top of page
Office Corridor Talk

PRIVACY POLICY

  • Facebook
  • X
  • Instagram
  • TikTok

Last Updated: March 5, 2026

 

1. Introduction

Lionheart HR, (“we”, “our”, “us”) is committed to protecting the privacy and rights of individuals in accordance with applicable United States federal and state privacy laws (including the California Consumer Privacy Act “CCPA” and similar state laws) and, where applicable, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU Artificial Intelligence Act.

This Privacy Policy explains how we collect, use, share, and protect personal information while providing HR consultancy services to our clients (“you”, “your”), including recruitment, employee management, and HR advisory work.

It applies to:

● Visitors to our website

● Prospective, current, and past clients

● Individuals whose personal data we process on behalf of our clients (e.g., job applicants, employees)

Where we act as a service provider/processor on behalf of our clients, we process personal information only in accordance with our clients’ instructions and applicable law.

2. Data Controller / Business Information & Contact


● Business Name & Address: Lionheart HR, LLC 700 Tech Center Parkway, Suite 200-113 Newport News, VA 23606

● Privacy Contact: Elizabeth L. Gooden

● Email: connect@lionheart-hr.com

● Telephone: (757) 256-9198


For UK or EU data subjects, we have appointed Zoe Walters as required by Article 27 UK/EU GDPR, reachable at zoe@zoewalters.com.


3. Categories of Personal Information We Collect

 

We may collect the following categories of information (as defined by applicable US privacy laws and UK/EU GDPR):

(a) Client & Contact Information – name, job title, employer, business contact details.

(b) Candidate & Employee Information – résumés, employment history, qualifications, interview notes, references.

(c) HR Records – payroll details, absence records, performance evaluations.

(d) Sensitive Information/Special Categories – health data, diversity data, trade union

membership (processed under Article 9 UK/EU GDPR when applicable).

(e) Technical & Usage Data – IP address, browser type, website interaction data.

(f) Optional AI Processing – outputs generated by AI systems used in recruitment, HR analytics, or workforce management.

4. Legal Basis & Business Purpose for Processing

Under US law, we process personal information for “business purposes” and “commercial

purposes” as defined in applicable state laws, including:

● To perform contractual services

● To comply with legal obligations

● For operational business purposes such as fraud prevention, service improvement, and security

Under UK/EU GDPR (where applicable), lawful bases may include:

● Consent – freely given, specific, informed

● Contract – performance of a contract

● Legal Obligation – compliance with law

● Legitimate Interests – balanced against individual rights

Where AI systems are used, we ensure transparency, human oversight, and bias mitigation in

line with the EU AI Act.

5. Purposes of Use

We use personal information for:

● Providing HR consultancy, recruitment, and payroll services

● Managing client relationships and service delivery

● Screening, assessing, and placing candidates

● Complying with legal and regulatory obligations

● Running AI-driven CV screening, HR analytics, and workforce planning tools in compliance with applicable AI governance laws

6. AI Systems & Automated Decision-Making (If Applicable)

If AI is used to assist decision-making that may affect you:

● You will be informed when AI has been used

● A human will review significant decisions before they are final

● You may request an explanation of how the AI contributed to a decision

● You may contest the decision and request human review

We do not engage in fully automated decision-making that has legal or similarly significant effects without human involvement.

7. Sharing & Disclosure

We may share personal information with:

● Our clients (where acting as a processor/service provider)

● Third-party vendors and service providers under confidentiality and data protection agreements

● Legal, regulatory, or law enforcement authorities where required by law

For international transfers, we implement appropriate safeguards (e.g., Standard Contractual Clauses, UK IDTA, adequacy decisions).

8. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected, or as required by law. Specific retention timelines are set in our internal Data Retention Policy.

9. Individual Rights

Depending on your jurisdiction, you may have rights under:

● US State Laws (e.g., CCPA, CPA, VCDPA) – right to know, delete, correct, opt-out of sale/sharing, limit use of sensitive data

● UK/EU GDPR – access, rectification, erasure, restriction, portability, objection, and withdrawal of consent

To exercise rights, contact us at connect@lionheart-hr.com.

10. Security Measures

We implement technical, administrative, and organizational safeguards including:

● Role-based access controls

● Encryption at rest and in transit

● Regular vulnerability testing and audits

● AI-specific cybersecurity protections (per EU AI Act Article 15)

11. Accountability & Governance

We maintain privacy compliance programs, vendor due diligence, and regular staff training. Where AI is used, we document governance measures, bias testing, and human oversight in line with AI Act standards.

12. Complaints & Disputes

If you have concerns about our data practices, you may contact us directly at

connect@lionheart-hr.com.

● US Residents: You may also contact your state attorney general or applicable consumer protection authority.

● UK/EU Residents: You may contact the UK ICO (www.ico.org.uk) or your local supervisory authority.

13. Updates

We may update this Privacy Policy periodically. Changes will be posted with an updated“Last Updated” date.

14. U.S.-Specific AI Governance Appendix

To comply with U.S. Federal Trade Commission (FTC) AI guidance and emerging state-level algorithmic transparency laws (including but not limited to California, Colorado, and Illinois requirements), we commit to:

1. Transparency – Providing clear, understandable disclosures when AI tools are used in HR, recruitment, or employee management, including the role of AI in decision-making.

2. Fairness & Non-Discrimination – Implementing bias detection and mitigation processes to prevent discriminatory outcomes in employment-related decisions, in line with FTC Section 5 “unfair and deceptive practices” standards.

3. Explainability – Offering individuals meaningful information about how AIdriven decisions are made and the factors influencing them.

4. Human Oversight – Ensuring AI-assisted decisions in HR contexts are subject to human review before final determinations are made.

5. Data Quality & Relevance – Regularly reviewing AI training datasets to ensure accuracy, relevance, and absence of prohibited discriminatory factors.

6. State-Level Compliance – Meeting specific transparency, consent, and record-keeping requirements of applicable state AI/algorithmic accountability laws.

7. Cross-Border Alignment – Aligning these U.S. AI governance measures with UK GDPR, EU AI Act, and international standards for consistent, lawful AI use in HR services.

The Service Provider shall process all Personal Data in accordance with applicable US privacy laws, and, where applicable, the UK GDPR, Data Protection Act 2018, and EU AI Act, ensuring lawful processing, transparency, human oversight, and bias mitigation for any AI-powered systems used in the provision of services.

bottom of page