GDPR Compliance
Document Reference Number | PT/GDPR/V2 |
|
|
Implementation Date | January 2025 |
Next Review Date | January 2026 |
1. Introduction
Primed Talent Ltd (“we”, “us”, “our”) is committed to protecting the personal data of our clients, candidates, employees, and stakeholders in compliance with applicable data protection laws, including:
UK General Data Protection Regulation (UK GDPR)
EU General Data Protection Regulation (EU GDPR)
Swiss Federal Act on Data Protection (FADP)
Indian Digital Personal Data Protection Act (DPDP Act)
Relevant US state and federal laws (e.g., CPRA)
This policy outlines our practices for collecting, using, storing, transferring, and disclosing personal data, and explains individuals’ rights under these laws.
2. Definitions
Definitions are consistent with applicable laws, including references to updated regulations such as the DPDP Act and CPRA. Terms include: personal data, data subject, processing, controller, processor, consent, profiling, and special category data.
3. Data Protection Principles
We adhere to the following principles:
Lawfulness, Fairness, Transparency
Purpose Limitation
Data Minimisation
Accuracy
Storage Limitation
Integrity and Confidentiality
Accountability
4. Data Collection and Use
We process personal data for:
Providing Services: Recruitment, talent management, etc.
Legal Basis: Contractual or pre-contractual necessityCommunications: Services, events, feedback, etc.
Legal Basis: Legitimate interest or consentLegal Obligations: Tax, compliance, or audit requirements
Legal Basis: Legal obligationRights Protection: Contracts, disputes, or claims
Legal Basis: Legitimate interest
Sensitive data is only processed with explicit consent or legal justification. AI-based profiling or decision-making is reviewed for fairness and compliance.
5. Data Retention and Deletion
Data is retained only as long as necessary:
Recruitment Data: Up to two years post-process
Employee Records: As required by employment law
Data is deleted or anonymised when no longer needed unless legal or legitimate grounds apply. Aligned with the DPDP Act and CPRA.
6. Data Transfers and Disclosure
We transfer personal data using lawful safeguards:
Service Providers: Subject to data processing agreements
Cross-border Transfers: Via SCCs, BCRs, adequacy decisions, or appropriate safeguards
Legal Bases: Consent, contractual necessity, or public interest
7. Data Subject Rights
We uphold the following rights:
Access
Rectification
Erasure
Restriction of Processing
Data Portability
Objection to Processing
Rights relating to Automated Decision-Making
Requests may be submitted to: info@primedtalent.com. Responses will be issued within one month (extendable by two months for complex requests).
8. Data Security
We use robust technical and organisational measures:
Encryption (at rest and in transit)
Role-based access controls
Regular audits
AI oversight in decision-making processes
9. Data Breach Notification
In the event of a breach:
Notify regulators within 72 hours if required
Inform affected individuals where there is high risk
Maintain breach documentation in line with DPDP and GDPR
10. Policy Updates
This policy is reviewed annually or upon legislative changes. Significant updates will be communicated, and consent sought if necessary. Updates will be published on our website.
11. Contact Us
Email: info@primedtalent.com
Questions regarding this policy or data processing practices should be directed to the Data Protection Officer.
12. Document Control and Review
Approval Status | Approved |
---|---|
Approved By | Managing Director |
Date Approved | January 2025 |
Review Date | January 2026 |
Policy Lead | Data Protection Officer |
13. Revision Log
Version | Date | Section Updated | Summary of Change |
V1 | January 2023 | Initial Release | Data protection policy published |
V2 | January 2025 | Full Policy Review | Updated to reflect new regulations and practices |