1
DATA PROTECTION POLICY & PROCEDURE CONTENT 1. Introduction 2. Definitions 3. Data processing under the Data Protection Laws 3.1. The data protection principles 3.2. Legal bases for processing 3.3. Privacy by design and by default 3.4. Information Security 3.4.1. Staff Responsibilities 3.4.2. The IT department responsibilities 4. Rights of the Individual 4.1. The right to be informed 4.2. Subject access requests 4.3. Rectification 4.4. Erasure 4.5. Restriction of processing 4.6. Data portability 4.7. Object to processing 4.8. Automated decision making 4.9. Enforcement of rights 5. Personal data breaches 5.1. Personal data breaches where The Company is the data controller 5.2. Personal data breaches where The Company is the data processor 5.3. Communicating personal data breaches to individuals 6. Record keeping 7. The Human Rights Act 1998 8. Complaints Appendix Annex – legal bases for processing personal data 1. INTRODUCTION All organisations that process personal data are required to comply with data protection legislation. This includes in particular the Data Protection Act 2018 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). The Data Protection Laws give individuals (known as ‘data subjects’) certain rights over their personal data whilst imposing certain obligations on the organisations that process their data. This policy is written for the coverage of a group of companies, as listed below, and throughout will be referred to as The Company. • • • • • • •
gap personnel Investments Limited – Company Reg – 8044442 – ICO – ZB066799 gap personnel Holdings Limited (including Hawk 3 Talent) – Company Reg – 3589208 – ICO - Z2057848 - https://www.gap-personnel.com/ gap technical Limited – Company Reg – 5646432 – ICO – ZA230558 - https://www.gap-technical.com/ gap personnel (TELFORD) Limited – company Reg – 13377649 – ICO – ZB346100 - https://www.gap-personnel.com/ gap personnel 4WP Solutions Limited – company Reg – 05104902 – ICO – TBC - https://www.gap-personnel.com/ Quattro Recruitment Limited t/a gap personnel – Company Reg – 7131120 – ICO – ZA015243 - https://www.gap-personnel.com/ Driving Force Recruitment Limited - company Reg – 06538808 – ICO - Z1709668 - https://www.driving-force.co.uk/
As a recruitment business The Company collects and processes both personal data and sensitive personal data. It is required to do so to comply with other legislation. It is also required to keep this data for different periods depending on the nature of the data. This policy sets out how The Company implements the Data Protection Laws. 2. DEFINITIONS In this policy the following terms have the following meanings: ‘Consent’
‘Data controller’ ‘Data processor’ ‘Personal data’
‘Personal data breach’ ‘Processing’
means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data; means an individual or organisation which processes personal data on behalf of the data controller; means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data; means any operation or set of operations performed on personal data, such as collection, recording,
gap personnel Holdings Limited – CR - 03589208 – GLAA – CAST0004 gap technical Limited – CR - 5646432 Quattro Recruitment Limited – CR - 7131120 – GLAA – QUAT0001 Driving Force Recruitment Limited – CR – 06538808
gap personnel Investments Limited – CR – 8044442 Quattro Group Holdings Limited – CR 9508069 gap personnel (Telford) Limited – 13377649 – GLAA – GAPP0008 gap personnel 4WP Solutions – CR – 05104902