Data Protection Policy
Policy information |
|
Organisation |
iRecruit Partners
|
Scope of policy |
This policy covers all the activities of iRecruit Partners (Berkshire) Ltd, acting as a recruitment consultancy placing permanent staff with client companies and working on both a retained and non-retained basis. |
Policy operational date |
25th May 2018
|
Policy prepared by |
Nicky Morris – Managing Director
Sue Southall – Managing Director |
Date approved by Board/ Management Committee |
08.05.18 |
Policy review date |
25th May 2021 |
Introduction |
|
Purpose of policy |
The purpose of this policy is to outline iRecruit Partners complete commitment to the letter and spirit of the GDPR regulations and to underline our commitment to protecting the rights and privacy of all individuals. |
Types of data processed |
iRecruit Partners process data in the form of candidate CVs. This will typically include personal details such as contact details, employment background and qualifications but may also on occasion include references.
In addition, client data in the form of client contacts, job profiles and company background information will be stored and processed. |
Policy statement |
iRecruit Partners is committed to a policy of protecting the rights and privacy of individuals, especially candidates who have shared their data with the company, and clients in accordance with the General Data Protection Regulation (GDPR) May 2018.
The new regulatory environment demands higher transparency and accountability in how we manage and use personal data. It also rightly accords new and stronger rights for individuals to understand and control that use. The GDPR contains provisions that the company will need to be aware of as data controllers, including provisions intended to enhance the protection of candidate’s personal data. iRecruit Partners process data largely relating to the recruitment of staff for our clients. To comply with various legal obligations, including the obligations imposed on it by the General Data Protection Regulation (GDPR) and to work towards industry best practice, iRecruit Partners must ensure that all this information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully. We are committed to being open and honest with all individuals whose data we process and ensure that all staff who process data act consistently and openly in the processing of that data. As part of our commitment to good data processing practice we undertake to notify the Information Commissioner of any data breach or potential data breach, even if it not strictly required by law. |
Key risks |
Key risks associated with iRecruit Partners data processing activities lie in two areas and the company is committed to ensuring that these risks are minimised wherever possible. The areas of risk are:
|
Responsibilities |
|
The Board / Company Directors |
Nicky Morris – Managing Director
Sue Southall – Managing Director |
Data Protection Officer |
Nicky Morris – Managing Director
Sue Southall – Managing Director |
Security |
|
Security measures |
iRecruit Partners undertakes to put appropriate technical and organisational measures in place against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of data.
All members of staff are responsible for ensuring that any personal data which they hold is kept securely and not disclosed to any unauthorised third parties. All electronic data is held in the cloud in the Office 365 system and not on personal laptops or PCs. iRecruit Partners will ensure that all personal data is accessible only to those who have a valid reason for using it. iRecruit Partners will have in place appropriate security measures e.g.
|
Security Breaches |
In the event of a security breach, iRecruit Partners commit to notify all parties concerned, and the ICO, at the latest within 72 hours of becoming aware of the breach.
As soon as the company becomes aware of the breach, all steps will be taken to secure the data, identify the potential risk of the data loss and to contact candidates and clients to notify them of the loss and associated risks. The 72 hour ICO commitment should be the very minimum requirement and we will endeavour in all cases to exceed that target. |
Data recording and storage |
|
Accuracy |
iRecruit partners will review and update all data on a regular basis. It is the responsibility of the individuals giving their personal data to ensure that this is accurate, and each individual should notify iRecruit Partners if there is any change in their data e.g. new positions added to their CV.
iRecruit Partners will ensure that the data held is accurate and up to date before communication with a client regarding candidate suitability for a role. |
Retention periods |
iRecruit Partners policy is to retain candidate CVs for three years, after which time they will be deleted. Candidates will not be contacted at this time unless there is a specific reason to do so. If there is some other legal requirement upon iRecruit Partners to keep the information for longer the subject of the data will be notified.
Client data will be kept indefinitely unless the client wishes their data to be removed from our system. |
Archiving |
iRecruit Partners will dispose of any personal data in a way that protects the rights and privacy of the individual concerned (e.g. secure electronic deletion, shredding and disposal of hard copy files as confidential waste). |
Right of Access |
|
Responsibility |
Data subjects, generally candidates, have the right at any time to request access to the data held about them by iRecruit Partners. It is Sue Southall’s responsibility to ensure that any requests for access are handled promptly and professionally |
Procedure for making request |
Any individual making a Right of Access Request should do so in writing to:
Sue Southall sue@irecruitpartners.com iRecruit Partners will not make a charge for this service and will respond within 48 hours of the request |
Provision for verifying identity |
An individual making a Right of Access Request may be asked to verify their identity. |
Transparency |
|
Commitment |
iRecruit Partners is committed to being wholly transparent and open in all our dealings with candidates.
We commit to:
|
Lawful Basis |
|
Underlying principle |
iRecruit Partners process data under the principle of Legitimate Interest. It is the company’s belief that candidates who either approach iRecruit Partners or are approached by iRecruit Partners regarding vacancies, realistically expect that their data will be processed and passed onto the client company.
Data is processed in the legitimate interest of the candidate (data subject), client and iRecruit Partners in pursuit of the company’s business. There is no practicable alternative that would be less intrusive to the candidate. Candidates register their CVs in the belief that iRecruit Partners will contact them regarding current or future opportunities. No processing is carried out without the candidate’s full knowledge and approval. No processing is carried out that would be detrimental to the data subject (candidate). There will be no marketing to the data subject and their data will not be shared with any third party. In the event that a client requires specific consent, then written consent will be obtained from the candidate and a record kept, but this is the exception rather than the rule. |
Policy review |
|
Responsibility |
iRecruit Partners – Managing Director |
Timing |
Policy review by end of May 2021 |