Independent HR Consultant

Privacy Policy

Effective date: 1 February 2026

MMB HR Consulting is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you interact with us, including when you visit our website, contact us, or engage our services.

References to “we”, “us” or “our” in this policy refer to Maria Makassy Brander, trading as MMB HR Consulting.

This policy may be updated from time to time. Please review it periodically to ensure you are comfortable with any changes.

1. Who we are

Controller
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, MMB HR Consulting is the data controller unless otherwise agreed in writing.

Contact details
Email: hello@mmbhr.com
Website: http://www.mmb-hr.com

You have the right to raise concerns with the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the opportunity to address any concerns directly in the first instance.

2. The personal data we collect

We may collect and process the following types of personal data, depending on how you interact with us:

  • Identity data – name, job title, organisation
  • Contact data – email address, telephone number, business address
  • Business-related information – information relevant to HR support or advisory services
  • Website usage data – limited technical information such as IP address and browser type (via cookies, where applicable)

When providing HR services, we may process employee-related personal data on behalf of clients, including special category data. In these cases, we act as a data processor, and processing is governed by a Data Processing Agreement.

3. How we collect personal data

We collect personal data through:

  • Direct contact (email, telephone, website contact forms)
  • Contractual engagements with clients
  • Limited automated technologies when you visit our website (cookies)

4. How we use your personal data

We only use personal data where permitted by law. Most commonly, we use it to:

  • Provide HR consulting and advisory services
  • Communicate with clients and prospective clients
  • Manage contractual and commercial relationships
  • Meet legal, regulatory, or professional obligations
  • Improve our website and services

We do not sell personal data or use it for unrelated purposes.

5. Lawful basis for processing

We process personal data under one or more of the following lawful bases:

  • Performance of a contract
  • Legitimate interests, where these are not overridden by your rights
  • Legal obligations
  • Consent, where required (e.g. marketing communications)

You may withdraw consent at any time by contacting us.

6. Data sharing

We may share personal data only where necessary and appropriate, including with:

  • Professional advisers (e.g. accountants, insurers, legal advisers)
  • IT and system providers supporting our business
  • Regulatory authorities where legally required

All third parties are required to respect confidentiality and data protection obligations.

7. Data security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure devices and password protection
  • Restricted access to personal data
  • Secure cloud-based storage
  • Confidential handling of HR-related information

We have procedures in place to respond to any suspected data breaches and will notify affected parties and regulators where legally required.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, tax, or regulatory requirements.

Client and contractual records are typically retained for up to six years after the end of the engagement, in line with legal obligations. Data is securely deleted or anonymised when no longer required.

9. Your rights

Under UK data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data (in certain circumstances)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent where processing relies on consent

Requests can be made by contacting us using the details above. We may need to verify your identity before responding.

10. Cookies and website links

Our website may use limited cookies to understand how visitors use the site and to improve functionality. You can control cookies through your browser settings.

Our website may include links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

11. Changes to this policy

We keep this Privacy Policy under regular review and may update it from time to time. Any significant changes will be clearly communicated on our website.