Website Privacy Notice | Harmony at Home

  1. Introduction

Harmony at Home is a franchise business with several independent branches operating throughout the UK.

Each Harmony at Home franchise branch is a separate legal entity and is independently responsible for its own data protection compliance, including its own role as a data controller and its own Privacy Policy.

Harmony at Home branches may share personal data where necessary to provide childcare and household staffing recruitment services.

This Privacy Notice explains how Harmony at Home Limited and, where applicable, Harmony at Home franchisees collect, use, store, and protect your personal data.

We and our franchisees are independent data controllers under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). This means each entity is responsible for deciding how and why it processes personal data in relation to its own activities.

If you have any questions about how your personal data is used, please contact:

Data Protection Officer
Harmony at Home Limited
Cube House, Unit 37
Bell Lane
Uckfield
East Sussex
TN22 1QL

Email: privacy@harmonyathome.co.uk

We will only process your personal data in accordance with this Privacy Notice.

Any updates to this Privacy Notice will be published on this page. Previous versions may be requested by contacting privacy@harmonyathome.co.uk.

If you are a work seeker, you should read this Privacy Notice together with our Work Seeker Privacy Notice, which provides more detailed information about how we collect, use, and protect your personal data in relation to recruitment services. You can access our Work Seeker Privacy Notice here: https://www.harmonyathome.co.uk/statement-for-work-seeker-data-protection

  1. Data Controller

The controller responsible for Harmony at Home Limited’s processing activities is:

Data Protection Officer

Harmony at Home Limited
Cube House, Unit 37
Bell Lane
Uckfield
East Sussex
TN22 1QL

 

Where you interact with a Harmony at Home franchise branch, that franchise branch may act as an independent data controller and will be responsible for its own processing activities.

  1. Personal Data We Collect

We collect personal data directly from you when you:

  • Register as a client
  • Register as a candidate or work seeker
  • Provide candidate references
  • Contact us about our services
  • Apply for employment opportunities
  • Purchase products or services
  • Attend training courses
  • Apply for a franchise

 

The type of personal data we collect may include:

  • Contact details
  • Identity information
  • Employment and recruitment information
  • References
  • Financial and transaction information
  • Communication records
  • Website usage information
  1. How We Use Your Personal Data

We use your personal data to:

  • Verify your identity and maintain security
  • Provide recruitment and staffing services
  • Identify suitable job opportunities
  • Support childcare safeguarding requirements
  • Manage client and candidate relationships
  • Deliver and improve our services
  • Meet legal and regulatory obligations
  1. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contract

Where processing is necessary to provide our services, including recruitment and staffing services.

Legal obligation

Where we are required to process information to comply with legal requirements, including safeguarding, tax, and regulatory obligations.

Legitimate interests

Where processing is necessary for our legitimate business interests, such as operating our services, improving our systems, maintaining security, and matching clients and candidates.

We ensure these interests do not override your rights and freedoms.

Consent

Where required, we rely on your consent, including for certain marketing activities and non-essential cookies.

You may withdraw consent at any time.

  1. How We Store Your Personal Data

We store personal data securely using appropriate technical and organisational measures.

Our systems include:

  • Secure UK-based ISO27001:2013-certified data infrastructure
  • Encryption measures including SSL/TLS
  • Access controls and security procedures
  1. Website Analytics and Automated Data Collection

When you visit our website, we may collect technical information including:

  • IP address
  • Browser type
  • Device information
  • Screen resolution
  • Website usage information

 

We use this information to:

  • Maintain website security
  • Improve website performance
  • Understand how visitors use our website

 

Some information may potentially identify you when combined with other information.

Further information is available in our Cookie Policy.

  1. Third-Party Services We Use

We use selected third-party providers to support our services.

Website Hosting

20i Ltd Hosting

20i Ltd processes website logs to help identify faults, security issues, and suspicious activity.

Information collected may include IP address, browser information, requested resources, and timestamps.

Retention period: 90 days.

Lawful basis: Legal obligation.

Website Analytics

Google Analytics

Used to understand website usage and improve performance.

Lawful basis: Consent where cookies are used.

Advertising

Google Ads and Facebook Pixel

Used to measure advertising performance and improve marketing effectiveness.

Lawful basis: Consent.

Location Services

Google Maps and OpenStreetMap

Used to support location-based searches for clients and candidates.

Lawful basis: Legitimate interests.

Email Services

SendGrid

Used to send service-related communications, including registration emails and job alerts.

Lawful basis: Legitimate interests.

  1. Disclosure of Personal Data

We may share personal data with:

  • Website, IT, hosting, and system providers, including FEA Create, which provides our website platform and CRM system
  • Payment processors, accounting and bookkeeping providers, including Xero
  • Call answering and customer support providers, including Nannytax
  • Professional advisers including lawyers, accountants, auditors, insurers, and bankers
  • HM Revenue & Customs, regulators, and authorities where legally required
  • Marketing and communication providers
  • Cloud storage and collaboration providers, including OneDrive, Dropbox, Zoom, Microsoft Teams
  • Affiliated business partners where applicable
  • Parties involved in mergers, acquisitions, or business transfers
  • Fraud prevention and security providers
  • Franchisees acting as independent data controllers

 

Where franchisees receive personal data, they process it under their own Privacy Policy and legal obligations.

All organisations receiving personal data must protect it and comply with applicable data protection laws.

  1. International Transfers

Some service providers may process personal data outside the UK or European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, including:

  • Transfers to countries recognised as providing adequate protection
  • UK-approved Standard Contractual Clauses
  • International Data Transfer Agreements
  • Other lawful transfer mechanisms

If no safeguard is available, we will ask for your consent before transferring your data.

  1. Data Security

We use appropriate measures to protect personal data against:

  • Loss
  • Misuse
  • Unauthorised access
  • Alteration
  • Unlawful disclosure

 

Access is limited to authorised individuals who require the information for their role.

All authorised parties must maintain confidentiality.

We have procedures to respond to suspected data breaches and will notify individuals and regulators where legally required.

  1. Data Retention

We keep personal data only for as long as necessary for the purposes it was collected.

We consider:

  • The nature of the information
  • The sensitivity of the information
  • Security risks
  • Legal requirements

 

Certain customer information, including identity, contact, financial, and transaction records, may be retained for six years after the end of a customer relationship for tax purposes.

Where possible, information may be anonymised and used for research or statistical purposes.

  1. Links to Other Websites

Our website may contain links to third-party websites.

We are not responsible for their privacy practices and recommend reviewing their Privacy Policies before providing personal information.

  1. Cookies

We use cookies and similar technologies.

Non-essential cookies, including analytics and advertising cookies, are only used where you have provided consent.

You can manage cookie preferences through your browser settings or cookie settings tool.

Please see our Cookie Policy for further information.

  1. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of your information
  • Request restriction of processing
  • Object to processing
  • Request transfer of your data

 

You can exercise your rights by contacting:

privacy@harmonyathome.co.uk

We will normally respond within one month.

  1. Complaints

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue. If your complaint relates to how we use or protect your personal data, please see our Data Protection Complaints Policy for details of the process and how your complaint will be handled: https://harmonyathome.co.uk/data-protection-complaints-policy/

If you remain dissatisfied, you can complain to:

Information Commissioner’s Office (ICO)
www.ico.org.uk

If you are outside the UK, you may contact your local data protection authority.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always apply.

© 2026 Harmony at Home Limited
All Rights Reserved

Harmony at Home