Call us on 0344 225 1525


HR Management System to Suit your Business Needs

Privacy & Cookies

This privacy policy sets out how Cascade HR Ltd uses and protects any information that you give Cascade HR Ltd when you use this website.

Cascade HR Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Cascade HR Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

What we collect

We may collect the following information:

  • name and job title
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers
What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • We may periodically call you or send promotional emails about new products, special offers or other information which we think you may find interesting using the email address/phone number which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Data Protection at IRIS and CascadeHR

What is GDPR?

From 25th May 2018 the most significant change in data protection in decades will begin with the General Data Protection Regulation (GDPR). The data protection laws apply to any business that holds or processes personal data (including sole traders) and aim to balance the rights of individuals with legitimate business needs.The intention of the new laws can perhaps be best summarised by the UK Information Commissioner, Elizabeth Denham, who has gone on record to say, “The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.

How have IRIS Been Preparing:
part of IRIS Software Group Ltd CascadeHR has been part of a wide reaching project since June 2016, starting with the appointment of our Group Data Protection Officer. Since then, we have been conducting a huge internal project, beginning with new risk assessments for all of our products and services before moving onto our internal processes at organisational, divisional and departmental level.

Useful links about our policies and data protection
  • IRIS Group Privacy Policy
  • IRIS Data Protection Policy
  • CascadeHR Cookie Policy
Our Data Protection Guarantee
  1. An outcome of our data protection review is the corporate framework necessary to demonstrate to customers and prospective customers that we manage personal data responsibly and within a culture of privacy.
  2. We will ensure we continue to manage personal data in compliance with data protection laws applicable to data processors by keeping our processing activities under review.
  3. We endeavour to make our products suitable for our customers to achieve data protection compliance so that our customers have what they need by the time the new laws come into force.
  4. Any essential improvements we identify from our product gap analyses and risk assessments will be implemented within our products and services promptly.
  5. We have in place a critical incident reporting procedure to ensure that any breaches, if they were to occur, are assessed and notified to customers without undue delay to allow customers to meet the reporting timescales in the new law.
Notable Aspects of Our Preparations and Resources

Governance at IRIS

  • In 2017 we set up an Information Security and Governance Forum that meets at least quarterly and includes members of our Executive team, the Chief Information Officer, the Group Head of IT and the Group Data Protection Officer.
  • We also have divisional information governance groups containing key stakeholders from each department to steer reviews and improvements to our departmental policies and procedures.

Reviewing our documentation

  • This includes reviewing our supplier and sub-processor contracts, as well as any customer-facing documents, to ensure they include all the necessary data protection requirements.

Company-wide protocols adopted

  • We have a Group Data Protection Policy
  • We have a Group summary of our Acceptable Use and Information Security Policies (this summarises the requirements of our more detailed Information Security Management System)
  • Personal data incident reporting procedure.
  • We actively carry out security checks on all staff on recruitment.
  • Our Group policies are available to our customers on request via

Staff Training

  • IRIS has mandatory corporate training on data protection and information security for all staff. This is rolled out on staff induction and for existing staff each training session is refreshed at least once per year.


We are aware that the IRIS products and services may be integral to the processes that our customers implement in order to meet some of their own data protection obligations. Consequently we have identified the need to provide our customers with more information about how certain aspects of our software work. This will help customers (as data controllers) to identify how they are processing personal data and how it is shared with third parties such as HMRC and Companies House. We have, therefore, been producing guidance to assist our customers in this respect and to help their understanding of any non-obvious processes in order to incorporate this information into their own compliance plans. Please contact your account manager for more information about the specific IRIS products you are using.

Understanding GDPR

We would strongly recommend customers seek their own legal advice if they are unsure about the implications of the new data protection laws on their businesses.

Legal Disclaimer

The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. While we have made every effort to ensure that the information provided on this website is correct and up to date, IRIS makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. IRIS will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.

How we use cookies uses cookies to enhance user experience. For more detailed information on cookies uses please see our cookie information page

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information by emailing us at and we will update your contact preferences.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you. If you would like a copy of the information held on you please write to, Cascade HR Ltd, One City West, Leeds LS12 6NJ.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.