COMPANY INFORMATION | |
GDPR Responsible Contact | Chris Hyde |
Company Name | Headhunter Group Limited |
Address | Lancaster House |
Amy Johnson Way | |
Blackpool FY4 2RP | |
Policy Date | 04/04/18 |
Policy Revision | 1.0 |
Policy review date | 04/10/18 |
This GDPR policy covers the following:
1. IDENTIFIED AREAS OF SENSITIVE DATA | |||||
Data | Location | Risk | Access | Protection | Right 2 Delete |
Sage Data | Local Sage | Low | Claire Davies(accounts) | Physical + Encyption | No |
Customer information | Web based Recruit so Simple | Low | Limited access for staff Chris Hyde Administrator | Password & 6 monthly change | Yes, unless contracted |
Candidate information | Web based Recruit so Simple | High | Limited access for staff Chris Hyde Administrator | Password & 6 monthly change | Yes, unless contracted |
Cloud based | Medium | Individual access or associated groups | Encryption + separate to logon passwords | Yes | |
Online Backups | Cloud based | Low | Convene IT Ltd | Encryption | No |
Physical Files | Local | Low | Very limited physical files | Physical | No |
1A. NOTES RELATING TO ABOVE TABLE |
|
2. SECURITY | |
2A BROADBAND/COMMUNICATIONS | |
Broadband Connection | Leased Line, provided by business first |
Router/Firewall | Supplied by business first |
Open Ports | Convene have remote access for support reasons |
2B ANTIVIRUS | |
Server Antivirus | Eset Endpoint protection |
Client Antivirus | Eset Endpoint Protection & USB Lockdown |
2C PASSWORD POLICIES | |
User Passwords | 6 monthly prompt to change |
Email Passwords | 6 monthly prompt to change |
2D CYBER ESSENTIALS | |
Qualification | Cyber Essentials has been looked into and will be reviewed |
3. RIGHT TO DELETE AND DATA RETENTION | |
TYPES OF DATA HEADHUNTER GROUP HOLDS | RETENTION PERIOD |
Candidate address, email data, phone & CV | Candidate data is held for as long as individuals are happy for us to do so. This for the sole purpose of keeping them alerted to new job opportunities. Every 6 months our whole database will be emailed asking if they wish to remain on our database. If they choose to stay on the database we will action this. All of our email correspondence also offers the option to unsubscribe from receiving emails from us. We can also delete any individual from our system at their direct request. |
Customer information | Customer data is held while we work with the customer |
Staff Payroll information | Gaffney’s accountants run payroll |
INFORMATION REQUEST | |
Candidate address, email data, phone & CV | Anyone can request information we hold at any time |
Customer information | Anyone can request information we hold at any time |
Staff Payroll information | Anyone can request information we hold at any time |
4. STAFF TRAINING | |
AREAS OF RISK | TRAINING PROVIDED |
Handling of sensitive information | In house training provided to staff, explaining importance of how we work with data and how we keep this data secure |
Information we are allowed to keep | There is only data relevant to the candidate or client helping with recruitment. We also purge this data frequently to ensure we are only holding relevant information |
Staff understanding | We ask the staff to speak with Line managers if they are not sure of any areas |
5. BREACH CONDITIONS AND REPORTING | |
BREACH CONDITIONS | REPORTING |
External data hack | In the unlikely event of a data breach, Headhunter Group has strict procedures in place to report this to customers, and the ICO within 72 hours of discovery. |
Internal data breach | If any data breach was caused by a staff member again we would report within 30 days and also find ways of limiting this type of breach again |
Customer breach which would affect Head Hunter Group | If we find any of our customers have experienced a data protection issue we would check if this has any impact on the data we hold for them or with them |
This Policy aims to comply with GDPR and we will be reviewing this policy in 6 months’ time or if any of these conditions/areas of risk change
We are always looking at ways to secure data and limit any risk of exposure
I Confirm that all the details provided above are true and we constantly strive to improve and move forward with compliance.
©Headhunter 2024 | Headhunter Legal and Professional Limited.
Registered in England, Company No: 12996573. VAT Number: 379 7883 12
Site by Void Matter