Privacy Policy

Privacy Policy – ContactHR

Effective Date: 01/01/2026

Last Updated: 23/03/2026

1. Introduction

This Privacy Policy explains how The Utility Group Ltd ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the ContactHR platform.

ContactHR is a cloud-based HR management system designed to help organisations manage employee records, documentation, leave, and HR processes.

We are committed to protecting personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Data Controller (for website visitors and account holders):
The Utility Group Ltd

Registered Office:

Vinegar House
39 Foregate Street
Worcester
Worcestershire
England
WR1 1DJ

Contact Email:
privacy@theutilitygroup.co.uk

For personal data processed within the ContactHR platform on behalf of customers, we act as a Data Processor.

3. Data We Collect

We may collect and process the following categories of personal data:

3.1 Account & Business Information
  • Name
  • Company name
  • Email address
  • Phone number
  • Billing details
  • Account login credentials
3.2 Employee Data (Processed on behalf of customers)
  • Employee names
  • Contact details
  • Job roles and employment information
  • Absence and holiday records
  • HR documents and files
  • Disciplinary and performance records
  • Other HR-related data uploaded by customers

This data is uploaded and controlled by our customers. We process it strictly on their documented instructions.

3.3 Usage Data
  • IP address
  • Browser type and device information
  • Login activity
  • Platform usage and interaction data
3.4 Technical Data
  • Cookies and tracking technologies
  • System logs
  • Error reports

4. How We Use Personal Data

We use personal data for the following purposes:

  • To provide, operate, and maintain the ContactHR platform
  • To manage user accounts and subscriptions
  • To provide customer support and respond to enquiries
  • To improve system performance, functionality, and user experience
  • To monitor usage and ensure platform security
  • To detect and prevent fraud or misuse
  • To comply with legal and regulatory obligations

We do not sell personal data to third parties.

5. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity – to provide our services
  • Legitimate interests – for platform improvement, analytics, and security
  • Legal obligation – to comply with applicable laws and regulations
  • Consent – where required (e.g. marketing communications)

6. Data Processing Role

For clarity:

  • Customers (Employers) act as Data Controllers
  • ContactHR / The Utility Group Ltd acts as a Data Processor

We process employee data:

  • Only on documented instructions from our customers
  • Solely for the purpose of delivering the ContactHR service

A Data Processing Agreement (DPA) forms part of our Terms of Service.

7. Data Sharing

We may share personal data with:

7.1 Service Providers

Third-party providers who support delivery of our services, including:

  • Cloud hosting providers
  • Payment processors
  • Email and communications platforms

All service providers are subject to appropriate contractual and data protection safeguards.

7.2 Legal and Regulatory Authorities

Where required to comply with legal obligations, court orders, or regulatory requirements.

8. International Data Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)

9. Data Retention

We retain personal data only for as long as necessary:

  • Account and billing data: duration of the contract plus applicable legal retention periods
  • Employee data: as instructed by the customer (data controller)
  • System logs and technical data: typically retained for between 6 and 24 months

Customers are responsible for determining appropriate retention periods for employee data.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Secure cloud infrastructure
  • Monitoring, logging, and auditing of system activity

11. Your Rights

Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of their data
  • Restrict processing
  • Object to processing
  • Request data portability

Where personal data is processed on behalf of a customer (employer), requests should be directed to that organisation as the data controller.

12. Cookies

We use cookies and similar technologies to:

  • Enable core platform functionality
  • Analyse usage and performance
  • Improve user experience

You can manage cookie preferences through your browser settings. A separate Cookie Policy may apply.

13. Third-Party Links

Our website or platform may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any updates will be published on this page with an updated revision date.

15. Contact and Complaints

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Email: privacy@theutilitygroup.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.