Policy Statement on Privacy and Data protection

Purpose

The Recruitment Group (TRG) recognises the importance of having effective and meaningful privacy protections in place when it collects, uses, and discloses Personal Information.

These protections are necessary to instil confidence in The Recruitment Group whose employees may process Personal Information to TRG and are themselves subject to local privacy and data protection laws, as well as to ensure TRG’s own compliance with such laws.

TRG does apply protective measures when handling Personal Information under its control or in its possession, both from a regulatory compliance and commercial perspective.

The purpose of this Policy Statement on Privacy and Data Protection (“Policy”) is to establish privacy standards applicable throughout the business. In addition to the Policy, TRG will comply with more restrictive local privacy and data protection laws or standards that apply.

Scope

This Policy applies to the collection, use, and disclosure of Personal Information by TRG or authorized third- party agents in any format, including electronic, paper, or verbal.

TRG may develop more detailed guidance or procedures to address discrete privacy concerns involving individual TRG projects, activities, or initiatives, as appropriate.

Where TRG personnel are unsure whether information qualifies as Personal Information under the Policy, they should consult Stacy Bone (DPO).

Definitions

For purposes of the Policy, the following terms and definitions should apply:

Personal Information

Information that on its face or in combination with other information in TRG control or possession identifies an individual, regardless of the format in which it is displayed (Paper, electronic, etc.). This could include information, such as name and contact details, and other work-related, of persons representing existing or potential TRG members, persons responding to TRG surveys and research tools, persons representing TRG or vendors, and / or persons submitting information to TRG online.

This Policy Statement supersedes any previous policy of TRG concerning Privacy and Data Protection. In the event of any conflict or inconsistency between this Policy Statement and any other materials previously distributed by TRG this Policy Statement governs.

Personal Information excludes information that TRG cannot reasonably attribute to an individual or could only attribute to an individual after expending disproportionate effort or expense or information that has been aggregated or rendered anonymous through the application of coding or other similar techniques.

Sensitive Personal Information

Personal Information pertaining to an individual’s race, ethnic origin, health, sexual orientation, religious, philosophical, or political beliefs, commission of criminal offences, or other information that has been expressly designated as such under local laws applicable to TRG or its clients.

Policy

1. Legitimate and Fair Use

TRG will only collect, use, or disclose Personal Information by lawful and fair means, in accordance with applicable laws, and fully observing the legal rights of individuals. TRG will only obtain or use Personal Information to fulfil TRG legitimate business purposes, such as (but not limited to) evaluating applications for employment with TRG (including any of its individual programs), maintaining TRG accounts, maintaining regular communications with TRG contractors, complying with applicable legal and regulatory requirements, and protecting TRG legal rights and interests.

TRG will use the minimum amount of Personal Information necessary to accomplish its business objectives. TRG prohibits any unauthorised use of Personal Information by TRG personnel or its agents.

2. Notice to Individuals

TRG strives to ensure that its collection and use of Personal Information remains transparent to the relevant individuals. TRG takes reasonable steps to supply individuals with an appropriate form of notice to inform them about the purposes for which TRG collects and uses the Personal Information, how to contact TRG if the individual has any issues or concerns about TRG use of the Personal Information, third parties with whom TRG shares the Personal Information and the choice and means TRG offers individuals for limiting the use and disclosure of the Personal Information, unless the notice would be impracticable or impossible under the circumstances.

Notices can be provided in plain language, take a written form, and be supplied to individuals before their Personal Information is first collected or, if that is not possible, as soon as practicable thereafter. TRG has decide the appropriate mechanism for imparting notice considering the relationship with the relevant individual, the circumstances under which the Personal Information is collected, and other relevant factors. For the avoidance of doubt:

• Where TRG obtains Personal Information from individuals by means of an application, TRG will include within the documentation where appropriate, written notices.
• Where the business captures Personal Information by means of surveys, questionnaires, and related research tools, TRG should include within the surveys and tools appropriate written notices and only proceed to collect and use the personal Information captured via such devices where the respondent has agreed to such processing.
• Where TRG obtains Personal Information from individuals online, TRG should provide such individuals with an appropriate form of notice that considers how the Information is collected, which may take the form of an online privacy statement, policy, or other informational disclosures.

3. Individual Choice

TRG believes individuals should be able to decide how the company collects and uses their Personal Information to the greatest extent possible.

Whenever possible or required by law, TRG should obtain the consent of an individual before collecting or processing their Personal Information and, where an individual withholds or later withdraws their consent, respect their indicated wishes.

TRG will strive to obtain the consent of individuals where TRG collects and processes Sensitive Personal Information, while recognising it may in some instances be necessary to process such information to protect adequately TRG legal rights and interests.

When seeking an individual’s consent, TRG should provide the individual with enough information to allow the individual to make an informed decision, allow the individual to later withdraw their consent, and refrain from penalizing the individual for withholding their consent.

For the avoidance of doubt:

• TRG does ensure that any surveys, questionnaires, and related research tools capturing Personal Information contain a mechanism for securing the consent of the respondent, and that the relevant individual has affirmatively indicated their consent.
• TRG allows individuals to decide whether their Personal Information will be used for other purposes besides those appearing in any notices furnished to the individual, other than where necessary to protect TRG legal rights and interests.
• TRG respects an individual’s decision not to receive marketing and promotional communications from TRG.

4. Information Integrity

TRG will only use Personal Information in accordance with any notices provided to or consents obtained from individuals and should not later process Personal Information for any additional, incompatible purposes unless it has re-notified the individual or were required or expressly permitted by law. TRG should only collect Personal Information that is relevant considering the business purposes the Personal Information is meant to serve and employ reasonable means to keep the Personal Information accurate, complete, up-to-date, and reliable. TRG materials and forms used to collect Personal Information should be prepared in such a manner that only pertinent Personal Information is captured.

5. Information Security

TRG has implemented appropriate administrative, technical, and organisational measures, to safeguard the Personal Information under its control or in its possession against loss, theft, misuse, unauthorised access, modification, disclosure, or destruction.

TRG does ensure that any Sensitive Personal Information it holds is subject to safeguards reflecting the correspondingly greater harm that would arise from its unauthorised use or disclosure. TRG will only retain Personal Information for so long as reasonably required to serve legitimate business needs and the Personal Information subsequently should be anonymised, deleted, or destroyed. TRG does restrict access to Personal Information to TRG personnel or third-party Agents.

TRG will only disclose Personal Information to third-party agents who expressly agree to and can protect the Personal Information to the same degree as TRG. In the event TRG learns or reasonably believes that a third-party agent is failing to apply adequate privacy protections to the Personal Information, TRG will take immediate steps to rectify the situation.

6. Information Access and Correction

TRG will allow individuals to review in an intelligible format the Personal Information that TRG holds relating to them unless such access would be inappropriate or unnecessary. Instances where access may legitimately be denied include such access that would materially prejudice TRG legitimate business interests or legal rights, adversely affect the privacy rights of third party. Where access is refused, TRG will endeavour to inform individuals as to the reasons for the denial. If individual evidence to TRG satisfaction that their Personal Information is inaccurate or incorrect, TRG will promptly correct or amend the relevant Personal Information.

7. Disclosures to Third Parties

TRG places substantial importance on protecting the confidentiality of Personal Information. For that reason, TRG will inform individuals whenever their Personal Information may be disclosed to non-agent third parties, if practicable. TRG will not disclose Personal Information to non-agent third parties except where it serves a legitimate business purpose and where reasonable assurances are given that the personal Information will be legitimately processed and appropriately protected.

8. International Transfers of Personal Information

Prior to the international transfer of Personal Information, TRG will implement any additional measures that are required under any applicable laws regulating such transfer and only transfer Personal Information in furtherance of TRG own legitimate business needs.

9. Compliance

TRG maintains an active program to ensure compliance with and maintain awareness about this Policy. All TRG personnel and third-party agents are required to adhere to this Policy and any associated or supporting policies. Failure to do so may be grounds for disciplinary action-up to and including termination.

10. Enforcement & Complaint Resolution

TRG is committed to assisting individuals in protecting their privacy and in providing opportunities to raise concerns about the processing of their Personal Information. Complaints relating to this Policy should be raised with Compliance.