Privacy Policy

Our Commitment to Privacy

Dolen is committed to protecting the privacy of all personal information provided through our website and in the course of undertaking business or contact with us.

Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.

This Privacy Policy describes the types of personal information we collect, how we use it, with whom we share it, and the choices you can make about our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices.

How does Dolen collect and process information about you and who is responsible for it?

Dolen may collect and process information about you from several sources which are outlined here.

  • When you enter your information on a contact form on our website. The data controller for this data is Dolen.

  • When you enter your information into a newsletter subscription form. The data controller for this data is Dolen.

  • When information is received through networking activity by a staff member of Dolen with information about yourself or your company and where it is understood there is a legitimate interest in receiving HR services from Dolen. The data controller for this information is Dolen.

  • When your company or employing company enters into a client agreement with a business with Dolen and provides information about you to us for the purposes of receiving HR services. In this case, only information about you that is relevant to the delivery of these services should be shared by your employer with Dolen. The data controller for this information is your company or employing company.

What sort of information about you is being collected and processed by Dolen?

In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect the necessary information that is required to allow us to promote and deliver our services fairly and effectively.

How can you find out what information Dolen holds about you?

Under the Data Protection Act (2018) and European GDPR regulations, any person about whom organisations holds data (a ‘data subject’) is allowed to request a copy of that information. This is called a Subject Access Request (‘SAR’).

There is guidance for individuals who want to make a Subject Access Request on the website of the regulator, the Information Commissioners Office (‘ICO’) and it is strongly recommended that you review this guidance before submitting your request to avoid any delays. There is also information on this site about requirements for SARs for both the requesting and responding parties, and who SARs should be sent to.

If you wish to make a subject access request to Dolen Ltd, these should be submitted to the  Director by email leah@dolen.co.uk, or by post to Dolen, M-SParc, Gaerwen, Ynys Món, LL60 6AG.

Why is Dolen collecting and processing your information?

We collect and process information about you for several purposes depending on the context of the information and how it was collected:

  • to analyse website usage so we can determine how we can make improvements.

  • to personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing HR Services through Dolen.

  • to survey contacts about activity directly related to our marketing activity, service delivery or directly related projects undertaken by Dolen.

  • to provide outsourced HR services to your company or employing company in line with client agreements made with the company.

If you provide your information to us through this website, we would consider this to mean you have a legitimate interest in our services, and that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.

How long is your information kept, and can you make sure it is accurate?

Dolen must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, then it will be kept until one of the following is true:

  • You request for your data to be erased (see the section below) and this can be legally fulfilled.

  • The data is known to be or is suspected to be invalid/inaccurate by Dolen.

  • The data is known to be or is suspected to be no longer appropriate for use for reasons of legitimate interest by Dolen (as outlined above).

If you believe any information held by Dolen is incorrect and wish to amend it, please contact us in writing. Please see the section at the end of this Privacy Notice about how to contact us by email or post.

Can you opt-out of marketing or request for your information to be erased?

Dolen does not wish to undertake marketing activity towards those who do not wish to receive it, and we will always comply with a request from you to either opt-out of marketing. We will comply with a request from you for your information to be erased if it is appropriate to do so (a) in accordance with the Data Protection Act (2018) or the European GDPR requirements and (b) if there is no legitimate justification for retaining the information.

In some cases, we may not be able to agree, wholly or in part, to your request for your information to be erased if there is a legitimate requirement to keep it. An example of a legitimate requirement would be if you are an employee of a company using Dolen for outsourced HR services, and you are involved in some way with an HR issue which is being dealt with by Dolen. In such a case, there is a legitimate requirement to retain relevant information relating to that issue in order for your employer to be able to resolve the HR issue and any related legal challenges. This may extend beyond the apparent resolution of the issue if there is a reasonable argument that the information may need to be revisited.

You can:

  • Use the ‘opt-out’ or ‘unsubscribe’ link in any marketing communication from Dolen if you do not wish to be contacted with any marketing communications.

  • Request directly by email hr@dolen.co.uk if you do not wish to be contacted with any marketing communications.

  • Request by email to hr@dolen.co.uk if you wish for your information to be erased (the right to be forgotten).

  • Contest our determination of a legitimate requirement to retain your information on a case-by-case basis.

Who else is your information shared with?

Dolen does not pass your information to third parties outside of Dolen, other than to specific data sub-processors necessary for us to market and provide our services.

In order to facilitate marketing and delivery of our services to those who have provided their information and who we believe have a legitimate interest in our business, we may share your information with specific ‘sub-processors’ with whom we have data-sharing agreements. We want to be clear and transparent with you about the sub-processors we use and what we have done to ensure that they take your data protection as seriously as we do.

Dolen will share your information for marketing or service delivery purposes with the sub-processors below. This is only shared for the purpose of sending you marketing content or survey/research material relating to Dolen’s own services, or if necessary to be able to deliver HR services to your company/employing company in line with our client agreements and related contracts.

These sub-processors are:

ClickUp

ClickUp is an all-in-one productivity platform that serves as a place for teams to collaborate, plan, and manage tasks and projects. We use ClickUp for the day to day processing of work requests from our clients. Within ClickUp we store contact information of our clients and prospective clients and also work related queries but will only do so in a manner which protects your data and meets the requirements of the GDPR and the Data Protection Act (2018).

Breathe HR

Breathe HR is a cloud-based GDPR compliant HR system which we use to assist our clients with the smooth running of their HR department. Within Breathe HR we store employee personal data, and records relating to their employment.

Microsoft

We use Microsoft Office 365 to manage our emails and file storage, which may include some information that has been collected through our website or other sources relating to marketing and surveying activity. Microsoft have confirmed that they are DPA/GDPR compliant and have updated their terms and conditions to reflect this. Microsoft may transfer data outside of the EEA but will only do so in a manner which protects your data and meets the requirements of the GDPR and the Data Protection Act (2018).

Intuit QuickBooks

QuickBooks is an accounting software which we use to manage our finances efficiently and invoice our clients for our services. Intuit’s values and approach to privacy and data protection ensure that they comply with all local laws on the business use of personal data.

How is the data stored?

The information we collect is stored in secure cloud vaults that operate inside the EEA. All information is stored in an encrypted form. Information held by Microsoft on our behalf may be transferred outside of the EEA but only where there are appropriate protections in place and in line with GDPR guidance.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies using the following instructions, although in a few cases some of our website features may not function as a result. You can configure cookie settings in your browser’s settings.

Detailed step by step guidance on how to control and delete cookies is also available from www.aboutcookies.org.

Other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Automated decision-making

We do not process any information based on automated decision making.

Updates to our Privacy Notice

This Privacy Policy was updated in February 2025 and may be updated periodically and without prior notice to you to reflect changes in the law and/or Dolen’s privacy practice.

How to contact Dolen

If you would like to contact Dolen in relation to any matter covered in this Privacy Notice or with queries about our website or marketing/survey activity, please email hr@dolen.co.uk or write to Dolen, M-SParc, Gaerwen, Ynys Món, LL60 6AG

Data Breaches

We will report any unlawful data breach of this website’s database or the personal information held by us to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Disclaimer

The content of this website is for general information purposes only and is not intended to constitute legal or other professional advice. Dolen accepts no liability for loss of any kind as a result of any inaccuracies or of your reliance on the information contained on the site. We make no representations or undertakings about the quality, accuracy or completeness of any of the information on this website. Any legal or health and safety related information is not a substitute for specific advice relevant to your particular circumstances.

Dolen is not responsible for the content of any external internet sites accessed by hypertext link from this website. These links are provided for information only and we accept no liability for any loss or damage that may result from accessing or using them.

We cannot guarantee that our website and any matter downloaded from this site will be free from viruses or other harmful programs or computer code. We accept no liability for any loss that may be suffered by any person arising from any such harmful programs or computer code.