GDPR Policy Quantum Services Management Ltd

INTRODUCTION

This Policy sets out the obligations of Quantum Services Management Ltd (“Company”) regarding data protection and the rights of individuals that the Company engages with (“Data Subjects”) in respect of personal data under the General Data Protection Regulation (“Regulation”). A ‘Data Subject’ may be an individual or an individual acting on behalf of a body corporate (i.e. a company director).

The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This Policy sets out the procedures that are to be followed when dealing with personal data.  The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.

WHY DOES THIS POLICY EXIST?

This GDPR policy ensures that Quantum Service Management Ltdcomplies with data protection law and follows good practice;protects the rights of all business contacts, whether currently known or prospective;

  1. Is open about how it stores and processes individuals’ data;
  2. Protects itself from the risks of a data breach;

GDPR LAW

The GDPR Act 2018 describes how organisations — including Quantum Service Management Ltd— must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by six important principles.

This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:

  1. processed lawfully, fairly, and in a transparent manner in relation to the data subject;
  2. collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant, and limited to what is necessary in relation to the purposes for which it isprocessed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased, or rectified without delay;
  5. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

ACCOUNTABILITY AND TRANSPARENCY

Quantum Service Management Ltd adopts the principals of Accountability and Transparency and as such:

  1. has implemented appropriate technical/organisational measures to ensure compliance;
  2. has appointed a data protection officer;
  3. has implemented measures that meet the principles of data protection by design and data protection by default.

LAWFUL BASIS

Quantum Service Management Ltdholds personal data on the lawful basis of Legitimate Interest. Data is sourced for the purpose of providing Mapping, Talent Pipelining and Professional Search & Selection services to global clients, and as such only data already available in the public domain is held. It is deemed that seeking consent to hold such personal basic information would be disproportionately balanced. Verbal permission to keep data is requested when engaging with prospective business contacts/candidates for the first time. Consent, by the process of signing the Quantum Service Management LtdDeclaration is requested when a candidate chooses to engage in the process and potentially be introduced to a client of Quantum Service Management Ltd.

SECURITY

Documents are grouped together by category and then in clear date order when stored and/or archived. Once the retention period of 5 years has elapsed, the documents are either reviewed, archived or confidentially destroyed dependant on their purpose, classification and action type. Once a record or data has reached its designated retention period date, the designated owner should refer to the retention register for the action to be taken. Not all data or records are expected to be deleted upon expiration; sometimes it is sufficient to anonymise the data in accordance with the GDPR requirements or to archive records for a further period.

SHARING OF DATA

Quantum Service Management Ltdmay share personal data with clients where the organisation receiving the personal data has provided adequate safeguards. Individuals’ rights are enforceable and effective legal remedies for individuals are available following the transfer. Clients of Quantum Service Management Ltdare required to agree to the data sharing agreement set out in the client-signed Letter of Engagement, and such confirm that their organisation is GDPR compliant and will handle the shared data under the basis of their own GDPR policy.

Basic personal data obtained under the lawful basis of Legitimate Interest may be shared without notification.

Full and detailed personal data obtained under the lawful basis of Consent will only be shared once the individual has signed the Quantum Service Management LtdDeclaration, agreeing to such sharing of data.

TRANSFER OF DATA

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

Basic personal data obtained under the lawful basis of Legitimate Interest may be transferred outside of the EU without notification to UK-based clients who may have offices in other non-EU territories.

Full and detailed personal data obtained under the lawful basis of Consent may only be transferred once the individual has signed the Quantum Service Management LtdDeclaration, agreeing to such transfer of data.

PROCEDURE FOR ACCESS

Any access requests should be made to the Data Protection Officer via email: dpuri@quantumgroups.co.ukRequests are free of charge and will be handled within 30-days. Data will have been recorded and ultimately delivered in a concise, transparent and intelligible manner, written in a clear and plain language. After receipt of the data, any of the Individual Rights can be requested and as such will be actioned in 30-days.

RESTRICTIONS

This policy was set-out on 25 May 2018 and is stored for public view on www.quantumgroups.co.uk the intellectual property of Quantum Service Management Ltd.