporting requirements.

Where personal data is no longer required, it is securely deleted or anonymised.

9. How we protect your personal data

• Encrypted storage of personal data and secure transmission using SSL/TLS.
• Access controls limiting personal data to staff who need it to perform their role.
• Regular review of our security practices and staff training on data protection.
• Written contracts with third-party processors requiring them to maintain equivalent security standards.
• Prompt reporting and investigation of any suspected data breach in line with our legal obligations.

10. Your rights under the UK GDPR

• The right to be informed - to know how your personal data is being used.
• The right of access - to request a copy of the personal data we hold about you.
• The right to rectification - to ask us to correct inaccurate or incomplete data.
• The right to erasure - to ask us to delete your personal data in certain circumstances.
• The right to restrict processing - to limit how we use your data in certain circumstances.
• The right to data portability - to receive your data in a structured, machine-readable format.
• The right to object - to object to processing based on legitimate interests or for direct marketing.
• Rights relating to automated decision-making and profiling - we do not make automated decisions that produce legal or similarly significant effects about you.

To exercise any of these rights, please contact us. We will respond within one calendar month.

11. Cookies

Our website uses cookies and similar technologies. For detailed information, see our Cookie Policy.

12. Children's data

Our services are not directed at children. We do not knowingly collect personal data from anyone under the age of 18.

13. How to contact us and how to complain

If you have any questions about this Privacy Policy, want to exercise your rights, or wish to make a complaint, please contact us by email, phone or post (details below).

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: www.ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. The date at the top of this policy will show when it was last updated.