Privacy Policy

This website is operated by Van Esch Advisory Ltd. For the purposes of applicable data protection law, Van Esch Advisory Ltd acts as the data controller for personal data collected through this website.

Depending on how you use the website, the following may be collected:

• Your name
• Your email address
• Your organisation name
• Details you include in a contact form enquiry
• Information you choose to provide when completing the HR Operations Health Check, such as company size, industry, role, country or region, and optional contact details
• Your responses to the HR Operations Health Check questions, together with resulting scores, indicative assessments, and related benchmark or comparison data generated from those responses
• Basic technical information needed for the website to function properly, maintain security, and support performance monitoring

Information may be collected when you:

• Submit an enquiry through the contact form
• Communicate directly in relation to potential services
• Complete the HR Operations Health Check
• Use the website in ways that generate technical or server-side information

Personal information may be used to:

• Respond to enquiries
• Communicate about potential advisory services
• Generate and display HR Operations Health Check results
• Analyse diagnostic trends and create aggregated, anonymised, or de-identified benchmarking insights
• Improve the website, services, and diagnostic experience
• Manage and administer the website
• Maintain website security and performance
• Comply with legal or regulatory obligations where applicable

Depending on the context, personal data is processed on one or more of the following lawful bases:

• Legitimate interests, including operating and improving the website, responding to enquiries, generating diagnostic results, maintaining security, and understanding broad patterns in HR operational maturity
• Steps prior to entering into a contract, where you ask us to discuss or scope potential advisory services
• Legal obligation, where processing is necessary to comply with applicable legal or regulatory requirements
• Consent, where consent is specifically required

The HR Operations Health Check is designed as a practical self-assessment tool. Information submitted through the tool may be used to generate your result, understand common operational patterns, and improve the quality of the diagnostic over time.

Where benchmark or trend information is created from diagnostic submissions, it is intended to be used in aggregated, anonymised, or de-identified form so that individual organisations are not identified.

If you choose to provide contact details in connection with the diagnostic, those details may be used to respond to your request, discuss the result, or provide further interpretation of the diagnostic.

Where a user submits an enquiry following completion of the HR Operations Health Check, diagnostic responses, scores, and related contextual information may be linked to that enquiry and associated with the individual’s contact details. This is done to allow the enquiry to be reviewed in context and to support a more informed and relevant response.

Like most websites, https://vanesch.uk may generate technical logs and other information needed for security, troubleshooting, and performance monitoring.

Where possible, the intention is to minimise the storage of directly identifying technical data. If identifiers are used for fraud prevention, rate limiting, or deduplication, they may be transformed, tokenised, hashed, truncated, or otherwise handled in a privacy-aware way rather than retained in raw form unless there is a specific operational need to do so.

Personal data may be shared with service providers who support the operation of the website and related services, where necessary and subject to appropriate safeguards.

These providers may include:

• Supabase - database and application data storage
• Resend - email delivery
• Calendly - meeting scheduling
• Cloudflare - website delivery, security, and performance
• GitHub - code hosting and deployment workflows

These providers process data only as necessary to perform their services and are expected to operate with appropriate security and data protection safeguards.

Information is not sold to third parties.

Personal data is kept only for as long as reasonably necessary for the relevant purpose. This includes responding to enquiries, maintaining business records, operating and improving the diagnostic, and meeting legal or regulatory obligations where applicable.

In most cases, enquiry and diagnostic-related personal data will not be retained for longer than 12 months unless there is an ongoing business relationship, a continuing operational need, or a legal reason to keep it for longer.

Aggregated, anonymised, or de-identified benchmarking information may be retained for longer where it no longer identifies an individual or organisation.

Depending on the service providers used to operate the website, personal data may be processed in countries outside the UK. Where that happens, reasonable steps will be taken to use appropriate safeguards where required by applicable law.

Depending on the applicable law and circumstances, you may have rights to request access, correction, erasure, restriction, objection, or portability in relation to your personal data.

Where processing is based on consent, you may also have the right to withdraw that consent.

You may also have the right to complain to the Information Commissioner’s Office or another relevant supervisory authority.

If you have any questions about this Privacy Policy or how personal data is handled, you can contact Van Esch Advisory Ltd directly.

Email: privacy@vanesch.uk

You may also contact Van Esch Advisory Ltd using the website contact form.

This policy may be updated from time to time to reflect changes to the website, services, diagnostic features, or legal requirements.

Some third-party tools used on this website, such as scheduling platforms, may use cookies or similar technologies when you interact with them. Where this applies, those tools operate under their own privacy and cookie policies.