GDPR Compliance

Document Reference Number 

PT/GDPR/V2 

  

  

 Implementation Date 

January 2025

 Next Review Date 

January 2026 

1. Introduction

Primed Talent Ltd (“we”, “us”, “our”) is committed to protecting the personal data of our clients, candidates, employees, and stakeholders in compliance with applicable data protection laws, including:

  • UK General Data Protection Regulation (UK GDPR)

  • EU General Data Protection Regulation (EU GDPR)

  • Swiss Federal Act on Data Protection (FADP)

  • Indian Digital Personal Data Protection Act (DPDP Act)

  • Relevant US state and federal laws (e.g., CPRA)

This policy outlines our practices for collecting, using, storing, transferring, and disclosing personal data, and explains individuals’ rights under these laws.

2. Definitions

Definitions are consistent with applicable laws, including references to updated regulations such as the DPDP Act and CPRA. Terms include: personal data, data subject, processing, controller, processor, consent, profiling, and special category data.

3. Data Protection Principles

We adhere to the following principles:

  • Lawfulness, Fairness, Transparency

  • Purpose Limitation

  • Data Minimisation

  • Accuracy

  • Storage Limitation

  • Integrity and Confidentiality

  • Accountability

4. Data Collection and Use

We process personal data for:

  • Providing Services: Recruitment, talent management, etc.
    Legal Basis: Contractual or pre-contractual necessity

  • Communications: Services, events, feedback, etc.
    Legal Basis: Legitimate interest or consent

  • Legal Obligations: Tax, compliance, or audit requirements
    Legal Basis: Legal obligation

  • Rights Protection: Contracts, disputes, or claims
    Legal Basis: Legitimate interest

Sensitive data is only processed with explicit consent or legal justification. AI-based profiling or decision-making is reviewed for fairness and compliance.

5. Data Retention and Deletion

Data is retained only as long as necessary:

  • Recruitment Data: Up to two years post-process

  • Employee Records: As required by employment law

Data is deleted or anonymised when no longer needed unless legal or legitimate grounds apply. Aligned with the DPDP Act and CPRA.

6. Data Transfers and Disclosure

We transfer personal data using lawful safeguards:

  • Service Providers: Subject to data processing agreements

  • Cross-border Transfers: Via SCCs, BCRs, adequacy decisions, or appropriate safeguards

  • Legal Bases: Consent, contractual necessity, or public interest

7. Data Subject Rights

We uphold the following rights:

  • Access

  • Rectification

  • Erasure

  • Restriction of Processing

  • Data Portability

  • Objection to Processing

  • Rights relating to Automated Decision-Making

Requests may be submitted to: info@primedtalent.com. Responses will be issued within one month (extendable by two months for complex requests).

8. Data Security

We use robust technical and organisational measures:

  • Encryption (at rest and in transit)

  • Role-based access controls

  • Regular audits

  • AI oversight in decision-making processes

9. Data Breach Notification

In the event of a breach:

  • Notify regulators within 72 hours if required

  • Inform affected individuals where there is high risk

  • Maintain breach documentation in line with DPDP and GDPR

10. Policy Updates

This policy is reviewed annually or upon legislative changes. Significant updates will be communicated, and consent sought if necessary. Updates will be published on our website.

11. Contact Us

Email: info@primedtalent.com
Questions regarding this policy or data processing practices should be directed to the Data Protection Officer.


12. Document Control and Review

Approval StatusApproved
Approved ByManaging Director
Date ApprovedJanuary 2025
Review DateJanuary 2026
  
Policy LeadData Protection Officer

13. Revision Log

VersionDateSection UpdatedSummary of Change
V1January 2023Initial ReleaseData protection policy published
V2January 2025Full Policy ReviewUpdated to reflect new regulations and practices