Introduction

1. This Employee data protection policy statement (“The Data Protection Policy”) contains the policies, procedures and practices to be followed by Mrecruitment staff and any of its present or future subsidiaries (the “Company”) pertaining to the collection, use and disclosure of personal information (the “Personal information”) of an identifiable person (the “individual”) that is present, future or former employee of the Company.

2. The Company recognises the confidential nature of the Personal information in its care and is accountable for the compliance of itself and its directors, officers, management, employees, representatives and agents including consultants and independent contractors (the “staff”) in protecting this Personal Information.

3. For the purpose of this Data Protection Policy, the term “Personal Information” has the meaning of any information or collection of information in any form, whether oral, electronic or written that pertains to the Individual excluding information that is publicly available information that is combined with non- publicly available information.

4. Personal information includes but is not limited to, name, home address, home phone number, home email address, identity verification information, Social Security Number, physical description, age, gender, salary, education, professional designation, personal hobbies and activities, medical history, employment history, credit history, contents of resume, references, interview notes, performance review notes and emergency contact information.

5. Personal Information will not include the Individual’s business title, and business address and contact information when used or disclosed for the purposes of reasonable business communication.

6. The Company will implement policies and procedures that give effect to this Data Protection Policy including procedures to distribute new and current information pertaining to the Company’s Data Protection Policy.

Corporate Data Protection Policy

7. The Company and the Staff will at all times respect the confidentiality of the Personal Information placed in its care. The Company will endeavour to ensure that the policies affecting the collection, storage and disclosure of Personal Information reflect the confidential nature of the information.

8. The Company will comply will applicable privacy legislation and regulations in force now and in the future related to protecting the confidentiality of Personal Information.

Purposes for which Personal Information is collected

9. Personal Information will be collected, used and disclosed for purposes pertaining to the Individual’s employment relationship with the Company, including but not limited to the administration of employee hiring, performance reviews, the administration of employee payroll, processing of employee benefit claims, and for the purpose of complying with all applicable labour and employment legislation.

10. The purposes for collecting Personal Information will be documented by the Company. Personal Information will only be used for the stated purpose or purposes for which it was originally collected. The purposes for which Personal Information is being collected will be identified orally or in writing to the Individual before it Is collected. The person collecting the information will be able to explain the purpose at the time that the information is collected.

11. The Company may use Personal Information for a purpose other than the originally stated purpose where the new purpose is required by law or where the Company has obtained consent in writing from the affected Individual for each new purpose.

Knowledge and Consent

12. Knowledge and consent are required from the affected Individual for the collection, use and disclosure of all Personal Information subject to exceptions noted elsewhere in the Data Protection Policy statement.

13. Consent will not be obtained through deception or misrepresentation.

14. Any use or disclosure of Personal Information will be within the reasonable expectations of the Individual.

15. Subject to legal and contractual obligations, an Individual may withdraw their
consent on reasonable notice.

Legislation and Regulation

16. The Company is subject to the data protection legislation in all jurisdictions in which the Company operates. If any covenant or provision of this agreement is determined to be void or unenforceable in whole or in part, it is the intent of this Data Protection Policy that the scope of the rights and obligations of the Data Protection Policy be reduced only for the affected jurisdiction and only to the extent deemed necessary under the laws of the local jurisdiction to render the provision reasonable and enforceable and the remainder of the provisions of the Data Protection Policy statement will in no way be affected, impaired or invalid as a result.

17. Where this Data Protection Policy provides greater rights and protections to the Individual than the available governing law, the terms of this Data Protection Policy will prevail wherever allowed by law.

Scope and Application

18. The rights and obligations described in this Data Protection Policy will apply to all Individuals. The Company and the Staff must comply with the policies, procedures and practices described in the Data Protection Policy.

Collection of Personal Information

19. The type and amount of Personal Information collected by the Company will be limited to the minimum necessary to accomplish reasonable business purposes. Personal Information will not be collected maliciously, indiscriminately or without a reasonable business purpose.

20. Personal information will be collected using fair and lawful means.

Access by Authorised Company Representatives

21. All Personal Information will be released internally only on a need-to-know basis. In the course of normal and reasonable business practices it is the policy of the Company to grant designated Company representatives’ access to Personal Information files. This access will not exceed that necessary to accomplish the specific business function of the Company representative nor the purpose for which the information was originally collected.

Accuracy of Personal Information

22. The Company will endeavour to ensure that all Personal Information collected is accurate and validated using reasonable business practices and procedures. The Company is also committed to ensuring that the Personal Information remains accurate for the purpose for which it was collected.

Rights of Access and Correction

23. The Company will make reasonable efforts to ensure that Personal Information is at all times complete and accurate for its stated purpose.

24. An Individual may apply for access to their Personal Information by submitting a request in writing along with adequate proof of identity to an authorised personnel officer. Where the application is made in person the requirement for proof of identity will be at the discretion of the personnel officer. The Individual will be provided with a copy of all available information that is not subject to restriction as described in this Data Protection Policy. All Personal Information and Medical Information will be provided at no cost.

25. The Company will also provide a specific summary of how the Personal Information has been used and to whom it has been disclosed. Where a detailed account of disclosure is not available, the Company will provide a list of organisations to which the Personal Information may have been disclosed.

26. The Personal Information disclosed to an Individual must be in a form that is reasonable and understandable. Where the meaning of information is not clear then translations and explanations will be provided without additional

Use and Disclosure of Personal Information

27. The Company and the Staff will keep confidential all Personal Information in its control except where one or more of the following conditions apply:
a) Where the Individual who is the subject of disclosure has provided written consent.
b) Where the disclosure is in accord with the purposes for which the Personal Information was originally collected.
c) Where the disclosure is for the purpose of providing employment references to prospective employers and where the Personal Information disclosed is limited to information considered reasonably necessary for the purpose of providing employment references.
d) Where the Company is permitted or required to do so by applicable legislation or regulation.
e) Where the disclosure is directed to health benefit providers and where the purpose of the disclosure is in accord with the purposes for which the Personal Information was originally collected.
f) Where the disclosure is required by authorized government representatives who are acting to enforce any federal or state law or carrying out an investigation relating to the enforcement of any federal or state law or gathering information for the purpose of enforcing any federal or state law.
g) Where the Company is required to comply with valid court orders, warrants or subpoenas or other valid legal processes and
h) In an emergency to protect the physical safety of any person or group of persons.

Retention and Disposal or Personal Information

28. Any Personal Information collected by the Company will be retained by the Company during the period of active employment of the Individual as well as during the post-employment period only as long as the Personal Information is required to serve its original purpose or as directed by applicable legislation or regulation.

29. Personal Information that is no longer needed its stated purpose will be destroyed, erased or made anonymous.

30. The Company will ensure that all practices and procedures relating to the disposal of Personal Information will respect the fundamental policy of confidentiality. All Personal Information disposal procedures, including the disposal of computerised data storage devices, will ensure the complete destruction of Personal Information so that there will be no risk of subsequent unauthorised disclosure of Personal Information.

Deceased Individuals

31. The rights and protections of the Company’s Privacy Policies will extend to deceased Individuals.

Knowledge of Unauthorised Disclosure

32. Responsibility for the security of Personal Information is a responsibility that the Company holds in very serious regard. Any Staff having knowledge of an impeding unauthorised disclosure, whether intentional or unintentional, and who fail to act to prevent the unauthorised breach will be subject to sanction as described in the Enforcement section of this document including the immediate dismissal of the offending Staff.

Enforcement

33. All Staff having care over Personal Information must comply with the policies, procedures and practices described in the Data Protection Policy. Any breach of any term or condition of this Data Protection Policy, whether intentional or unintentional, including but not limited to the unauthorised disclosure of Personal Information is grounds for disciplinary action up to and including the immediate dismissal of any and all responsible Staff. Any breach of any term or condition of this Data Protection Policy, whether intentional or unintentional, is grounds for dismissal with cause.

© 2021 M Recruitment