Data Safety Policy

1. Purpose

The purpose of this Data Safety Policy is to ensure that all data collected, processed, and stored by the recruitment company is handled securely, in compliance with relevant data protection laws and best practices. This policy is designed to safeguard the confidentiality, integrity, and availability of candidate, client, and organizational data throughout its lifecycle, from collection to disposal.

2. Scope

This policy applies to:

• All personal data of job candidates, clients, employees, and contractors.
• Data collected, stored, processed, or transmitted during the recruitment and hiring process.
• Any electronic or physical records containing personal, sensitive, or confidential information.

This policy is applicable to all employees, contractors, and third-party service providers who access or handle data within the recruitment process.

3. Data Protection Principles

We adhere to the following core principles to ensure the safe and compliant handling of data:

• Lawfulness, Fairness, and Transparency:
  We will ensure that all data is collected lawfully, processed fairly, and transparently. Candidates and clients will be informed of the purposes for which their data is collected and how it will be used.
• Data Minimization:
  We will only collect and retain data that is necessary for the recruitment process and that serves a legitimate business purpose. Unnecessary data will not be collected or retained.
• Accuracy:
  We will take reasonable steps to ensure that all personal data is accurate and up to date. Candidates will have the opportunity to review and correct any information if needed.
• Storage Limitation:
  Personal data will not be kept longer than necessary for the recruitment process or required by law. We will establish data retention schedules and securely dispose of data once it is no longer required.
• Confidentiality and Integrity:
  Personal and sensitive data will be protected against unauthorized access, disclosure, or alteration. Adequate security measures will be implemented to preserve the integrity and confidentiality of the data.
• Accountability:
  We are responsible for ensuring compliance with this policy, including the proper management and handling of data.

4. Types of Data Collected

The recruitment company collects various types of data in relation to candidates and clients, including:

• Personal Identification Information: Name, address, contact details, date of birth, nationality.
• Employment and Education History: CVs, resumes, reference letters, certifications, and qualifications.
• Recruitment Data: Application forms, interview notes, job preferences, and job search activity.
• Sensitive Data: Health information, background checks, or other personal data collected with explicit consent where required.

 

5. Data Collection and Use

Candidate Data:

• We collect personal and professional details during the application and recruitment process. Data collected will only be used for recruitment-related purposes, such as screening, assessment, and job placement.

Client Data:

• We collect data from employers regarding job vacancies, hiring needs, and business requirements. Client data is used to match candidates to appropriate job roles and to maintain business relationships.

Employee Data:

• • Employee data is collected as part of employment records, including payroll, performance evaluations, and compliance documentation.

6. Data Security Measures

To protect data from unauthorized access, disclosure, alteration, and destruction, we implement the following security measures:

Encryption:

• All sensitive data, both in transit and at rest, will be encrypted to prevent unauthorized access.

Access Controls:

• Access to personal and sensitive data is restricted to authorized personnel only. Role-based access controls (RBAC) are implemented to ensure that employees only access data necessary for their job responsibilities.

Password Protection and Multi-Factor Authentication (MFA):

• Strong password protocols and MFA will be required to access systems that store sensitive data, including databases and recruitment platforms.

Firewalls and Antivirus Protection:

• Network security measures, such as firewalls and antivirus software, will be employed to defend against cyber threats and ensure that systems remain secure.

Regular Audits:

• Regular security audits and risk assessments will be conducted to ensure compliance with data safety protocols and to identify vulnerabilities that need addressing.

Physical Security:

• • Offices and data storage areas will have appropriate physical security measures, such as restricted access, secure storage, and surveillance.

7. Data Sharing and Third-Party Processing

Third-Party Services:

• When engaging third-party service providers (e.g., background check agencies, recruitment platforms, payroll services), we will ensure that they comply with the same data protection standards. Contracts with third parties will include provisions for data safety, confidentiality, and compliance with relevant laws.

Data Transfers:

• If candidate or client data is transferred across borders (e.g., from one country to another), we will ensure that such transfers comply with applicable data protection laws, including ensuring adequate safeguards are in place to protect the data.

8. Data Retention and Disposal

Data Retention:

• Personal data will only be retained for as long as necessary for the recruitment process, or for any other legitimate business purpose. Retention periods will be established and regularly reviewed.

Data Disposal:

• Once personal data is no longer required, it will be securely disposed of. For electronic data, this may involve deleting or de-identifying files, while physical documents will be shredded or otherwise destroyed.

Candidate and Client Rights

Access and Correction:

• Candidates and clients have the right to access the personal data we hold about them. If any information is inaccurate, they have the right to request corrections.

Consent:

• Consent will be obtained from candidates before collecting sensitive data. Candidates will be informed of the specific purposes for which their data will be used, and they can withdraw their consent at any time.

Data Portability:

• Candidates have the right to request that their data be transferred to another organization in a structured, commonly used, and machine-readable format, where applicable.

Right to Erasure:

• Candidates and clients can request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, subject to legal obligations.

10. Incident Response and Reporting

Data Breach Procedures:

• In the event of a data breach, we have an established incident response plan that includes prompt reporting, investigation, and remediation. We will notify affected individuals and regulatory bodies as required by law.

Employee Reporting:

• Employees must immediately report any suspected data breach or security vulnerability to the Data Protection Officer (DPO) or designated person responsible for data security.

11. Compliance with Legal and Regulatory Requirements

We will comply with all applicable data protection laws and regulations, including but not limited to:

• General Data Protection Regulation (GDPR) (for operations in or with the European Union)
• California Consumer Privacy Act (CCPA)
• Health Insurance Portability and Accountability Act (HIPAA) (if relevant)
• Local data protection laws, such as those in Saudi Arabia, the UAE, or other jurisdictions.

12. Employee Responsibilities

Training:

• All employees will receive regular training on data protection policies, procedures, and best practices for data safety.

Compliance:

• Employees are required to comply with the principles set forth in this Data Safety Policy. Any breaches or lapses in data protection must be reported and addressed promptly.

13. Review and Updates

This policy will be reviewed annually or when significant changes occur, such as changes in applicable laws or technologies. Updates will be communicated to all employees, contractors, and relevant third parties.

By adhering to this Data Safety Policy, we aim to ensure the protection of personal, sensitive, and organizational data, maintain trust with our candidates, clients, and partners, and comply with all relevant data protection regulations.