GDPR Compliant
The EU General Data Protection Regulation (GDPR) is the most impactful piece of European privacy legislation this decade. GDPR supports the rights that individuals have on data held on themselves. It also aims to detect and identify data breaches and leaks, as well as enforcing the reporting on these issues. Any business that deals with EU nationals and business alongside their data must be compliant with this legislation.
SmartSearch is dedicated to complying with the GDPR regulations as a data processor and controller.
SmartSearch uses Third Party suppliers and software to control and manage data. These systems have been audited in line with GDPR commitments and outlined below. In the context of this statement, ‘data subject’ refers to the person or entity submitting data and can include employees, candidates, clients and other individuals or organisations that SmartSearch works with.
Data Collection
SmartSearch contacts candidates directly for all of our assignments using a variety of methods and channels. The majority of our sourcing comes through mapping the market via publicly available information. Data collection and processing is necessary for the performance of the search process with the data subject. The terms that a data subject enters are made available to them upon request. By submitting data, the data subject agrees that this data can be processed and stored. We would obtain consent to process and store personal data including but not limited to; name, career history, CV, salary information and contact details. This data is required to ensure the data subject is suitable for a particular search with SmartSearch. SmartSearch reserves the right to contact data subjects who have submitted this data both upon submission and in the future to ensure data is accurate.
Data Retention
SmartSearch will keep data on file for a period of 5 years unless otherwise mandated. Data subjects have the right to request personal data on themselves. Data subjects must request their data by phone, email or letter stipulating what data they would like to access.
Data Deletion
SmartSearch will keep data on file for a period of 5 years unless otherwise mandated. Data would be erased after this time unless the subject of the data requests otherwise. Subjects of data have the right to be erased from records upon request. They must make requests to do so by email stating what data should be erased. The data request would be acknowledged within 7 days followed by an email confirming the data is no longer with SmartSearch.
Reporting Data Breaches
As per the GDPR guidelines we would analyse any suspected data breach and report it within 72 hours. Breaches would be reported to the ICO (Information Commissioner’s Office). SmartSearch has processes and policies in place to avoid any potential data breaches. We train all of our employees on the importance of data security and how to properly safeguard against potential breaches.
Internal Policies
SmartSearch has a stringent security and access policy for employees that safeguards data and protects the integrity of data. We have a data security policy, confidentiality policy, and password policy. These policies aim to protect against any instance of data breach or leaks and employees are trained in data security procedures.
SmartSearch’s ATS & Database
SmartSearch uses an ATS system for data processing. We use a compliant ATS System and Database which applies rigorous security standards.
Our ATS and database is compliant with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
This statement is provided as of September 2019, with the purpose of explaining SmartSearch’s position on GDPR legislation and compliance. This is subject to change without notice.
For additional information please send an email to [email protected]