GDPR Policy for Arevna Limited
Introduction
Arevna is committed to ensuring the privacy and protection of personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws. This policy outlines our approach to data protection and the procedures we have in place to manage personal data securely and responsibly.
Scope
This policy applies to all personal data processed by Arevna in the course of our recruitment activities. This includes data related to candidates, clients, employees, and other individuals.
Data Protection Principles
Arevna adheres to the following data protection principles:
- Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
Individuals are informed about the processing of their data through clear and concise privacy notices. - Purpose Limitation: We only collect and process personal data for specified, explicit, and legitimate purposes.
Any additional processing beyond the original purpose is communicated to the data subject and, if required, consent is obtained. - Data Minimisation: We collect and process only the personal data that is necessary for the intended purpose. Unnecessary data is not collected or retained.
- Accuracy: We take reasonable steps to ensure the accuracy of personal data and, where necessary, keep it up to date.
- Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected. Periodic reviews are conducted to ensure data is not kept longer than required.
- Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security of personal data and protect it from unauthorized or unlawful processing, accidental loss, destruction, or damage.
Data Subjects' Rights
Arevna respects the rights of data subjects under GDPR. Individuals have the right to:
- Access their personal data.
- Rectify inaccurate or incomplete data.
- Erase personal data (the right to be forgotten) under certain circumstances.
- Restrict processing of personal data.
- Object to processing based on legitimate interests or direct marketing.
- Data portability, allowing them to receive their personal data in a commonly used format.
- Requests related to these rights should be submitted to our Data Protection Officer (DPO).
Lawful Basis for Processing
We only process personal data when we have a lawful basis to do so. This may include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or the exercise of official authority, and legitimate interests pursued by Arevna or a third party.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, Arevna will notifybthe Information Commissioner’s Office (ICO) and affected individuals without undue delay, as required by GDPR.
Training and Awareness
All employees who process personal data receive training to ensure they understand and comply with data protection laws. Regular awareness campaigns are conducted to promote a culture of data protection within the organization.
Review and Update
This policy is regularly reviewed and updated to ensure its effectiveness and compliance with applicable data protection laws.
