Privacy, General Data Protection Regulation (GDPR) and IT Policy
Indo Professionals Limited has always recognised that to hold confidential data is to be in a position of trust and it is of upmost importance that the data is secure and only used in direct relation to the service we provide and with permission from the provider. With the new data protection regulations, we have further developed our policies and procedures in this area. Below you will find details concerning our policies and procedures.
Our Privacy & Data Policy
Indo Professionals Limited are committed to protecting our candidates’ and clients’ privacy in accordance with all relevant legislation, including the Data Protection Act 1998 and the Privacy & Eectronic Communications Regulations 2003 and General Data Protection Regulations (GDPR) 2018. We use and store personal information only in accordance with the policies and procedures outlined in this section.
Our service offering
Indo Professionals Limited are a recruitment provider. We operate as an Employment Agency and Employment Business as defined by the Conduct of Employment Agencies and Employment Businesses Regulations 2003. Through this service provision we collect data, with the ‘consent’ of individuals, to hold and use to perform our role, therefore we deem our definition under the new GDPR regulations as a ‘data controller’ and as a ‘data processor’.
Because of our definition we have conducted a data protection impact assessment (DPIA) as recommended by the Information Commissioners Office (ICO) and have followed the ICO recommend process template to create a robust policy and process for our business to offer the best protection for our candidates and clients and to ensure we are informed about the policies of our third party suppliers where data processed. A DPIA will be performed on an annual basis.
Information collection and use
Indo Professionals Limited is the sole owner of the information we gain from you. We will not sell, share, or rent this information to others in ways that differ from that disclosed in this policy.
Under GDPR rulings we ensure we have ‘consent’ from any individual before processing information and that we use the information for ‘legitimate business reasons’ only and for the best interests of all parties.
No individuals’ information is processed without an employee of Indo Professionals Limited speaking to you first. We will always explain what we do with your information and why.
If at any time you are not happy with the process you can opt out of our service. By talking to us you are not automatically opting in.
Disclosure of your information to others
Indo Professionals Limited uses your information for internal, legitimate business reasons only, and does not disclose your personal information to third parties, except under the following circumstances:
- We may email your CV and other personal details to our clients, but only with your prior consent. We inform you of where your CV is being sent. A CV will only contain your name and work history. Further personal details may be forwarded to third parties to support the recruitment process. This may include receiving a job offer or to be paid through a factoring facility. Again, you will be consulted about this process to gain your consent.
- We may disclose some personal details to third parties we employ to perform functions on our behalf. These individuals or companies will have access to your information as necessary to perform their functions, but they may not share that information with any other third party. You will be made of aware of such circumstances.
- We may disclose such information if legally required do so to:
– conform to legal requirements or comply with legal process
– protect the rights or property of Indo Professionals Limited.
The accuracy of your registration information
You are responsible for ensuring that any information or documents you provide to Indo Professionals Limited is accurate, complete and your own. Indo Professionals Limited is entitled, forthwith and without notice, to remove from our systems any such information found to be false, inaccurate, incomplete or not your own.
Keeping your registration information current
Everybody’s situation changes and we will always aim to keep regular contact with you however if you update your information, we would appreciate you making us aware. You can forward an updated CV or new qualifications and certifications through our website, or via email or call us and update any changes in your circumstance. We will update our systems accordingly.
Once Indo Professionals Limited has obtained your CV, we create your file on our secure cloud-based database. All your information is enclosed in this file. The file includes your CV, personal details, employment details and a record of emails and conversations gained from liaising with you. All information added is deemed necessary and helpful to Indo Professionals Limited providing an effective recruitment service.
If you wish to request the removal of personal information from the Indo Professionals Limited database, please contact firstname.lastname@example.org
Indo Professionals Limited receives data from our candidates primarily through them submitting a Curriculum Vitae (CV) and registration forms.
This data can include name, address, telephone numbers, date of birth, identity documentation, company details, bank account details, education, work history and conversation history. This data is added to a secure database, which Indo Professionals Limited employees can use to provide its service.
Indo Professionals Limited receives data from our clients either directly or indirectly through mediums such as the internet browsers, press and social media.
This data can include, names, addresses, telephone numbers, job titles, job descriptions and conversation history. This data is added to a secure database, which Indo Professionals Limited employees use to provide its service.
Where we store data
Indo Professionals Limited run a paperless office, therefore the repositories for data are, database, laptop/ email, & mobile phone. All software is accessed through cloud-based technologies.
As part of the Data Protection Impact Assessment we have looked at where we see the primary areas of risk and what we have in place to mitigate.
Potential risk areas
- Database – Breach.
- Laptop – Loss or theft or breach.
- Email – Breach.
- Mobile – Loss or theft or breach.
- Network – Breach.
- Human error – Loss or theft of hardware.
- Working in a public place.
- Sending emails to wrong recipients.
Measures to mitigate risks
Database – Cloud based with secure login’s and time out lock.
Laptops – Windows – Office 365 Cloud system.
– Encrypted with secure logins and time out lock.
– Hard drive encrypted by BitLocker/Windows Pro.
Email – Windows – Office 365 Cloud system with secure logins.
Storage – Cloud based with secure logins.
Security – MacAfee firewall and malware protection.
Mobile – I-Phone Apple system.
Handset – Secure login and time out lock.
System – Cloud based with secure login.
Security – Apple software.
Private network established.
Routers – Firewall protected with unique codes through BT and Virgin Media.
Employees to be aware if working on a train.
Employees to be mindful when sending emails. Take the time.
Indo Professionals Limited do use vetted third-party suppliers who offer candidate-based database repositories, provide accounting or factoring facilities and offer payrolling solutions. Indo Professionals Limited vetting process includes understanding a third parties approach to GDPR and that their platforms are only accessed through a secure cloud-based system.In the event of an issueProcessIt is now mandatory to report any issue where an individual’s data has been breached and got into the wrong hands and there could be a potential risk to the rights and freedoms of that individual.In the event of a data breach all Employees must report the breach to a Director. This is a mandatory requirement. The Directors will assess the risk of harm to the said party, if potential harm is found we will report it to the ICO.
Plan and review
Indo Professionals Limited has implemented all necessary steps to identify potential risks, mitigate risks and inform its customers about our data processing and protection measures. We will review the plan on a yearly basis by following the steps set out in the DPIA and performing a ‘cyber essentials assessment’. Any further requirements from these findings will be implemented.
Indo Professionals Limited IT policy
At Indo Professionals Limited we believe having a sensible and secure IT protocol is a must for running a successful business in the modern age. We complete a yearly ‘cyber essentials self-assessment’ to highlight any areas of development that are required.Our policy is to always work in a closed computing network, with firewall and malware protection at router level and on all hardware. Protection is secured through a known, reputable provider and reviewed and upgraded on a yearly basis. Our hardware and cloud-based platforms are all security password protected. These passwords are changed at monthly intervals, prompted by the IT manager and all contain greater than 8 characters including numbers, letters and symbols or a unique 6-digit code/ thumbprint.It is our policy to ensure all hardware has a security time out system set to a 5-minute lock and all laptops are shut down at the end of a day. Software updates and virus checks are all set to automatic predefined settings.
Plan and review
Indo Professionals Limited will perform an annual review of its IT policy. This will be centred around a ‘cyber essentials review’. Any necessary findings will be identified and implemented.