1. Purpose – This policy sets out CTS Recruitment Ltd approach to data protection in accordance with the Data Protection Act. (DPA) 1998 and the updated requirements of the General Data Protection Regulations (GDPR) with effect from Friday 25th May 2018.
2. Format of Policy – The narrative of the policy highlights the requirements on us as a business in relation to processing personal data and specifically in relation to the storage, retention and destruction of personal and other confidential data.
3. What the Law Says – For the purposes of data retention our approach is to comply with the requirements of the GDPR from the time of implementing this policy, which assumes compliance with the existing terms of the DPA 1998.
Article 5 of the GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4. Our Privacy Principles – We will:
5. General Responsibilities – As processors of data across a range of business functions, CTS Recruitment Ltd is committed to acting responsibly where there is a requirement to retain, share or destroy personal data and will only retain personal data when acting on the instructions of the Data Controller. We have conducted an in-depth review of data types and current practices across the business as the starting point for this policy.
It is the responsibility of all CTS Recruitment Ltd Directors, Managers, Employees and Contractors who access personal data to familiarise themselves with this policy and to adhere to its requirements.
Any queries in relation to data retention should be directed to our appointed Data Protection Officer, Mr Stuart Rowley.
6. Data Retention – CTS Recruitment Ltd will act upon the instructions of the relevant Data Controller in relation to data retention and destruction.
7. Data Destruction – Where we process personal data, we will retain it in accordance with the requirements of the Data Controller. CTS Recruitment Ltd has a procedure in place in relation to requests for the right to be forgotten. This will be enacted if instructions are received from a Data Controller in relation to one of their data subjects.
Individual departments have appropriate processes in place to ensure that they regularly review data they hold so that it is not held for longer than is required and is destroyed in a confidential, secure way when it is no longer required or when requested.
8. Data Breach Process – All potential personal data breaches MUST be reported IMMEDIATELY to CTS Recruitment Limited appointed Data Protection Officer, Mr Stuart Rowley who will notify their equivalent at the Controller organisation as soon as they are made aware and where they consider that a breach may have occurred.
The Data Controller organisation is obliged to report the breach to the ICO within 72 hours of notification.
9. Useful Sources & Links – For further detail on the Data Protection Act 1998 and the General Data Protection Regulations 2018 visit The Information Commissioner’s Office: https://ico.org.uk/
We have specialist and dedicated recruitment consultants who can supply a diverse workforce of qualified and experienced healthcare professionals including Nurses, RGN, RMN, Healthcare Managers, Care Assistants and Support Workers for all of your temporary and permanent needs.
CTS Recruitment Ltd. are established recruitment specialists within the Catering & Hospitality industry. We supply staff to prestigious hotels, contract caterers, private/UK national events organisers plus the care sector. Our database includes qualified chef, kitchen assistants, kitchen porters and plate waiting staff.
Pairing our in-depth knowledge with our consultants’ extensive employment histories within driving and industrial sectors, we have supplied drivers and industrial staff since 1983.
View industrial jobs.