Data Protection Statement of hronline which is owned and operated by BrightHR Limited

We will use the personal data provided to us only for its intended purpose, and in accordance with the requirements of the Data Protection Act 1998 and the General Data Protection Regulation 2018.

hronline will only process personal data in accordance with the User’s instructions; the User retains the responsibilities of the data controller and determines the purposes and means of processing personal data.

The General Data Protection Regulation 2018 defines the rights of the individuals.  The User has the responsibility for delivering those rights as the data controller.

This statement sets out how the information on hronline is to be used. The information provided by which employees can be identified, will only be used in accordance for its intended purpose in accordance with this statement.

What information will be collected?

The following information about employees may be collected:

  • Name
  • Address
  • Date of Birth
  • Job title
  • Contact details, for example, details of next of kin
  • Ethnic origin
  • Immigration status details i.e. passport number/visa number and expiry dates
  • Company vehicle details
  • National Insurance Number/PPS Number
  • Terms and conditions of employment including employee benefits
  • Information relating to employment, i.e. absence records, development records, annual leave entitlement, and disciplinary and grievance matters. This information may be collected via application for employment forms, personal details forms, personnel files, records and any subsequent amendments to such documents.

What is the information used for?

Clients of hronline will use the information to maintain current and accurate employee records, which can be used for such purposes as staff administration, payroll, equal opportunities monitoring, absence monitoring, annual leave records, and other employment related matters.

Personal Data will not be used for any other purpose outside of the scope of your employment.

Right to Rectification

Should an employee, whose details appear on hronline, find any information held about them is incorrect they should notify their line manager at the earliest available opportunity, so that they can address the matter. 

Right to Erasure

Should an employee, whose details appear on hronline, request the right to erasure, the User must determine whether they have that right.  If so, they should remove the user’s record from the system ensuring they delete rather than terminate the user records.

Right of Access

Should an employee, whose details appear on hronline, request access to their information, the User must grant the employee access to the system or the User should provide the employee the output of the ‘Employee Information’ Report.

Retention of hronline records

If a client of hronline terminates their service agreement with BrightHR Limited, remaining data will be retained for a period of 12 months after their service agreement ends before being deleted. This does not affect an individual’s right to erasure.  The data during the 12 month period will be held securely as described under the Security section below.


We are committed to ensuring that employee information is kept secure at all times, and we will implement appropriate technical and organisational measures against the unauthorised or unlawful disclosure of such information, and so as to prevent its accidental loss, destruction or damage.

Personal access to hronline will only be via a secure username and password. The username and password for each individual is unique and only allows access to their own personal information. Only certain authorised staff, who are required to have access to the personal information of other employees for the purposes of their job role, will be authorised and will have the necessary access rights to do so. They will receive relevant training and will be asked to agree to abide by the terms of this Data Protection Statement.

All users of hronline should keep their unique user and password strictly confidential. Users of hronline must notify us if they become aware of any unauthorised access, and we will notify clients of hronline should we become aware of any security breach involving loss, corruption or theft of employee information.

Storage and Encryption

The data stored on hronline is kept securely in our on-site data centre in Manchester, UK. The information is replicated to an offsite-hosted environment for disaster recovery purposes. We use 128 Bit SSL Encryption for the transportation of data and a Hash Algorithm 128 Bit for passwords. Our systems are periodically penetration tested and kept up to date with ISO 27001 best practices.


No personal information held on hronline will be passed to third parties, without the consent of the individual employee concerned, unless such disclosure is legally required in accordance with provisions of the Data Protection Act 1998 or General Data Protection Regulation 2018.