Introduction
At GrowMore Recruitment, safeguarding personal data and ensuring your privacy is a top priority. This policy outlines our commitment to data protection and explains how we collect, use, and protect your information when you use our customised services. In compliance with GDPR and other relevant regulations, we aim to provide the highest level of privacy protection. Please note that our website and those of our talent assessment partners may contain links to third-party websites that are not covered by this Data Protection Policy.
Scope
This policy applies to all data processing activities carried out by GrowMore Recruitment on behalf of data controllers with whom we have contractual relationships, in accordance with Article 28 of the GDPR. This includes the processing of personal data related to candidates, clients, and other data subjects.
Data Protection and Security Principles
Our recruitment agency adheres to the following principles to ensure data protection and security:
- Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
- Purpose Limitation: Data is collected for specified, legitimate purposes and not processed further in a way that is incompatible with those purposes.
- Data Minimisation: Only data that is necessary for the purposes for which it is processed is collected.
- Accuracy: Personal data is kept accurate and up-to-date.
- Storage Limitation: Data is retained only as long as necessary for the purposes it was collected.
- Integrity and Confidentiality: Data is processed securely to prevent unauthorised access, loss, or damage.
Data Protection and Security Measures
We have implemented several technical and organisational measures to ensure the security of personal data:
- Access Control: Only authorised personnel have access to personal data. Data subjects have the right to access their personal data.
- Physical Barriers: Locks and access keys are used to prevent unauthorised access to IT systems handling personal data.
- Security Awareness: All personnel handling personal data receive regular training on data protection and the importance of physical security.
- Incident Response: Plans are in place to respond to physical security incidents, including reporting and assessing impact.
- Data Separation: Personal data collected for different purposes is processed separately.
- Pseudonymisation: Where appropriate, personal data is pseudonymised to protect identities.
- Transmission Access Control: Measures ensure data cannot be read, copied, altered, or deleted by unauthorised persons during electronic transmission or storage.
- Entry Control: All data entry, alterations, or deletions are recorded.
Availability Control: Data is protected against accidental loss or destruction with fast recoverability measures. - Data Access Control: Only authorised personnel can access data according to their access rights.
Business Continuity Management and Disaster Recovery
- Regular Backups: Regular backups ensure data can be restored quickly in case of accidental loss.
- Disaster Recovery Planning: Plans are developed to recover data swiftly in case of major disruptions.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to oversee our data protection and security practices, ensuring compliance with all data protection laws and regulations. The DPO acts as a point of contact for data subjects and supervisory authorities.
Data Protection Impact Assessment (DPIA)
We conduct Data Protection Impact Assessments (DPIA) to evaluate the impact of data processing activities on personal data protection. DPIAs are conducted before starting new processing activities and periodically updated as needed.
Data Breach Notification
In case of a personal data breach, we take immediate steps to contain the breach and assess its impact. We notify the relevant supervisory authority within 72 hours, as required by GDPR, and inform affected individuals promptly with clear information about the breach and measures taken.
Data Retention and Disposal
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected, including legal and regulatory retention requirements. Once data is no longer needed, it is securely disposed of through appropriate methods such as shredding, erasing, or deleting.
Privacy Impact Assessment (PIA)
For new projects, processes, or systems involving personal data processing, we conduct a PIA to assess potential privacy impacts. The PIA ensures additional measures are implemented to protect personal data, with consultation from the DPO and legal counsel as needed.
Employee Training
We provide regular training to all employees handling personal data to ensure they understand their data protection and security responsibilities. Training covers data protection laws, our policies and procedures, and best practices for safeguarding personal data.
GrowMore Recruitment is dedicated to protecting personal data and ensuring compliance with all relevant laws and regulations. We continuously review and update our policies and procedures to maintain the highest standards of data protection and security. For additional questions about data protection and privacy, please contact our Corporate Privacy Officer.