Agile HR Community Privacy Policy
Last updated: 01 February 2026
1. Introduction
This privacy notice explains how Agile HR Community collects and processes your personal data when you use our website: www.agilehrcommunity.com.
We are committed to protecting your personal data and complying with applicable data protection laws in England and Wales, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By providing your personal data to us, you confirm that you are 13 years of age or older.
2. Who We Are
Agile HR Community and its Director, Riina Hellström, are the data controllers responsible for your personal data.
Legal entity name: Agile People Ops Limited
Registered address: 20 Wenlock Road, London, N1 7GU, United Kingdom
We have appointed a Data Protection Officer (DPO) to oversee privacy-related matters.
Data Protection Officer:
Riina Hellström – Founder & Director
For privacy enquiries, please contact:
📧 hi (at) agilehrcommunity.com
It is important that the personal data we hold about you is accurate and up to date. Please notify us of any changes.
3. The Personal Data We Collect
“Personal data” means any information that can identify an individual. It does not include anonymised data.
3.1 Categories of Data
We may collect and process the following categories of personal data:
Communication Data
Includes messages sent via contact forms, email, social media, or other communications.
Purpose: communication, record-keeping, legal claims
Lawful basis: legitimate interests
Customer Data
Includes name, title, billing address, delivery address, email address, phone number, purchase details, and payment confirmation.
Purpose: providing goods and services, transaction records
Lawful basis: performance of a contract
User Data
Includes data on how you use our website and content you choose to publish.
Purpose: website operation, security, administration
Lawful basis: legitimate interests
Technical Data
Includes IP address, browser type, device data, page views, navigation paths, time zone settings.
Source: analytics and tracking technologies
Purpose: analytics, website security, business growth
Lawful basis: legitimate interests
Marketing Data
Includes marketing preferences and communication choices.
Purpose: promotions, events, content delivery, advertising analysis
Lawful basis: consent or legitimate interests
4. Sensitive (Special Category) Data
We do not collect special category data, including:
race or ethnicity
religious or philosophical beliefs
health data
sexual orientation
political opinions
trade union membership
biometric or genetic data
criminal convictions or offences
5. How We Collect Your Data
We collect personal data:
Directly from you (forms, emails, event registrations)
Automatically via cookies and similar technologies
From third parties, including:
analytics providers (e.g. Google)
advertising platforms (e.g. Meta/Facebook)
payment and technical service providers
From publicly available sources, such as Companies House
6. Marketing Communications
We may send marketing communications where:
you have given consent; or
you have previously engaged with us and not opted out (soft opt-in under PECR)
If you are a corporate subscriber (e.g. limited company email), we may send marketing communications without prior consent, subject to your right to opt out.
You can opt out at any time by:
using unsubscribe links in emails; or
emailing [email protected]
Opting out of marketing does not affect service-related communications.
7. Disclosures of Your Personal Data
We may share your personal data with:
IT and system administration providers (i.e. the platforms we use to deliver our services, LMS, our operating system, email system)
Professional advisers (lawyers, accountants, insurers)
Government or regulatory bodies where legally required
Third parties involved in a business sale, transfer, or merger
All third parties are required to process your data securely and in accordance with the law.
8. International Data Transfers
Some of our service providers are located outside the UK.
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
UK adequacy regulations
International Data Transfer Agreements (IDTAs)
UK Addendum to EU Standard Contractual Clauses
Where no safeguard is available, we will obtain your explicit consent before transfer.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure.
Access is limited to employees and partners with a legitimate business need and subject to confidentiality obligations.
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
Customer and transaction records: 6 years (tax/legal compliance)
Marketing data: until consent is withdrawn
Anonymised data may be retained indefinitely for research or statistical purposes
11. Your Legal Rights
Under UK data protection law, you have the right to:
access your personal data
correct inaccurate data
request erasure
restrict processing
object to processing
data portability
withdraw consent (where applicable)
To exercise your rights, contact: [email protected]
You will not usually be charged a fee. We may refuse or charge a reasonable fee for manifestly unfounded or excessive requests.
We aim to respond within one month.
12. Complaints
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):
We would appreciate the opportunity to resolve your concerns first.
13. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy notices separately.
14. Cookies
We use cookies to:
improve website functionality
analyse usage
personalise content
You can manage cookie preferences through your browser or cookie banner. Disabling cookies may affect site functionality.
