Data Protection Policy & Procedure Introduction All organisations that process personal data are required to comply with data protection legislation. This includes in particular the Data Protection Act 2018 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). The Data Protection Laws give individuals (known as ‘data subjects’) certain rights over their personal data whilst imposing certain obligations on the organisations that process their data. As a recruitment business gap personnel holdings limited collects and processes both personal data and sensitive personal data. It is required to do so to comply with other legislation. It is also required to keep this data for different periods depending on the nature of the data. This policy sets out how the Company implements the Data Protection Laws.
Definitions In this policy the following terms have the following meanings: ‘Consent’ means: •
any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
‘Data controller’ means: •
an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data
‘Data processor’ means: •
an individual or organisation which processes personal data on behalf of the data controller
‘Personal data’ means: •
any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
‘Personal data breach’ means: •
a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
‘Processing’ means: •
any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
‘Profiling’ means: •
any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
‘Pseudonymisation’ means: •
the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately
Data Protection Policy & Procedure – Last Updated 15/12/2021