This is the privacy notice of Cadman HR. In this document, "we", "our", or "us" refer to Cadman HR. We are company number 08953908 registered in England. Our registered office is at 340A Aldridge Road, Sutton Coldfield, B74 2DT. Our data protection officer (DPO) is Debra Cadman, who can be contacted at .
We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information. We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
Data we may process
We may collect, use, store and transfer different kinds of personal data about you. We have collated these into groups as follows:
Your identity which would include your name and title
Your contact information which may include your billing address, email address, telephone number and any other information you give to us for communication
Your financial data includes information such as your bank account and payment card details.
Transaction data includes details about payments or communications to and from you and information about products and services you have purchased from us.
Technical data includes you internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Marketing data includes your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
Uses made of the information
We only use your personal information when one or more of the following apply:
It is necessary for the preparation and/or performance of a contract with you
It is necessary for compliance with a legal obligation
It is necessary to protect your vital interests (e.g. immediate health needs)
It is necessary for the purposes of legitimate interests
We have consent that is freely given, informed, specific and explicit.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Any links offered to other websites made via an affiliate link will be declared at the time.
If you have previously subscribed to any of our newsletters online, you may unsubscribe at any time from a direct link contained in all our emails. If you cannot see this link, then do get in touch with us direct by emailing us at and we will gladly remove your details.
Access to Information
Subject Access Requests should be marked as such and addressed in writing (electronic or paper) to the DPO. Subject Access requests will be responded to within one month. If a Subject Access request is considered to be manifestly unfounded or excessive, it will be declined, and the reason explained in writing within one month. In such a case the person making the request will have the right to complain to the supervisory authority and to a judicial remedy.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
In the case of a personal data breach, the person who identifies it, should report it immediately to the DPO and be prepared to support the investigation and resolution of a breach.
The DPO decides whether or not:
The Information Commissioner’s Office (ICO) should be informed, which is necessary in the event that it is likely to result in a risk to the rights and freedoms of individuals, e.g. it could result in discrimination, damage to reputation, financial loss, loss of confidentiality.
Those directly concerned should be informed, which is necessary in the event that the breach may result in a high risk to the rights and freedoms of individuals.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
to provide you with the services you have requested;
to comply with other law, including for the period demanded by our tax authorities;
to support a claim or defence in court.
Changes to our policy