This privacy statement has been issued to communicate our commitment to upholding the principles of the General Data Protection Regulation (GDPR) of 25th May 2018. Verrus (a trading division of Poole Resourcing Ltd – Company Number 04568483) is fully committed to protecting the privacy of every individual we engage with through:
- Only processing the personal data of individuals who have given us consent to do so
- Implementing robust operational safeguards to prevent privacy breaches
- Communicating with absolute transparency on these issues
Let’s take a closer look at the key principles of GDPR and how Verrus goes about upholding these principles to ensure that privacy and data protection are safeguarded for all:
- What is the ‘personal data’ of ‘individuals?’
This includes – but is not limited to – names, telephone numbers, email addresses and any other identifying information for people that we employ or engage with in a professional capacity.
- How do we gain consent to process individuals’ personal data?
Every individual that we formally employ or professionally engage with is required to provide their recorded verbal consent in order for us to process their personal data. Candidates’ personal data will therefore not be processed (received, stored and/or shared) by Verrus without this consent. Clients, equally, are given the opportunity to opt out of all marketing communications with a clear unsubscribe option.
- From where do we receive individuals’ personal data?
The personal data of all individuals we professionally engage with is received from registrations on our company website, from specific job applications, from our employees’ professional networks and/or from third party data providers including – but not limited to – employment websites, social media and industrial directories. All individuals have the right to know where we have accessed their personal data from and we, in turn, are committed to disclosing this information with absolute transparency, also directing individuals to the specific privacy policies of our partners if required.
- What do we do with individuals’ personal data?
As recruitment consultants we process the personal data of individuals as either employers (clients) and/or potential employees (candidates.) The personal data of any candidate is not shared with or distributed to any client or other third party without the prior recorded verbal consent of that candidate. This is not only a compliance measure but an integral part of procedural best practice and quality control policy.
- For how long do we store individuals’ personal data?
The personal data of all individuals we professionally engage with is stored digitally on our secure network for a maximum period of five years beyond which those individuals are contacted with the option to either re-consent to our continued processing of their personal data or to opt out with the result that their personal data will be entirely, immediately and securely deleted.
- How do we ensure the security of individuals’ personal data?
The personal data of all individuals we professionally engage with is stored ONLY on our secure network. All Verrus staff are fully trained on GDPR compliance best practices and made contractually aware of the personal implications of human error in respect to data privacy and the seriousness with which we, as an organisation, respect individuals’ right to privacy.
- How can individuals access, amend or reclaim the personal data we have collected about them?
All individuals we professionally engage with have the right to ask us at any time for a copy or record of the personal information we have collected about them or to request amendment or immediate deletion of this information, irrespective of our standard five year processing period. We will however ask for you to first provide sufficient verification before we are able to process such a request.
- How do we delete individuals’ personal data?
The personal data of all individuals we professionally engage with who have not re-consented to our continued processing of their personal data after five years – or who have requested immediate removal for whatever reason – is securely deleted from our secure network with immediate effect. Any corresponding non-digital (paper) records of individuals’ personal data are disposed of securely by Shred-It UK (a member of the National Association for Information Destruction) on a weekly basis, as part of our quarterly data protection audits or with immediate effect if requested by the individual.
- For further clarification on any of the above points, please feel free to Contact Us