top of page

Privacy Policy

Who we are

Loxley HR & Mediation Ltd (company number 13109532) (“us”, “we”, or “our”) is the data controller for the data we collect about you on our website http://www.loxleyhr.co.uk (the “Site”).

​

We take your privacy very seriously and we are committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office (the ICO) in the United Kingdom with registration number ZB282775.


This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the Site.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

​

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.


The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

​

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

​

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

​

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded consent from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

​

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We may share your personal data with External Third Parties including:

  • Our partners, as well as third party services providers, including those who provide data processing services to us;

  • Any competent law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.​

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

​

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
 

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Retention

When we have no ongoing need to process personal data, it will either be deleted or anonymised or, if this is not possible (for example, because the relevant personal data has been stored in backup archives), we will store it securely and isolate it.

Links to other websites

Our website may contain links to third-party websites or services that are not owned or controlled by Loxley HR & Mediation Ltd.

 

We have no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that Loxley HR & Mediation Ltd shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such websites or services.

Changes to this Privacy Policy

This Privacy Policy is effective as of 16th July 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
 

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the website after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

Your legal rights

Under certain circumstances, by law you have the right to:
 

  • Request access to your personal data (commonly known as a ‘data subject access request’), to receive a copy of the personal data we hold about you and to check it is being lawfully processed

  • Request correction of the personal data that we hold about you

  • Object to processing of your personal data

  • Request erasure of your personal data where there is no good reason for us to continue to process it, or where you have exercised the right to object to processing

  • Request the restriction of processing of your personal data, for example if you want us to suspend processing of certain data to establish its accuracy or the reason for processing it

  • Request the transfer of your personal data to another party.
     

If you wish to exercise any of the rights set out above, please contact us.
 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Staff Privacy Notice

Loxley HR & Mediation Ltd  (the “Company”) is committed to protecting personal information and complying with applicable data protection laws. This notice applies to Company employees (full-time and part-time), candidates for employment with the Company (including unsuccessful candidates), agents, agency workers, contractors and other third parties who provide services for, or on behalf of, the Company (collectively referred to in this notice as “staff”). We explain in this notice the choices staff can make about the way their personal information is collected and used. This notice also provides information to staff regarding the purposes and conditions of the processing of their personal information. This notice should be read in conjunction with any other data protection policy in use at the Company from time to time.

Data protection principles

We comply with applicable data protection law, including the UK GDPR and Data Protection Act 2018. This means that when processing staff personal information for any purpose we ensure it is:
 

  • Used lawfully, fairly and in a transparent manner.

  • Collected only for valid purposes that have been clearly explained and not used in any way that is incompatible with those purposes.

  • Relevant to the purposes we have told you about and limited only to those purposes.

  • Accurate and kept up-to-date.

  • Kept only as long as necessary for the purposes we have informed you about.

  • Kept securely.
     

We expect all staff to follow these privacy principles when processing personal data on our behalf.

What personal information do we hold about you?

The Company collects personal information about you prior to and during the work relationship, including directly from you, by Company technology and systems when you use such technology and systems, and also, where permitted, from third parties in the course of our business activities.
This personal information may include: your application materials; Curriculum Vitae (CV); information provided by you during any interview / assessment; information generated from any verification and background checks, where relevant for your role; offer letter; any contractual details; professional correspondence with or about you; salary and other compensation details; benefits forms; performance appraisals and ratings; health and sickness records and medical reports; holiday records; information generated from workplace diversity monitoring; records relating to workplace grievances, disciplinary issues and related investigations.
These documents may contain, amongst other information, your name, and any former names; contact details including your home address and former addresses, telephone numbers, and email addresses; employment history; date of birth and place of birth; nationality, sex and gender identity marital, insurance number of tax ID, residency status, passport or visa number; gender; marital status; names of any next of kin where necessary; emergency contact details; bank account information; educational history; health information.
Subject to applicable laws, we may in certain circumstances need to process personal information about you that constitutes “special personal data” in accordance with Article 9 of the UK GDPR as applicable (namely information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life and sexual orientation, genetic or biometric data), or information about criminal convictions or criminal charges in accordance with Article 10 of the UK GDPR.
If we process such categories of personal data about you, we will ensure that one or more of the legal grounds for processing special personal data and/or criminal convictions personal data applies.
Legal grounds for processing special personal data and/or criminal convictions data may include: where we need to carry out our legal obligations or exercise rights in connection with employment; where it is needed in the public interest, such as for equal opportunities monitoring; where it is necessary to protect you or another person from harm; or, in limited circumstances, with your explicit consent.
In accordance with applicable law, we may also record images of you, including footage from closed circuit televisions (CCTV) cameras or photographic images for badge issuance or other security or compliance purposes, as well as monitor your use of the Company’s IT systems and devices, where we have justifiable grounds for doing so, as discussed more fully below.
The above information may be held electronically and/or in hard copy form.

Why we process your personal information

The Company relies on several legal bases to use and process personal information about you, including that the processing is necessary for:

  • Company’s legitimate interests to establish and manage Company’s relationship with you and for related functions including for personnel and administrative purposes, such as:

    • Business processes such as maintaining business and statutory records, management analysis, audits, forecasts, planning, transactions, business continuity, grievance and disciplinary processes (including workplace investigations), diversity monitoring and labour risk prevention;

    • The security of the workplace, assets, workers and the personal information of workers, clients, and customers, including pre-employment checks, references and monitoring;

    • Implementation of extraordinary operations, such as mergers and acquisitions, transfer of business or transfer of a branch of the business, and entering into joint venture agreements; and

    • Programs and policies on training and development, job evaluation, rewards, planning, and organisation;

     

  • The performance of employment and services contracts, including human resource administration, payroll and provision of benefits, such as awards under equity plans;

  • Compliance with applicable laws and regulations and Company’s legal obligations, including foreign legal obligations, such as accounting and tax requirements and in relation to staff insurance and pensions;

  • For the purposes of carrying out the obligations and exercising rights under employment law;

  • For the purposes of preventative or occupational medicine, compliance with applicable health and safety laws and obligations, or to assess the working capacity of our staff;

  • Establishing, exercising or defending legal claims; and

  • Where applicable, on the basis of your consent (for example, enrolment in voluntary programs or benefits at your direction). You may subsequently withdraw consent provided by contacting office@loxleyhr.co.uk, without affecting the lawfulness of processing based on consent before its withdrawal.


We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need it for another purpose that is compatible with the original purpose and there is a legal basis for the further processing and where we have provided notice to you.

Monitoring use of IT systems

In order to carry out our legal obligations as an employer (such as ensuring employee compliance with the Company’s IT-related policies), and for other business reasons, the Company may monitor staff use of systems including telephone, email, voicemail, internet and other communications taking place in the workplace.
We may use automated software to perform such monitoring. Monitoring (including through hardware and software equipment and instruments) is carried out only to the extent permitted by and in compliance with applicable law or as required by applicable law and as necessary and justifiable for our legitimate business purposes.
For example, we may retrieve the contents of email messages or check internet usage (including pages visited and searches made) in order to (i) ensure compliance with our rules, standards of conduct and policies in force, (ii) recover lost messages due to computer failure, (iii) assist in the investigation of alleged wrongdoing, or (iv) comply with any legal obligation.

Retaining your personal information

The Company will only hold your personal information for as long as it is relevant to your working relationship with us or as long as necessary to comply with any legal obligation or to fulfil the above-listed purposes. We will then dispose of your information in accordance with applicable laws and regulations. If we anonymise your personal information so that you can no longer be identified from it, it is no longer considered personal information and we may use such information without providing any further notice to you. We have put in place reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information only to those who have a business need-to-know and they are subject to a duty of confidentiality. We will notify you and any applicable regulator of a suspected confidentiality breach where we are legally required to do so.

Keeping your personal information up-to-date

The Company will take all reasonable steps to ensure that your personal information is kept up-to-date and accurate. From time to time we may ask you to review and update the personal information we hold. In order for us to keep your personal information up-to-date, you must also inform us of any changes to the personal information we hold about you such as your name, address, and contact details.

Sharing your personal information

Sometimes we may need to share your personal information with other group companies and third parties, including but not limited to external suppliers of HR benefits, professional advisers, insurers, service providers, public bodies, a prospective employer, or a new (or prospective) owner in the event of a change (or prospective change) of ownership of the Company – see below for more details and third parties. We will only do so when necessary for legitimate business purposes. For example, your personal information may be sent to the following categories of recipients from time to time for the following reasons:
 

  • To other group companies that may carry out human resources shared services on our behalf for the purposes of human resource administration;

  • To a professional employer organization or similar staffing agency;

  • To external suppliers to administer your benefits on our behalf (e.g. providers of private health insurance or pension);

  • To our professional advisers and insurers;

  • To competent public corporations, government authorities and law enforcement as may be required by law, including regarding tax, labour, social security and similar matters;

  • To our carefully selected service providers appointed from time to time to provide services related to our business and under contract to us, such as processors of staff data, salary, expenses and other compensation information. Those service providers will be carefully selected and bound by appropriate contractual protections (such as to use appropriate measures to protect the confidentiality and security of personal information), where required by applicable data protection law;

  • To a prospective employer, for example in response to a reference request;

  • To any new (or prospective) owners, should there be a change (or prospective change) in the ownership of the Company, or business units or departments within the Company; and/or

  • To external parties as required by law or legal process, or as otherwise authorised by you.
     

Your personal information may be transferred to group companies operating in countries outside the UK. In addition, Company’s service providers and third parties with whom information is shared may be based outside the UK.
Data protection laws may or may not apply in jurisdictions outside the UK. In any case, The Company will ensure there are adequacy regulations in respect of the relevant country (or countries) or, if there are no such adequacy regulations, Company will implement appropriate measures to ensure that the relevant group companies and third parties outside the UK provide an adequate level of protection to your personal information as set out in this policy and as required by applicable law.

If you require further information regarding these protective measures, please contact office@loxleyhr.co.uk).

Your rights

You are entitled to request access to, rectification or erasure of personal information relating to you or restriction of processing, to object to processing of such information or, if applicable, request your personal data be ported (transferred) to another company and other rights in accordance with applicable law. We will be able to explain how to do this if you contact office@loxleyhr.co.uk. We will provide you with a response in accordance with applicable data protection law. Company may refuse to provide such information in limited circumstances under applicable law. In certain circumstances, we may also charge you a reasonable fee to access your personal data; however, we will advise you of any fee in advance. If, having considered the personal information we hold about you, you find that it is inaccurate or you otherwise have any concerns, you may request that your information be amended, erased or restricted in accordance with applicable requirements.

Securing your personal information

We take appropriate measures to ensure the security and confidentiality of the personal information from loss, misuse, unauthorised access, disclosure, alteration or destruction by using security precautions that provide for industry standard protections.

Status and amendments to this notice

This notice does not form part of your contract of employment or other contract for services with the Company and does not create contractual rights or obligations. The provisions of this notice may be altered by the Company from time to time. Any alteration or addition will be notified to staff in writing, by email or mail.

Contact Information

If you have a privacy concern or a question relating to this notice, please contact office@loxleyhr.co.uk. While we hope that we can answer any questions you may have, if you have unresolved concerns you also have the right to lodge a complaint before the Information Commissioner’s Office (the UK data protection regulator), as applicable.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: office@loxleyhr.co.uk

bottom of page