Skip to main content

Privacy Policy

Information about our use of your personal data

Natural HR Limited takes the privacy of your personal data very seriously, and we do so in accordance with the General Data Protection Regulations (GDPR), the Data Protection Act 2018 and Privacy and Electronic Privacy Regulations (PECR) and any other applicable legislation.

We act as a data Controller for the personal data we process about our employees; our customers and suppliers (current and prospective); our visitors; enquirers and those who engage with our website and directly with us.

Note:Natural HR Limited provide services to many customers where we process personal data (e.g. for HR and payroll services) on behalf of those customers and under their instruction.

We act as a data Processor in these circumstances (not the Controller). If your data is managed by one of our customers, then the data Controller for your information will be that organisation (e.g. your employer) and you should refer to their privacy information and notices.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and any other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Customers / Marketing contacts / Website visitors

What kinds of personal data do we collect?

The following are examples of types of personal data that we may collect. The specific kind of information collected by us will depend on the Services provided:

Customer / Marketing Contact / Website visitors:

  • Contact information (first name, last name, email address, phone number, address, company, job title)
  • Payment information (billing address, bank account information)
  • Moorepay purchase or service history
  • Your location
  • Your interests and preferences
  • Annual revenue
  • Number of employees
  • Demographic information
  • Biometric data such as voice recordings
  • Details about your computer, devices, applications and networks (including IP address, browser characteristics, device ID, operating system, or language preferences)
  • Activities on our website or sub domain (including referring URLs or dates and times of website visits)

How is the data collected?

Natural HR Limited may collect data (which may include personal data about you) in a variety of ways:

Customers/Marketing contacts:

  • When you register to get a quote on the Natural HR website
  • When you download legislative guides from the Natural HR website
  • When you speak to our customer service personnel (over the phone or at events (e.g. fairs, exhibitions)
  • Via explicit data capture measures, for example by entering competitions and completing surveys, and
  • Via implicit data capture measures such as studying which pages you read the most
  • You purchase a product or service from us.

Marketing contacts may be shared between Zellis Group companies – including Zellis UK Ltd (, Moorepay Ltd ( and Benefex (

Visitors / Others:

  • When you report bad practices as a whistle-blower;
  • When you visit our premises or websites;
  • Are a supplier or prospective supplier.


We may also use Cookies in order to collect information about you. Cookies are small files which are sent to your browser and stored on your computer’s hard disc. If you have registered with the Natural HR Limited site, then your computer will store an identifying code in the cookie which means you do not need to type in your email address each time you return to this site. Other than this, we do not store your password or any other information in the cookie, or use it for any other purpose.

The lawful bases we rely on

Under the GDPR there are six lawful bases under which organisations can collect, use and store personal data. We have identified four which we rely upon for our business activities: Consent, Contractual, Legitimate Interests and Legal Obligation.

Contractual: in many circumstances we rely on the lawful basis of “performance of a contract”, this enables us to process your personal data to provide the services you buy from us (or in preparation for the contract).

Consent: in some circumstances we rely on your specific consent, whereby you actively agree and “opt-in”. We will always make it clear how you can withdraw you consent at any time.

Legal Obligation: there will be circumstances under which we are legally obliged to hold your personal data or required to disclose it to a third party by law. This will apply for certain tax or other regulatory purposes for customers for example.

Legitimate Interests: for some of our activities we rely on our legitimate business interests to collect and use your personal data. In such cases, we have balanced our interests with yours and do not believe these activities will have an overriding negative impact on your privacy rights and freedoms.

We specifically rely on Legitimate Interests to:

  • Send you marketing communications about our legislative updates, webinar programme, and our products and services
  • Personalise the marketing content we provide you
  • Undertake business sales and advertising activities
  • Research publicly available business contact details
  • Customise the content you see on our websites

You can always object to our marketing messages by opting out, either by contacting our webmaster or else by clicking the subscription preferences link in the footer of every email we send.

If you wish to object to our reliance on Legitimate Interests for any other purpose please contact the Webmaster on


We may contact you to provide information about our products and services and offerings, or updates to them, with the information that you have provided to us, or that we have collected through third parties (e.g. external marketing companies).

We will only send you direct marketing communications:

  • When you have provided your consent (typically by clicking a “button” to submit a form)
  • Where we believe we can demonstrate a legitimate business interest and have balanced this with your interests and privacy

It is always your choice and you can stop receiving direct marketing communications from us at any time. We provide a clear and easy way for you to do this for by including a subscription preferences link in the footer of every email we send.

For electronic marketing communications we adhere to the rules of the Privacy and Electronic Communications Regulations (PECR).

The data we collect is used for internal review and to contact you for marketing purposes and is not shared with other organizations for commercial purposes.

Why and how we use your personal data

Your personal data may be processed in any of the following ways:

  • Information that you provide by filling in forms on any of our sites or sub domains; this includes information provided at the time of registering to use our site, subscribing to our Services, posting material, any inquiry through the “Contact Us” section of our site, an online employment application or requesting further Services;
  • Establish and manage Moorepay Ltd accounts;
  • Communicate changes to our Services;
  • Provide customer support, trouble-shooting, manage subscriptions and respond to requests, questions and comments;
  • Ensure that the content of our site is presented in the most effective manner for you and your computer;
  • Communicate about, and administer participation, in special events, surveys, contests, webinars, and other offers and promotions;
  • Analyse users’ behaviour when using our Services to customize preferences, and develop new products, services and advertising;
  • Enable posting on our blog and other communication channels (such as Social Media);
  • Comply with and enforce applicable legal requirements, agreements, and policies; and
  • Any other activity consistent with this Privacy Notice.

You have the right to OPT-OUT at any time by contacting us by the below listed details.

Specific examples of why and how we process your personal data:

IP addresses

We may collect information about your computer that does not, by itself, identify you by name, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns. The purpose of the data is to improve effectiveness of the site, to help diagnose problems and to administer the site.

Cookies and information gathering tools

Our website and subdomains use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.  Natural HR Ltd may also collect information during your visit to our website or subdomain through automated tools, which include Web beacons (or named as web bugs), embedded web links and any other commonly used information gathering tools. A web bug is an object that is embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. Moorepay Ltd may use the Web beacons for the purpose of email tracking and page tagging for Web analytics. In addition we might use web bugs implemented through an embedded image include tracking pixel, pixel tag, 1×1 gif, and clear gif that may be implemented by using JavaScript.

Learn more about Cookies and how they are used here:

Moorepay employees

What kinds of personal data do we collect?

  • Name and contact details;
  • Previous experience, education, referees and answers to questions relevant to the role;
  • Equal opportunities information (non-mandatory)
  • Health data
  • Next of kin
  • Criminal records (you will be advised if this is necessary for the role)

How is the data collected?

Natural HR Limited may collect data (which may include personal data about you) in a variety of ways:


  • When you apply for a job (application forms, CV, recruitment agencies etc),
  • During the course of your employment as an employee

The lawful bases we rely on

Contractual: in many circumstances we rely on the lawful basis of “performance of a contract”, as it is necessary for us to process you information in order to fulfil the employment contract which exists.

Consent: in some circumstances we rely on your specific consent, whereby you actively agree and “opt-in”. We will always make it clear how you can withdraw you consent at any time.

Legal Obligation: there will be circumstances under which we are legally obliged to hold your personal data or required to disclose it to a third party by law. This will apply to many aspects of the data we may process if you are an employee of Moorepay.

Legitimate Interests: for some of our activities we rely on our legitimate business interests to collect and use your personal data. In such cases, we have balanced our interests with yours and do not believe these activities will have an overriding negative impact on your privacy rights and freedoms.


Data transfers

Natural HR is a child of Moorepay, and its parent, Zellis are headquartered in the United Kingdom, with affiliates and subsidiaries throughout the world. The data that we collect may be processed, transferred to, and stored at our various service and data centre locations around the world but not outside the European Economic Area (‘EEA’). Data may be also stored with a cloud service provider (e.g. Microsoft, Hubspot, Amazon) and therefore located across those provider’s cloud European environments. However, Zellis deploys and enforces a standard global operational, IT and Security control framework across its global service, data centre and third-party locations.

Data may also be processed by staff, operating outside any other countries where the data is collected, who work for us as an employee or contractor or for one of our third-party suppliers (i.e. agents, service vendors, business partner and other). Such staff may be engaged in, among other things, the fulfilment of your request and the provision of any kind of support services. We execute the appropriate legal and contractual protections to effectuate these transfers such as data processing and data transfer agreements.

Zellis will take reasonable steps necessary to ensure that your data is treated securely, with appropriate technical and organizational measures, and in accordance with this privacy notice. Our Information Security Management System is designed to maintain an appropriate level of confidentiality, integrity and availability.

If you are located in the EEA or Switzerland, we provide adequate protection for the transfer of personal data to countries outside the EEA or Switzerland through a series or intercompany data transfer agreements based on the EU Standard Contractual Clauses, authorized by the European Commission.

Your rights and choices

If you would prefer us not to contact you (via phone, email, SMS or any other way), nor use your data in the way described in this Privacy Notice or want us to pass your details on to third parties, please do not hesitate to contact us at the following email address:

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

a) Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

b) Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

c) Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

d) Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

e) Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

f) Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us at if you wish to make a request.

Please note – if we are holding your personal data on behalf of your employer as part of the services we offer as a business (i.e. where we are acting as a Processor for your employer), then you should contact your employer directly in order to exercise any of your rights detailed above.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office (the ICO) as the UK supervisory authority. Please follow this link to see how to do that

How we secure your personal data

In accordance with Zellis policies, the group is committed to protect any personal data divulged to us. Zellis implemented appropriate security measures, technologies and procedures in order to protect your personal data from loss, misuse, alteration or destruction. Our management team, employees and partners are required to keep personal data confidential.

Unfortunately, the transmission of information via the internet (by way of an email or other) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use internal procedures and security features trying to prevent unauthorised access.

Data retention information

Natural HR Ltd is retaining information for legitimate business or for legal purposes and will not hold information for a period longer than is reasonably necessary to fulfil the purposes for which it was collected.

Children’s privacy

Natural HR Ltd does not knowingly collect personal data from children without obtaining parental consent in accordance with applicable laws and regulations. We do not knowingly process personal data of children for any purpose other than to deliver certain types of services to our clients. If you believe that we have collected information from your child in error or have any other questions or concern, please notify us and we will promptly respond.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to In addition, please do not hesitate to contact us if you suspect any privacy or security breaches.

You have the right to complain to the Information Commissioner’s Office regarding how we have processed your personal data – further details at