Skip to main content

GDPR COMPLIANCE POLICY

At Apex Talent Solutions Ltd (“the Company”), we are committed to ensuring the protection of personal data and compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines our approach to GDPR compliance and our commitment to safeguarding the rights and privacy of individuals whose personal data we process.

Data Protection Principles

We adhere to the following data protection principles as outlined in the GDPR:

  1. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently, ensuring individuals are informed about how their data is being used.
  2. Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  3. Data Minimisation: We only collect and process personal data that is adequate, relevant, and limited to what is necessary for the intended purposes.
  4. Accuracy: We take reasonable steps to ensure that personal data is accurate, kept up to date, and corrected where necessary.
  5. Storage Limitation: We store personal data for no longer than is necessary for the purposes for which it was collected or as required by law.
  6. Integrity and Confidentiality: We process personal data securely, ensuring appropriate measures are in place to protect against unauthorised or unlawful processing and accidental loss, destruction, or damage.
  7. Accountability: We demonstrate compliance with GDPR principles by implementing appropriate technical and organisational measures, conducting data protection impact assessments, and maintaining documentation of our data processing activities.

Lawful Basis for Processing

We only process personal data when there is a lawful basis for doing so as defined in Article 6 of the GDPR. This includes processing personal data with the individual’s consent, for the performance of a contract, to comply with legal obligations, to protect vital interests, for the performance of a task carried out in the public interest or in the exercise of official authority, or for legitimate interests pursued by the Company or a third party.

Individual Rights

We respect the rights of individuals under the GDPR and facilitate the exercise of these rights, including:

  1. Right to Access: Individuals have the right to access their personal data and information about how it is being processed.
  2. Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
  3. Right to Erasure: Individuals can request the deletion of their personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
  4. Right to Restriction of Processing: Individuals can request the restriction of processing of their personal data in certain situations, such as when its accuracy is contested or processing is unlawful.
  5. Right to Data Portability: Individuals can request to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
  6. Right to Object: Individuals can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
  7. Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate risks associated with processing activities that may present a high risk to individuals’ rights and freedoms. DPIAs are carried out for new projects, systems, or processes involving the processing of personal data, and appropriate measures are implemented to address identified risks.

Data Breach Response

In the event of a personal data breach, we have procedures in place to respond promptly and effectively to mitigate any adverse effects on individuals’ rights and freedoms. This includes notifying the relevant supervisory authority and affected individuals where required by law.

Training and Awareness

We provide regular training and awareness programs to employees and contractors involved in processing personal data to ensure they understand their responsibilities under the GDPR and are equipped to handle personal data securely and compliantly.

Data Protection Officer (DPO)

 We have appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance, providing advice on data protection matters, and serving as a point of contact for data subjects and supervisory authorities.

Review and Update

This GDPR Compliance Policy is reviewed regularly to ensure its effectiveness and compliance with applicable data protection laws and regulations. Updates are made as necessary to reflect changes in legislation, industry standards, and business practices.

Contact Information

For any questions, concerns, or requests related to data protection and GDPR compliance, please contact our Data Protection Officer (DPO) at:

Name: Todd Edwards

Email: tedwards@apextalentsolutions.com

Postal Address: The Grain Store, Carthagena Farm, Bell Lane, Chichester, PO20 7HY

Date of Last Revision: March 2023