Leaman Consulting LLP needs to collect personal information to effectively and compliantly carry out our everyday business functions and activities, in order to provide services defined by our business type. Such data is collected from employees, customers/candidates, suppliers and clients and includes (but is not limited to), name, address, email address, data of birth, proof of eligibility to work, identification numbers, private and confidential information, sensitive information and bank details.
In addition, we may be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations. We are committed to collecting, processing, storing and destroying all information in accordance with the General Data Protection Regulation, UK data protection laws and specific data protection codes of conduct (herein collectively referred to as ‘the GDPR’).
Leaman Consulting LLP has developed policies, procedures, controls and measures to ensure maximum and continued compliance with the GDPR and its principles, including staff training, procedure documents, audit measures and assessments. Ensuring and maintaining the security and safety of personal data belonging to the individuals with whom we deal is paramount to our company ethos and Leaman Consulting LLP adheres to the GDPR and its associated principles in every process and function.
We are committed to ensuring that all personal data obtained and processed by Leaman Consulting LLP is done so in accordance with the GDPR and its principles, along with any associated regulations and/or codes of conduct laid out by the Supervisory Authority and local law. We are dedicated to ensuring the safe, secure, ethical and transparent use of all personal data and to uphold the highest standards of data processing.
Leaman Consulting LLP uses the objectives below to meet the regulatory requirements of the GDPR and to develop measures, procedures and controls for maintaining and ensuring compliance.
Leaman Consulting LLP ensures that:
Leaman Consulting LLP are registered with ICO and appear on the Data Protection Register as a controller and processer of personal information.
Our Data Protection Registration Number is being processed.
Leaman Consulting LLP have defined procedures for adhering to the retention periods as set out by the relevant laws, contracts and business requirements, as well as adhering to the GDPR requirement to only hold and process personal information for as long as is necessary. All personal data is disposed of in a way that protects the rights and privacy of data subjects (e.g. shredding, disposal as confidential waste, secure electronic deletion) and priorities the protection of the personal data at all times.
Please refer to our Data Retention Policy for full details on our retention, storage, periods and destruction processes.
The collection of personal and sometimes special category data is a fundamental part of the services offered by Leaman Consulting LLP and we, therefore, have specific measures and controls in place to ensure that we comply with the conditions for consent under the GDPR.
The GDPR defines consent as; ‘Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’.
Where processing is based on consent, Leaman Consulting LLP have reviewed and revised all consent mechanisms to ensure that:
We have ensured that appropriate measures have been taken to provide information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 (collectively, The Rights of Data Subjects), relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
Such information is provided free of charge and is in writing, or by other means where authorised by the data subject and with prior verification as to the subject’s identity (i.e. verbally, electronic).
Information is provided to the data subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary. However, this is only done in exceptional circumstances and the data subject is kept informed in writing throughout the retrieval process of any delays or reasons for delay.
Where we do not comply with a request for data provision, the data subject is informed within 30 days of the reason(s) for the refusal and of their right to lodge a complaint with the Supervisory Authority.
Also, known as ‘The Right to be Forgotten’, Leaman Consulting LLP complies fully with Article 5(e) and ensures that personal data which identifies a data subject, is not kept longer than is necessary for the purposes for which the personal data is processed. All personal data obtained and processed by Leaman Consulting LLP is categorised when assessed by the information audit and is either given an erasure date or is monitored so that it can be destroyed when no longer necessary.
These measures enable us to comply with a data subjects right to erasure, whereby an individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing. Whilst our standard procedures already remove data that is no longer necessary, we still follow a dedicated process for erasure requests to ensure that all rights are complied with and that no data has been retained for longer than is needed.
1) The request is allocated to the Compliance Manager and recorded on the Erasure Request Register
2) The Compliance Manager locates all personal information relating to the data subject and reviews it to see if it is still being processed and is still necessary for the legal basis and purpose it was originally intended
3) The request is reviewed to ensure it complies with one or more of the grounds for erasure:
a. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
b. the data subject has withdrawn consent on which the processing is based and where there is no other legal ground for the processing
c. the data subject objects to the processing and there are no overriding legitimate grounds for the processing d. the personal data has been unlawfully processed
e. the personal data must be erased for compliance with a legal obligation
f. the personal data has been collected in relation to the offer of information society services to a child
4) If the erasure request complies with one of the above grounds, it is erased within 30 days of the request being received
5) The Compliance Manager writes to the data subject and notifies them in writing that the right to erasure has been granted and provides details of the information erased and the date of erasure
6) Where Leaman Consulting LLP has made any of the personal data public and erasure is granted, we will take every reasonable step and measure to remove public references, links and copies of data and to contact related controllers and/or processors and inform them of the data subjects request to erase such personal data
If for any reason, we are unable to act in response to a request for erasure, we always provide a written explanation to the individual and inform them of their right to complain to the Supervisory Authority and to a judicial remedy. Such refusals to erase data include:
The Compliance Officer has assumed the below duties in compliance with GDPR Article 39: –
To inform and advise Leaman Consulting LLP and any employees carrying out processing, of their obligations pursuant to the GDPR, the Supervisory Authorities guidelines and any associated data protection provisions
To monitor compliance with the GDPR, associated data protection provisions and Leaman Consultancy LLP’s own data protection policies, procedures and objectives
NAME: Paul Hardee
POSITION: Recruitment Consultant
ADDRESS: 47-57 Marylebone Road, London W1U 2NT
TEL: 0203 006 7888