Highgrove
  • Login
  • Upload CV
  • GDPR
  • Terms of Business
  • Job Search
  • About Us
  • Contact Us
  • Job Search
  • About Us
  • Contact Us
  • Login
  • Upload CV
  • GDPR
  • Terms of Business

GDPR

GDPR Data Protection Policy for Highgrove Recruitment Group Ltd

INTRODUCTION

The “data processors” collects and stores personal. This can include; Customers, suppliers, business contacts, employees and other organisations the business may have a relationship with. This policy sets out how personal data must be collected, handled and stored to ensure compliance with data protection and to comply with law

PURPOSE OF THE POLICY

The data protection policy exists to ensure The Company:

  1. Complies with data protection law and follow good practice
  2. Protects the rights of staff, customers and partners
  3. Is transparent about how it gains, stores and processes personal data
  4. Protects itself against data breaches external and internal

DATA PROTECTION LAW

The data protection act 1998 describes how organisations including The Company must collect, store and process personal information.

  1. Personal information must be processed lawfully, fairly and in an open, transparent manner.
  2. Personal information must be collected for genuine and legitimate reason, unless this is outweighed by harm to the individual’s rights and interests and not in relation to any other purposes considered to be incompatible with the initial purpose
  3. Accurate, relevant and up to date
  4. Not held for any period longer than stated
  5. Be processed in line the rights of the “data subject”
  6. Stored safely and securely to prevent data breaches
  7. Personal data will not be passed to any third party without the full, explicit consent of the “data subject”

THE RIGHTS OF A DATA SUBJECT

A data subject has a number of rights in relation to the storing and processing of their personal information by a “data processor”

  1. To object to personal data being store
  2. Request access to personal data (SAR) – All SAR must be forwarded in writing to the Director
  3. Erasure or rectification of personal information
  4. Right to restrict or object to the processing of personal information

Where a data subject objects to the Company processing their personal data for direct marketing purposes, the Company shall cease processing

TYPES OF PERSONAL DATA WE MAY COLLECT AND PROCESS

  1. Names
  2. Residential telephone and/or mobile numbers
  3. Addresses
  4. Email addresses
  5. Any such other similar personal data, in each case, as above for the legitimate purpose of the Company fulfilling its business as, primarily, a recruitment company

DATA PROTECTION SECURITY

The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data

  1. All emails containing personal data are encrypted;
  2. Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
  3. All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
  4. Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, or other parties at any time;
  5. Computer screens must be locked at all times when not in use
  6. Systems and software containing personal data are stored on a secure network server
  7. All electronic copies of personal data should be stored securely using passwords. All passwords used to protect personal data shall not be disclosed

DATA BREACH NOTIFICATION

The following actions must be taken in the event of a data breach

  1. Data breaches must be reported immediately to the data protection officer in writing
  2. If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of Data subjects, the data protection officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.

Data breach notifications must contain the following information

  1. The categories and approximate number of Data Subjects concerned
  2. The categories and approximate number of personal data records concerned
  3. The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained)
  4. The likely consequences of the breach
  5. Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects

The GDPR statements regarding our CRM and Cloud Providers can be supplied upon request, please contact us via email to steve@highgroveuk.com

This policy is deemed effective as of 15th May 2018

Sitemap
  • Home
  • About Us
  • Contact Us
  • GDPR
  • Terms of Business
Contact Us

Highgrove Recruitment Group Ltd
217 West Street 
Fareham
England
PO16 0ET

Highgrove Recruitment Group LTD 2023 © All rights reserved

Recruitment website by Volcanic