Legal

Privacy Policy

Last updated: 1 July 2026

1. Who we are

Hrpushs Ltd ("Hrpushs", "we", "us", or "our") operates the platform available at hrpushs.com, which connects organisations with vetted HR professionals for fractional, project-based, and advisory work. Hrpushs Ltd is a company registered in England and Wales and acts as the data controller for the personal data described in this policy. For any privacy enquiry, contact us at privacy@hrpushs.com.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, password (stored in hashed form), company name, and role when you register.
  • Professional profile data: for HR professionals — CV details, certifications (e.g. CIPD, SHRM), work history, references, specialisations, availability, and rates, collected during our vetting process.
  • Project data: project briefs, proposals, contracts, milestones, messages, and reviews exchanged through the platform.
  • Payment data: billing details and transaction records. Card details are processed by our PCI-DSS-compliant payment providers and are never stored on our servers.
  • Technical data: IP address, browser type, device information, and usage data collected via cookies and similar technologies.

3. How we use your data

We process personal data to:

  • Create and administer accounts and verify professional credentials;
  • Operate our AI-powered matching engine, which analyses certifications, industry experience, availability, and historical performance to match professionals with projects;
  • Facilitate contracts, milestone tracking, and secure payments;
  • Provide customer support and respond to enquiries;
  • Send service communications and, with your consent, marketing communications;
  • Prevent fraud, enforce our Terms of Use, and comply with legal obligations;
  • Improve the platform through aggregated, anonymised analytics.

Our legal bases under UK GDPR are the performance of our contract with you, our legitimate interests in operating and securing the platform, your consent where required, and compliance with legal obligations.

4. Automated matching

Our matching engine produces a shortlist of candidate professionals for each project. The shortlist is a recommendation only: engagement decisions are always made by the organisation posting the project, not by the system. Professionals may contact us at any time to request information about how their profile is matched or to contest a matching outcome.

5. Sharing your data

We share personal data only with:

  • Other platform users as necessary to deliver the service (e.g. a professional's profile is shown to organisations they are matched with);
  • Service providers acting on our instructions, including hosting, payment processing, identity verification, and communication tools (e.g. integrations you enable with your ATS, HRIS, Slack, Zoom, or DocuSign);
  • Professional advisers, regulators, and authorities where required by law.

We never sell personal data.

6. International transfers

Where data is transferred outside the UK or EEA, we rely on adequacy regulations or standard contractual clauses, together with appropriate technical and organisational safeguards.

7. Retention

We retain account and engagement records for as long as your account is active and thereafter as required for legal, tax, and dispute-resolution purposes (typically six years). Unsuccessful professional applications are retained for twelve months unless you ask us to delete them sooner.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, and object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. To exercise any right, email privacy@hrpushs.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies

We use essential cookies to keep the platform secure and functional, and optional analytics cookies to understand how the platform is used. You can manage optional cookies through the cookie notice shown on your first visit and through your browser settings.

10. Security

We apply industry-standard measures including encryption in transit and at rest, access controls, and regular security reviews. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you and the relevant authorities as required by law.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified via the platform or by email. The "last updated" date at the top of this page shows when the policy was most recently revised. See also our Terms of Use.