1. Introduction

Morgan Parkes Recruitment Ltd is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines our commitment to data protection and the procedures we have implemented to ensure compliance with the GDPR.

2. Scope

This policy applies to all personal data collected, processed, or stored by Morgan Parkes Recruitment Ltd, regardless of the format or medium in which it is held. It applies to all employees, contractors, and third parties who process personal data on behalf of Morgan Parkes Recruitment Ltd.

3. Principles of Data Protection

We adhere to the following principles when processing personal data:
• Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
• Purpose limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data minimisation: We only collect and process personal data that is necessary for the purposes for which it is collected.
• Accuracy: We take reasonable steps to ensure that personal data is accurate, complete, and up to date.
• Storage limitation: Personal data is stored for no longer than necessary for the purposes for which it was collected.
• Integrity and confidentiality: Appropriate technical and organizational measures are implemented to ensure the security and confidentiality of personal data.
• Accountability: We are responsible for demonstrating compliance with the principles of data protection.

4. Lawful Basis for Processing Personal Data

We will only process personal data if we have a lawful basis to do so under the GDPR. The lawful bases include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by Morgan Parkes Recruitment Ltd or a third party.

5. Data Subject Rights

We respect the rights of data subjects and will facilitate the exercise of their rights under the GDPR. These rights include:
• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object
• Rights in relation to automated decision making and profiling

Requests from data subjects to exercise their rights should be promptly addressed, and we will provide them with information about the actions taken in response to their requests.

6. Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data. These measures are designed to protect personal data against unauthorised or unlawful processing and accidental loss, destruction, or damage. We regularly assess and update our security measures to ensure their effectiveness.

7. Data Breach Management

In the event of a personal data breach, we have procedures in place to promptly identify and respond to the breach. We will assess the risks associated with the breach, notify the appropriate supervisory authorities and affected individuals, and take appropriate measures to mitigate the impact of the breach.

8. Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments where processing operations are likely to result in high risks to the rights and freedoms of data subjects. The assessments consider the necessity, proportionality, and mitigation measures related to the processing activities.