General: 01992 620200

Nursecare: 01992 641010

info@ctsrecruitment.co.uk

Data Protection Policy

1. Purpose – This policy sets out CTS Recruitment Ltd approach to data protection in accordance with the Data Protection Act. (DPA) 1998 and the updated requirements of the General Data Protection Regulations (GDPR) with effect from Friday 25th May 2018.

2. Format of Policy – The narrative of the policy highlights the requirements on us as a business in relation to processing personal data and specifically in relation to the storage, retention and destruction of personal and other confidential data.

3. What the Law Says – For the purposes of data retention our approach is to comply with the requirements of the GDPR from the time of implementing this policy, which assumes compliance with the existing terms of the DPA 1998.

Article 5 of the GDPR requires that personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

4. Our Privacy Principles – We will:

  • Process personal data lawfully, fairly and transparently
  • Only collect personal data for specified, explicit and legitimate purposes
  • Limit the collection and retention of personal data to what is adequate, relevant and necessary
  • Ensure the data accurate and kept up to date where necessary
  • Keep the data for no longer than is necessary and as instructed by the Data Controller where data subjects are identifiable
  • Process it securely and protect against accidental loss, destruction or damage

5. General Responsibilities – As processors of data across a range of business functions, CTS Recruitment Ltd is committed to acting responsibly where there is a requirement to retain, share or destroy personal data and will only retain personal data when acting on the instructions of the Data Controller. We have conducted an in-depth review of data types and current practices across the business as the starting point for this policy.

It is the responsibility of all CTS Recruitment Ltd Directors, Managers, Employees and Contractors who access personal data to familiarise themselves with this policy and to adhere to its requirements.

Any queries in relation to data retention should be directed to our appointed Data Protection Officer, Mr Stuart Rowley.

6. Data Retention – CTS Recruitment Ltd will act upon the instructions of the relevant Data Controller in relation to data retention and destruction.

7. Data Destruction – Where we process personal data, we will retain it in accordance with the requirements of the Data Controller. CTS Recruitment Ltd has a procedure in place in relation to requests for the right to be forgotten. This will be enacted if instructions are received from a Data Controller in relation to one of their data subjects.

Individual departments have appropriate processes in place to ensure that they regularly review data they hold so that it is not held for longer than is required and is destroyed in a confidential, secure way when it is no longer required or when requested.

8. Data Breach Process – All potential personal data breaches MUST be reported IMMEDIATELY to CTS Recruitment Limited appointed Data Protection Officer, Mr Stuart Rowley who will notify their equivalent at the Controller organisation as soon as they are made aware and where they consider that a breach may have occurred.

The Data Controller organisation is obliged to report the breach to the ICO within 72 hours of notification.

9. Useful Sources & Links – For further detail on the Data Protection Act 1998 and the General Data Protection Regulations 2018 visit The Information Commissioner’s Office: https://ico.org.uk/

Recruiting professionals

Got a question? Get in touch.

We're here to help. Check out our FAQs, send us an email or call us on 01992 620200.

Want to be emailed the latest jobs?

We use cookies to ensure that we give you the best experience on our website.