‍ ‍

Website Privacy Policy - The Little HR Department (Trading name of Astraea HR Limited)

‍ ‍

Last updated: March 2026

‍ ‍

The Little HR Department (“we”, “our”, “us”) is the trading name of Astraea HR Limited. We take your privacy seriously and are committed to handling all personal information lawfully, fairly, and transparently.

‍ ‍‍ ‍

This Privacy Policy explains what information we collect when you use our website or interact with us, how we use it, who we share it with, and your rights under UK data protection law.

‍ ‍

1. Who We Are

Astraea HR Limited (trading as The Little HR Department)

Company number: 12073106

Registered office: Unit 11, Riverside Park, Farnham, Surrey GU9 7UG

‍ ‍

Email: hello@thelittlehrdepartment.com

  • We act as a data controller for information collected through our website and for our internal business operations.

  • We may act as a data processor on behalf of our business clients when providing outsourced HR services.

‍ ‍

2. The Information We Collect

‍We may collect the following personal data depending on how you interact with us:

‍ ‍

Information you provide:

·         Newsletter sign-ups

·         Contact form enquiries

·         Resource downloads

·         Event and Training registrations

‍ ‍

This may include: name, email address, phone number, company name, job title, enquiry details, marketing preferences.

‍ ‍

Information from business clients:

·         Business contact information, service details, contract details.

Employee data processed on behalf of clients:

·         Employee contact details, employment records, HR case information, HR documents.

Website analytics:

·         IP address, device information, browser type, pages visited, access times.

3. How We Use Personal Data

‍ We use your data to:

·         Respond to enquiries

·         Provide information about our services

·         Manage client relationships

·         Send newsletters and updates (you may unsubscribe)

·         Deliver HR services and advise to clients

·         Support HR processes and investigations

·         Analyse and improve website performance

‍ ‍‍ ‍

4. Lawful Bases for Processing

‍ ‍We rely on:

·         Legitimate interests – e.g. responding to queries, maintaining CRM data, to access tools which allow us to run our business

·         Contract – e.g. being able to meet our contractual obligation to clients.

·         Legal obligation – e.g. right to work checks, helping clients meet statutory obligations

·         Consent e.g. for newsletters

‍ ‍

Where we act as a processor, the client determines the lawful basis.

‍ ‍

5. Cookies

Our website uses cookies to enable functionality, improve performance, and analyse usage. You can control cookies through your browser settings.

‍ ‍

6. Who We Share Personal Data With

‍ ‍We only share personal data, when necessary, with trusted providers, including:

Website & communication tools:

·         Squarespace (global processing including the US)

·         Newsletter or CRM providers (MailChimp)

‍ ‍HR & business systems:

·         Breathe HR: EU data hosting (London)

·         Hireful: EU hosting, or, where outside of EU, countries approved by the UK Government Directly or via a Uk-US data bridge, or via contracts that ensure compliance with GDPR requirements, e.g. Standard Contract Clauses.

·         ClickUp: primarily US-based hosting, some external processing even with EU region. Click-up ensure all data held is fully compliant with GDPR regulations. All sub-processors are subject to Data processing Agreements with ensure compliance with GDPR.  

·         Microsoft 365: international transfers under GDPR safeguards

·         Adobe: global transfers under SCCs and adequacy mechanisms

‍ Other 3rd party providers, vendors or consultants, such as:

·         IT Support service providers, payment providers, and administrative providers

·         Government bodies and regulators as required, e.g. HMRC, fraud preventions

·         Advisors such as lawyers, accountants, auditors

·         Associates (third party HR Associates who we may use to provide additional client support from time to time)

We will ensure that there are appropriate confidentiality agreements in place, and that where data is shared with suppliers, vendors or consultants, they are obligated to manage all data in line with GDPR requirements.

‍ ‍

We do not sell your data.

‍ ‍‍ ‍

7. International Data Transfers

‍ Some providers process data outside the UK/EU.

We ensure lawful safeguards including:

·         Standard Contractual Clauses (SCCs) which ensure that data is processed and managed at GDPR standards

·         Adequacy decisions (e.g., UK-US Data Bridge), which meet UK Government requirements to confirm they have adequate data protection standards in place and are therefore data can be shared.

·         Transfer Impact Assessments where required.

‍ ‍‍ ‍

8. How Long We Keep Data

‍ ‍We retain data only as long as necessary:

·         Website enquiries: varied dependent on nature of query, but no longer than necassary

·         Newsletter subscribers: until you unsubscribe

·       Client & HR records: based on legal requirements and instructions

·       Business records: typically, up to 6 years

9. How We Protect Your Data

‍ ‍Safeguards include:

·         Secure hosting

·         Access controls

·         Encryption (where applicable)

·         Confidentiality and training for employees

·         Data processing agreements

‍ ‍‍

10. Your Rights

‍ You have the right to:

·         Access your data

·         Correct inaccuracies

·         Request deletion

·         Object to processing

·         Withdraw consent

·         Request portability

‍ ‍

Contact: hello@thelittlehrdepartment.com

You may also complain to the ICO at www.ico.org.uk

‍ ‍

11. Updates to This Policy

‍ We may update this Privacy Policy from time to time. The latest version will always be published on our website.

‍ ‍