Confidentiality
1.1 The Client shall not without the prior written consent of the Consultancy provide any information in respect of the Candidate to any third party whether for employment purposes or otherwise.
1.2 The Consultant shall not without the consent of the Client provide information in respect of the Client to any third party (save as required to do so by law).
1.2 The client shall not without prior consent provide any information of the consultancy internal documentation including terms and conditions to any third party.
GDPR
1. The Consultancy complies with UK Data Protection Legislation and (for so long as and to the extent that the Law of the European Union has legal effect in the UK). The General Data Protection Regulation (GDPR) and any other directly applicable European Union regulation relating to privacy.
2. For the purposes of our business we act as a data controller in collecting, using, storing and transferring personal data about our Clients and Applicants.
3. We promise to limit the information collected to the minimum information required to complete the work that we are instructed to undertake on behalf of the Client and the Applicant and to only use personal data when the law allows.
4. Our use of personal data is subject to the instructions of the person to whom the data belongs, the Data Protection Legislation and our duty of confidentiality. We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Applicant’s personal data to those agents, Clients, contractors or other third parties who have a business need to know. Clients can only process the personal data of Applicants on our instructions and Clients are subject to a duty of confidentiality.
5. Clients are required to ensure that they meet with their obligations in relation to UK data protection legislation and the GDPR.
6. Clients are expected to put in place procedures to deal with any suspected personal data breach and to notify the Consultancy and any applicable regulatory body of a breach where they are legally required to do so.
7. Clients are required to only retain personal data of Applicants for as long as necessary, after which time Clients are required to destroy data that is no longer required for the lawful purpose for which it was obtained.