General Data Protection Regulations (GDPR) May 2018
We are committed to being transparent about how we collect and use the personal data of our workforce, and in meeting our data protection obligations. This policy sets out our commitment to data protection, and individual rights and obligations in relation to personal data.
Our GDPR Policy applies to the personal data of job applicants, employees, workers, contractors, volunteers, interns, apprentices and former employees, referred to as HR-related personal data. This policy does not apply to the personal data of clients or other personal data processed for business purposes.
Data protection officer
The organisation has appointed Sharron Butterworth as its data protection officer. Her role is to inform and advise the organisation on its data protection obligations. She can be contacted at firstname.lastname@example.org. Questions about this policy, or requests for further information, should be directed to the data protection officer.
Data protection principles
We process HR-related personal data in accordance with the following data protection principles:
- We process personal data lawfully, fairly and in a transparent manner.
- We collect personal data only for specified, explicit and legitimate purposes.
- We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.
- We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- We keep personal data only for the period necessary for processing.
- We adopt appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.
maze8 Group tells individuals the reasons for processing their personal data, how it uses such data and the legal basis for processing in its privacy notices. It will not process personal data of individuals for other reasons. Where the organisation relies on its legitimate interests as the basis for processing data, it will carry out an assessment to ensure that those interests are not overridden by the rights and freedoms of individuals.
Where we process special categories of personal data or criminal records data to perform obligations or to exercise rights in employment law, this is done in accordance with a policy on special categories of data and criminal records data.
The organisation will update HR-related personal data promptly if an individual advises that his/her information has changed or is inaccurate.
Personal data gathered during the employment, worker, contractor or volunteer relationship, or apprenticeship or internship is held in the individual’s personnel file and hard copy or electronic format, or both, and on HR systems. The periods for which the organisation holds HR-related personal data are contained in its privacy notices to individuals.
The organisation keeps a record of its processing activities in respect of HR-related personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
You can read our full GDPR Policy here.