Privacy Policy

Novus People Advisory Ltd (“Novus”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, or use our HR consultancy services.

This policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
 
1. About us
Novus People Advisory Ltd is a UK-based HR consultancy providing employee relations, people management and HR advisory services to small and medium-sized businesses, start-ups and care providers.

For the purposes of UK data protection law, Novus People Advisory Ltd may act as either:

• a data controller where we determine how and why personal data is processed, such as for website enquiries, marketing communications and managing client relationships; or

• a data processor where we process personal data on behalf of client organisations when delivering HR consultancy, employee relations support, or workplace investigations.

Company details
Company name: Novus People Advisory Ltd
Email: hello@novuspeopleadvisory.co.uk
Website: www.novuspeopleadvisory.co.uk
 
2. Personal data we collect
We may collect and process the following categories of personal data.
Information provided directly by you

This may include:

• name

• email address

• telephone number

• organisation or company name

• job title or professional role

• information provided through contact forms, emails or other communications

Client and consultancy-related data

When providing HR consultancy services, we may process personal data provided by our clients relating to employees, workers, contractors or applicants. This may include:

• employment and role information

• performance or conduct information

• disciplinary or grievance information

• absence or sickness records

• professional contact details

Where this information relates to employees of our clients, we act as a data processor and handle the data strictly on behalf of the client organisation.

Special category data
During HR advisory or employee relations work, we may process special category data where necessary. This could include information relating to:

• health or medical conditions

• trade union membership

• diversity or equality monitoring data

Such data will only be processed where a lawful condition applies under Article 9 of the UK GDPR, including where processing is necessary for employment law obligations or the establishment, exercise or defence of legal claims.
Information collected automatically

When you visit our website, certain technical information may be collected automatically, such as:

• IP address

• browser type and version

• device type

• pages visited and interaction with the website

This information is used to monitor website performance and improve user experience.

3. How we use personal data
We use personal data for the following purposes:

• responding to enquiries and contact requests

• providing HR consultancy and employee relations services

• managing client relationships and service delivery

• maintaining internal business records

• improving our website and services

• complying with legal, regulatory and professional obligations

We will only process personal data where we have a lawful basis under UK data protection law.
 
4. Lawful basis for processing
Under UK GDPR, the lawful bases we rely on include:
 
Contract
Processing necessary for the performance of a contract with a client or in order to take steps before entering into a contract.
 
Legitimate interests
Processing necessary for the legitimate interests of operating and developing our business, provided these interests do not override individual rights.
 
Legal obligation
Processing required to comply with legal or regulatory requirements.
 
Consent
Where individuals voluntarily provide information or consent to certain communications.
 
Special category data
Where sensitive personal data is processed, we rely on the relevant conditions under Article 9 UK GDPR, including employment law obligations or the establishment, exercise or defence of legal claims.
 
5. Data security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

These measures may include secure systems, restricted access to confidential information, and the use of reputable IT and cloud service providers.

All personal data handled as part of HR consultancy services is treated with strict confidentiality.

6. Data retention
Personal data will only be retained for as long as necessary for the purposes for which it was collected.

Retention periods will depend on the nature of the information and legal requirements. In general:

• enquiry data may be retained for up to 12 months

• client service records may be retained for up to 6 years for legal and contractual purposes

• HR casework information may be retained in line with the relevant client organisation’s retention policies

• ​

Data that is no longer required will be securely deleted or anonymised.

7. Sharing personal data
We do not sell or trade personal data.

We may share information with trusted third parties where necessary to support our business operations. These may include IT service providers, website hosting providers and professional advisers such as accountants or legal advisers.
Where personal data is processed on behalf of a client organisation, it will only be used in accordance with the client’s instructions and the terms of the consultancy engagement.

8. International data transfers
Some service providers used to support our operations may process or store data outside the United Kingdom.
Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law, such as recognised adequacy decisions or appropriate contractual safeguards.

9. Individual rights
Under UK data protection law, individuals have several rights regarding their personal data. These include the right to:

• request access to personal data we hold about them

• request correction of inaccurate or incomplete information

• request erasure of personal data where appropriate

• restrict or object to certain types of processing

• request transfer of personal data to another organisation where applicable

Requests can be made by contacting us using the details provided in this policy.

10. Cookies and website analytics
Our website may use cookies or similar technologies to improve functionality and understand how visitors use the site.
Cookies are small files placed on your device when visiting a website. You can manage or disable cookies through your browser settings.

Where required, a cookie notice or banner will be presented on the website.
 
11. Complaints
If you have concerns about how your personal data has been handled, you can contact us directly.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or our business practices. The most current version will always be available on our website.