Data Protection and GDPR Compliance
The Catandra Data Protection Policy serves to ensure the highest levels of service and integrity when dealing with candidates, clients and associated staff. The Policy outlines how we collect store and use information about individuals and organisations. As the law and technology develop the policy is updated accordingly to meet changing needs.
Our Data Protection Policy differentiates between personally identifiable information and sensitive data:
Personally-Identifiable Information includes, for example but not limited to; e-mail addresses, billing information, employment status and ‘click stream’ data that tracks online activity through our site.
Sensitive Data that deserves additional safeguards. Includes but not limited to; Clients’ confidential data, individuals’ home telephone numbers, Bank Account, Income Tax and National Insurance numbers, interview notes, CV’s, etc. If you are required to share sensitive information with Catandra that data will be treated with additional care. We will not distribute Sensitive Data outside of Catandra, we will ask you for explicit permission to hold any of this data.
Personal Data is only collected by Catandra when there is a legitimate business need to do so.
Our Policy provides the following:
Notice: We will inform you about why we are collecting Personally-Identifiable Information and how we intend to use it. We need to collect and store your name, address, and other basic Personally-Identifiable Information, for example, to provide you with the service you requested, as well as for billing purposes.
Opt Out: From time to time, we are approached by companies and organisations that have a product or service that we believe may be of interest to you. We may choose to share your Personally-Identifiable Information with these companies in an effort to help you find these resources. We will, however, always gain your permission before disclosing Personally-Identifiable Information to third parties that are not affiliated to Catandra;
Security: We will maintain appropriate safeguards to ensure the security, integrity and privacy of your Personally-Identifiable Information;
Data Processing: All candidate and client data is held on a secure specialist CRM (FileFinder) that is encrypted and to which only the Director of Catandra Ltd has access. Any electronic information held locally is kept on a securely encrypted machine, any hard copies of documents required during the recruitment process are held securely and destroyed after the assignment is completed.
Review and Correction: We are continuing to enhance our procedures to enable you to review and correct, upon request, the Personally-Identifiable Information we collect from you. Currently, we need you to make such a request in a manner that can be verified;
Right to be Forgotten: Any requests to delete your data should be made in writing to firstname.lastname@example.org and will be processed within 72 hours whereby confirmation will be made that your data has been erased.
Catandra will not sell personal data in any form, including mailing lists. All data is for internal use only:
Catandra will continue to oversee implementation of and compliance with our Policy and will adapt the Policy to reflect changes in technology and the expectations of everyone we deal with. To ensure that we are following our stated Policy, we also conduct periodic and random audits of our Web sites and other systems.
Catandra Data Protection Policy has been developed out of respect for the privacy preferences and choices of our candidates, suppliers customers, associates and staff. Whilst we made every reasonable effort to address and concerns you may have; if you do have any questions or comments on Catandra and its data protection policy please contact the our director. If you have a complaint about our handling of data, you have the right to involve the Information Commissioner – but please inform us first, so that we may have the opportunity to address any issues directly with you.