Privacy Statement

Last Updated: 22 Sept 2025

 

Introduction

Neathouse Partners Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.
This privacy policy explains how we collect, use, and safeguard your personal data when you engage with our services or visit our website, in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Important Information and Who We Are

Controller
Neathouse Partners Ltd is the data controller responsible for your personal data.

Contact details
If you have any questions about this policy or your data rights, please contact our Data Privacy Manager:

You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk. We would, however, appreciate the chance to resolve your concerns before you contact the ICO.

The Data We Collect

We may collect, use, and store different categories of personal data, including:

  • Contact Data: name, job title, address, phone numbers, email addresses.
  • Identity Data: details of employees of clients, including job information, HR and employment records, disciplinary and grievance records, sickness and leave details, performance information, and diversity data.
  • Financial Data: bank details, payment card details.
  • Transaction Data: details of services provided and payments made.
  • Usage Data: information on how you use our services.
  • Marketing and Communications Data: your preferences for receiving communications from us.
  • Special Category Data: health information, diversity data, trade union membership, criminal conviction data (where relevant to services provided).

We only process special category data when necessary for providing our HR, Employment Law, or Health & Safety services, and only under lawful bases such as explicit consent, legal obligation, or legitimate interest.

Children’s data
We provide services on a business-to-business (B2B) basis only and do not knowingly collect or process children’s data.

How We Collect Data

We collect personal data in several ways, including:

  • Direct interactions (contracts, forms, calls, emails).
  • During the course of providing our services.
  • Through website use (see “Cookies” below).

How We Use Personal Data

We only process personal data where the law allows. Typical purposes include:

  • Delivering contracted services.
  • Managing payments and invoices.
  • Providing advice and documentation.
  • Sending marketing communications (where not opted out).
  • Administering our website, systems, and business.

We rely on different lawful bases for processing, including contract performance, legitimate interests, legal obligations, and (for marketing to non-clients) consent.

Marketing

We send marketing communications to both clients and prospects using HubSpot.

  • For clients, we rely on the “soft opt-in” under PECR unless you opt out.
  • For prospects, we rely on explicit consent.

You may opt out of marketing at any time by following the unsubscribe link in emails or contacting us at info@neathousepartners.com.

We will never sell your personal data to third parties for marketing purposes.

Cookies and Website Tracking

Our website uses cookies and similar technologies to improve functionality, analyse site traffic, and deliver targeted advertising.

  • We use Google Analytics (website performance and visitor analysis).
  • We use Google Ads and Microsoft Ads (advertising and remarketing).

Non-essential cookies (such as analytics and advertising cookies) are only placed where you have opted in via our cookie banner. You can change or withdraw your cookie consent at any time using the cookie tool on our website or through your browser settings.

Disclosures of Data

We may share personal data with:

  • Service providers (e.g. IT and system administration providers, Microsoft, HubSpot).
  • Professional advisers (lawyers, accountants, insurers).
  • HMRC, regulators, and authorities where legally required.

All third parties are required to respect the confidentiality and security of your data and act only on our instructions.

International Transfers

Some of our service providers (e.g. Microsoft, HubSpot) may transfer personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as adequacy regulations or International Data Transfer Agreements.

Data Security

We implement security measures to protect personal data from loss, misuse, unauthorised access, disclosure, or alteration. Access is limited to those with a business need and subject to confidentiality obligations.

In the event of a data breach, we will notify affected parties and the ICO where legally required.

Data Retention

We keep personal data only as long as necessary for the purposes it was collected, including satisfying legal, regulatory, and tax obligations.

In practice, we retain data for the duration of your service agreement and for a reasonable period thereafter, for example where there is a potential risk of legal claim.

Your Legal Rights

Under data protection law, you have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate data.
  • Request erasure of data where no longer necessary.
  • Object to processing based on legitimate interests or direct marketing.
  • Request restriction of processing.
  • Request transfer of your data to another party.
  • Withdraw consent where processing is based on consent.

We normally respond within one month. To exercise your rights, please contact us at info@neathousepartners.com.

Important limitations

  • These rights apply only to living individuals. Companies, LLPs, or other organisations cannot make data subject access requests.
  • Where a request is excessive, manifestly unfounded, or repetitive, we may lawfully refuse it or charge a reasonable administrative fee.

We may also withhold information where disclosure would adversely affect the rights of others or where exemptions under the Data Protection Act 2018 apply (for example, where data is subject to legal professional privilege).