Data controller: HRVitals
Data protection officer:
You can contact the Data protection officer via firstname.lastname@example.org
The organisation collects and processes personal data relating to its clients and contractors to manage its relationship with them. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
At every opportunity, anonymity is used, and person data is restricted to the essential requirements to fulfil the duties of HRVitals.
What information does the organisation collect?
The organisation collects and processes a range of information about the client, the client's organisation, and the client's employees. This includes:
The organisation collect this information in a variety of ways. For example, data is collected through telephone conversations, meetings, emails and forms completed throughout your engagement.
The organisation seeks information from third parties with your consent only. No information is sold to third parties.
Data is stored in a limited range of places, including in the organisation's HR management systems and in other IT systems. This is inline with GDPR and professionally reviewed quarterly to provide a high level of protection.
Why does the organisation process personal data?
HRVitals needs to process data to enter into an engagement with you and to meet its obligations under the contractual arrangements between us.
For example, it needs to process your data to provide you with a consultant agreement.
In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the consultant engagement.
Processing data allows the organisation to:
HRVitals does not process special categories of personal data.
Who has access to data?
Your information will not be shared internally, unless it is with another consultant who will be working with you, or the accountant who will only access data of business transactions. The organisation will not transfer your data to countries outside the European Economic Area. The organisation will not share your information with external organisations, third parties, without your written consent.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
The organisation does not engage with third parties to process personal data on its behalf.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your engagement as a customer. The periods for which your data is held after the end of your engagement are agreed with you at the end of the customer agreement.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact email@example.com.
If you believe that the organisation has not complied with your data protection rights, you can report this to firstname.lastname@example.org.