GDPR Policy for Perfect Hire Global Recruitment

1. Introduction
Perfect Hire Global Recruitment (hereafter referred to as "we", "our", "us") is committed to ensuring that the personal data we process is handled in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection legislation. This GDPR policy outlines how we comply with GDPR requirements and the procedures we follow to protect personal data.

2. Data Protection Officer (DPO)

Our appointed Data Protection Officer Sandra Clegg is responsible for overseeing our data protection activities and ensuring compliance with GDPR.
Contact details: sandra@perfect-hiregr.com

3. Purpose of Data Processing
We process personal data to:
•Identify and evaluate candidates for recruitment.
•Provide recruitment services to clients.
•Maintain client and candidate records.
•Ensure compliance with applicable laws and regulations.

4. Legal Basis for Processing
We process personal data based on the following legal grounds:
•Consent: Where candidates or clients have provided explicit consent for processing their data.
•Contractual Necessity: To perform our contractual obligations to clients and candidates.
•Legitimate Interest: To conduct recruitment activities and maintain business operations.
•Legal Obligation: Compliance with legal requirements related to recruitment, employment, and tax.

5. Types of Data We Collect
We may collect and process the following types of personal data:
•Identification data (name, address, date of birth, etc.)
•Contact information (email, phone number)
•Professional qualifications, CVs, and work experience
•Interview notes and candidate assessments
•Financial details for payroll purposes

6. Data Subject Rights
Under GDPR, individuals have the following rights concerning their personal data:
•Right to Access: The right to request a copy of their personal data.
•Right to Rectification: The right to request correction of inaccurate or incomplete data.
•Right to Erasure: The right to request deletion of data when it is no longer necessary for processing.
•Right to Restrict Processing: The right to request limitations on how their data is used.
•Right to Data Portability: The right to receive personal data in a structured, commonly used format and transfer it to another controller.
•Right to Object: The right to object to processing based on legitimate interests.

7. Data Security
We employ appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized access. These measures include encryption, firewalls, and access controls.

8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once personal data is no longer required, it is securely deleted or anonymized.

9. Data Breach Notification
In the event of a data breach that affects personal data, we will notify the relevant supervisory authority within 72 hours, and affected individuals will be informed where appropriate.

10. Staff Training and Accountability
All employees and contractors are trained on data protection principles and are responsible for ensuring compliance with this policy.

11. Review and Updates
This GDPR policy will be reviewed annually and updated as necessary to reflect any changes in our data processing activities or legal obligations.