In line with current data protection legislation (General Data Protection Regulation – GDPR) here is an explanation of how I will hold and process clients’ personal data in order to provide a requested service. It is slightly different for corporate clients (data controllers) and individual clients, so there are two separate compliance statements.

 

GDPR COMPLIANCE STATEMENT: INDIVIDUAL CLIENTS

This document demonstrates my commitment to protect the privacy and security of your personal information. It contains information regarding how I collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.

Pursuant to that legislation, when processing data I will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that I find proper for providing you with a requested service and in ways that have been explained to you
  • only use it in the way that I have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as I need it
  • process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).

Judith Coslett HR is a “data controller”. This means that I am responsible for determining the purpose and means of processing personal data relating to you.

“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

DETAILS OF INFORMATION I WILL HOLD ABOUT YOU  

Client data held by Judith Coslett HR includes emails, electronic documents and hand written notes made during telephone calls or during coaching sessions.

The list below identifies the kind of data that I will process about you:

  • personal contact details such as name, title, address, telephone numbers, business and personal email addresses
  • information included on your CV including references, education history and employment history
  • details of your right to work in the UK
  • qualifications or professional memberships.

LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

I consider that the basis for which I will process the data contained in the list above is necessary for the performance of the contract I have with you.

Data will only be used to provide the service requested by the client (eg writing CV, interview coaching, providing career guidance).

SHARING DATA

This data will not be disclosed to third parties and will be kept securely.

YOUR RIGHTS IN RELATION TO YOUR DATA

I commit to ensure that any data I process is correct and up to date. It is your obligation to make me aware of any changes to your personal information.

In some situations, you may have the;

  • Right to be informed. This means that I must tell you how I use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that I hold on you. To do so, you should make a subject access request.
  • Right to request correction. If any data that I hold about you is incomplete or inaccurate, you are able to require me to correct it.
  • Right to request erasure. If you would like me to stop processing your data, you have the right to ask me to delete it from my records where you believe there is no reason for me to continue processing it.
  • Right to object to the inclusion of any information. In situations where I am relying on a legitimate interest (or those of a third party) you have the right to object to the way I use your data where I am using it.
  • Right to request the restriction of processing. You have the right to ask me to stop processing your personal data. I will stop processing the data (whilst still holding it) until I have ensured that the data is correct.
  • Right to portability. You may transfer the data that I hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

These requests should be made by email to judithcosletthr@gmail.com.  Any queries about the way in which data is being used should also be made to judithcosletthr@gmail.com.

DATA RETENTION

Handwritten notes are usually destroyed after being used to draft advice or model answers to interview questions. Emails and electronic documents will be retained for 7 years from the last date of contact in order to provide a better service to clients, e.g. who would like to update their CV, apply for another job or seek further career advice. Invoices will be retained for 7 years as part of business accounts.

QUESTIONS OR COMPLAINTS

Should you have any questions regarding this statement, please email judithcosletthr@gmail.com.

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by me, you are able to make a complaint to the ICO.

 

GDPR COMPLIANCE STATEMENTS: CORPORATE CLIENTS

This document demonstrates my commitment to protect the privacy and security of the personal information you share with me. It contains information regarding how I collect and use personal data or personal information in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.

Pursuant to that legislation, when processing data I will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that I find proper for providing you with a requested service and in ways that have been explained to you
  • only use it in the way that I have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as I need it
  • process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).

You the company are the “data controller”.  Judith Coslett HR is a “data processor”.

“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

DETAILS OF INFORMATION I WILL HOLD RELATING TO YOUR COMPANY  

Corporate client data held by Judith Coslett HR includes emails, electronic documents and hand written notes made during telephone calls or meetings.

The list below identifies the kind of data that I will process relating to your company:

  • business contact details such as name, title, address, telephone numbers, and personal email addresses
  • employee information such as name, job title, salary, date of birth, employment start date, qualifications, right to work in the UK
  • situational information such as sickness absence and performance
  • job descriptions and person specifications
  • recruitment and training plans.

LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

I consider that the basis for which I will process the data contained in the list above is necessary for the performance of the contract I have with you.

Data will only be used to provide the service requested by the client (e.g. providing HR advice, drafting contracts or policies, designing training courses, benchmarking salaries).

SHARING DATA

This data will not be disclosed to third parties and will be kept securely.

YOUR RIGHTS IN RELATION TO YOUR DATA

I commit to ensure that any data I process is correct and up to date. It is your obligation to make me aware of any changes to the personal information you have shared with me.

In some situations, you may have the;

  • Right to be informed. This means that I must tell you how I use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that I hold on you. To do so, you should make a subject access request.
  • Right to request correction. If any data that I hold about you is incomplete or inaccurate, you are able to require me to correct it.
  • Right to request erasure. If you would like me to stop processing your data, you have the right to ask me to delete it from my records where you believe there is no reason for me to continue processing it.
  • Right to object to the inclusion of any information. In situations where I am relying on a legitimate interest (or those of a third party) you have the right to object to the way I use your data where I am using it.
  • Right to request the restriction of processing. You have the right to ask me to stop processing your personal data. I will stop processing the data (whilst still holding it) until I have ensured that the data is correct.
  • Right to portability. You may transfer the data that I hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

These requests should be made by email to judithcosletthr@gmail.com.  Any queries about the way in which data is being used should also be made to judithcosletthr@gmail.com.

DATA RETENTION

Handwritten notes are usually destroyed after being used to draft advice, policies or other documents. Emails and electronic documents will be retained for 7 years from the last date of contact in order to provide a better service to clients, e.g. who would like further HR advice on staffing issues or employment contracts for additional staff. Invoices will be retained for 7 years as part of business accounts.

QUESTIONS OR COMPLAINTS

Should you have any questions regarding this statement, please email judithcosletthr@gmail.com.

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by me, you are able to make a complaint to the ICO.