Data Privacy Manager (DPM) - firstname.lastname@example.org
The General Data Protection Regulation came into force on 25th May 2018 and supersedes the prior UK Data Protection Act.
The new regulations give customers greater rights with regards to the data they give to businesses they deal with.
In practice, the main areas affecting our clients are the following:
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.
You can exercise your right to accept or prevent such processing by checking certain boxes on the form on our website. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will process your data on the basis of legal requirement, legitimate business interests, vital interests and consent, as applicable. You can request further information on the basis of your data processing as required.
All of our business uses a secure cloud environments for all candidate and client data processing, and everything is stored in the cloud with providers who meet the necessary standards and criteria set out under GDPR. All our communications are stored on our cloud CRM system.
We do need to make you aware that we use G-Suite from Google for various business applications and therefore that data is stored in North America, and not in the EU.
Mobile devices have an enforced security policy that means they are locked, and they can be remotely wiped if lost, stolen, or otherwise compromised.
Any system breaches will be reported to the Information Commissioner's Office within 72 hours of us becoming aware of the breach.
The reality is that we will hold no personal data on you, with the possible exception that we may have your personal phone number or personal email address, particularly if we have also worked with you as a candidate (whereby we will probably also have a copy of your CV).
The only information we generally have is any business communications we have had with you or your business.
Exceptions may apply if we have successfully concluded some business with your organisation, whereby we may have the organisations bank details etc for the purposes of invoicing etc, but these will never be your personal data.
We may, from time to time, market to you with phone calls and/ or email communications with details such as candidates we think may be of interest to you, news items, and details of upcoming events.
Our policy is that any business data is held under legitimate business interests, as such we will hold it for 5 years, at which point it will be deleted if redundant. When we register your data you will be able to choose to opt in to our marketing communications (see below) and/ or request for your contact information to be deleted. If we have successfully conducted business with your organisation previously, we will not be able to delete our business records, for legitimate business reason and, in some cases, due to compliance with HMRC requirements.
Should you no longer wish to receive any communication from our business in the future, the best course of action is to request an opt-out from communications, whereby we will remove all your contact information and place a note on the record which will prevent any further communications.
Requesting a delete, which is your right if you wish, could easily result in your details being picked up again at a later date and re-added to our CRM (internal database), because the consultant would not be able to see that you had previously requested a removal.
We will automatically delete all emails that are older than 365 days.
All downloaded CVs and/ or candidate or client records (whom we do not place) are held on our database for 5 years (unless you request deletion earlier), before then being deleted.
Any data records held on Annapurna Recruitments cloud servers will be checked and deleted on a quarterly basis.
These will take the form of one, or some, of the following:
We hope that you will opt-in to our emails and that you feel that any email you receive from our business is well presented and contains relevant information, even if it is not needed on that particular day
However, you will of course be able to opt out of any such emails at any time in the future.