Privacy Policy

Arundell People Services Privacy Policy

Effective Date: 1 September 2025

Last Updated: 1 September 2025

1. Introduction

Arundell People Services ("APS," "we," "us," or "our") is a consultancy specialising in complex investigations, coaching, HR strategy design and mediation services. We are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains how we collect, use, and process personal data when you visit our website, contact us, or engage with our services.

For the purpose of the UK GDPR and the Data Protection Act 2018, APS is the Data Controller responsible for your personal data.

2. Our Contact Details

Detail

Information

Full Name of Legal Entity

Arundell Group Ltd

Email Address

Enquiries@arundellpeopleservices.com

Postal Address

Former Atherstone College, Ratcliffe Road, Atherstone, Warwickshire, CV9 1LF

ICO Registration Number

13560329

3. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

Category

Description

Identity Data

Name (First, Last), Title.

Contact Data

Email address, Telephone number, Business/Company Name, Business Address.

Technical Data

Internet Protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.

Usage Data

Information about how you use our website, services, and products (e.g., pages viewed, time spent on site).

Communication Data

Your preferences in receiving marketing from us and your communication preferences, and any correspondence you send to us via email or contact forms.

We do not generally collect Special Categories of Personal Data (such as race, religion, sexual orientation, political opinions, or health data) via our website. If such data is necessary for a specific consultancy engagement, it will be handled under a separate, detailed data processing agreement (DPA) established with our client (the Data Controller for that project).

4. How We Collect Your Personal Data

We use different methods to collect data from and about you, including:

Direct Interactions: You may give us your Identity, Contact, and Communication Data by filling in forms on our website (e.g., the 'Contact Us' form), by corresponding with us by email or post, or when engaging us for services.
Automated Technologies or Interactions: As you interact with our website, we automatically collect Technical and Usage Data. We collect this personal data by using cookies, server logs, and other similar technologies.
Third Parties: We may receive Personal Data about you from third parties such as:
- Analytics providers (e.g., Google Analytics).
- Technical, payment, and delivery service providers.
- Lead generation or networking services.

5. How and Why We Use Your Personal Data (Lawful Basis)

We will only use your personal data when the law allows us to. This is known as a "lawful basis." The most common lawful bases we rely on are:

Purpose for Processing

Type of Data Used

Lawful Basis for Processing

To respond to your general enquiries and requests.

Identity, Contact, Communication

Necessary for our Legitimate Interests (to grow our business, and communicate with prospective clients).

To manage our relationship with you, including service contracts and billing.

Identity, Contact, Communication

Necessary for the Performance of a Contract with you or to take steps at your request before entering into one.

To deliver relevant website content and advertisements to you and measure their effectiveness.

Identity, Contact, Technical, Usage

Necessary for our Legitimate Interests (to study how clients use our products/services, to develop them, and inform our marketing strategy).

To use data analytics to improve our website, services, and user experience.

Technical, Usage

Necessary for our Legitimate Interests (to define customer types for our services, keep our website updated and relevant, and improve our operations).

To comply with legal and regulatory obligations.

Identity, Contact, Communication

Necessary to comply with a Legal Obligation.

6. Disclosure of Your Personal Data

We may need to share your personal data with the parties set out below for the purposes outlined in Section 5:

Service Providers: Third-party service providers who provide website hosting, IT administration, marketing automation, or system security services (e.g., Google Analytics, CRM systems).
Professional Advisers: Lawyers, bankers, auditors, and insurers who provide professional advice.
Legal/Regulatory Bodies: HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
Business Transfers: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.1

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Generally, we retain:

Contract and Billing Data: For six years after we cease providing services to comply with legal/tax obligations.
Marketing Data: Until you opt-out or ask us to stop sending you marketing messages.
Enquiry Data: For a maximum of 12 months if a lead does not convert into a client, unless legal grounds require otherwise.

9. Your Legal Rights

Under UK data protection law, you have rights in relation to your personal data. These rights include:

The Right to be Informed: To be informed about how your personal data is being used (which is what this policy does).
The Right of Access: To request a copy of the personal data we hold about you (commonly known as a "data subject access request" or DSAR).
The Right to Rectification: To ask us to correct incomplete or inaccurate data we hold about you.
The Right to Erasure (or 'Right to be Forgotten'): To ask us to delete or remove personal data where there is no good reason for us to continue processing it.
The Right to Restrict Processing: To ask us to suspend the processing of your personal data in certain scenarios.
The Right to Data Portability: To request the transfer of your personal data to you or a third party.
The Right to Object: To object to the processing of your personal data where we are relying on a legitimate interest.

If you wish to exercise any of these rights, please contact us using the details in Section 2.

10. How to Complain

We are regulated by the Information Commissioner’s Office (ICO). If you have any concerns about how we use your personal data, you can contact us first to resolve the issue.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

ICO Contact Information:
- Website: https://www.ico.org.uk
- Helpline: 0303 123 1113

11. Changes to This Privacy Policy

We keep our Privacy Policy under regular review. This version was last updated on the date listed at the top of the policy. We may notify you of material changes where appropriate, but we encourage you to check this page periodically for updates.

Privacy Policy

This website uses cookies.