Effective Date:  30/9/23

At Harper HR, we are committed to protecting and respecting your privacy in compliance with the EU General Data Protection Regulation (GDPR). This GDPR Compliance Statement outlines our practices regarding the collection, use, storage, and protection of personal data. We ensure that all personal data is processed lawfully, fairly, and transparently in accordance with GDPR standards.

1. Data Controller

Harper HR is the Data Controller responsible for your personal data. If you have any questions regarding how we handle your data, or to exercise your rights under GDPR, you can contact us at contact@harperhr.com.

2. Personal Data We Collect

In the course of providing our HR services, we may collect and process the following categories of personal data:

• Personal Identification Information: Name, address, email address, phone number, and other contact details.
• Employment Information: Job history, qualifications, CV/resume details, salary, and employment preferences.
• Other Data: Any additional personal information you provide, such as communication preferences or feedback.

3. Lawful Basis for Processing

We ensure that the processing of your personal data is done on a lawful basis, as required by the GDPR. The lawful grounds for processing personal data at Harper HR include:

• Consent: Where you have provided clear consent for us to process your personal data for specific purposes.
• Contractual Necessity: Where the processing is necessary for the performance of a contract, such as recruitment services or HR consulting.
• Legal Obligation: When processing is required to comply with legal obligations.
• Legitimate Interests: Where processing is necessary for the legitimate interests pursued by Harper HR, provided those interests are not overridden by your rights and freedoms.

4. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request access to the personal data we hold about you.
• Right to Rectification: You have the right to request corrections to inaccurate or incomplete personal data.
• Right to Erasure: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.
• Right to Restrict Processing: You can ask us to restrict the processing of your data under certain conditions.
• Right to Data Portability: You can request that your data be provided in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your data for direct marketing purposes or in certain circumstances where we process your data based on legitimate interests.
• Right to Withdraw Consent: You may withdraw your consent to data processing at any time where processing is based on consent.

To exercise any of these rights, please contact us at contact@harperhr.com. We will respond to your request within the timeframes required by GDPR, typically within one month.

5. Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or disclosure. These measures include secure data storage and encryption where applicable. Despite our best efforts, no data transmission over the internet is entirely secure, and we cannot guarantee the absolute security of your information.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations. Once personal data is no longer required, we ensure it is securely deleted or anonymized.

7. International Data Transfers

Where necessary, personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we will ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or other mechanisms that comply with GDPR requirements.

8. Third-Party Data Processors

We may share personal data with trusted third-party service providers who process data on our behalf, such as IT service providers, recruitment software providers, or background check agencies. These third parties are required to comply with GDPR and adhere to strict confidentiality and data protection standards.

9. Data Breaches

In the event of a data breach, we will take immediate steps to mitigate the damage and assess the risk to your personal data. If necessary, we will notify the relevant supervisory authority and affected individuals as required by GDPR.

10. Contact Information

If you have any questions about this GDPR Compliance Statement or wish to exercise your rights, please contact us at:   contact@harperhr.com

For further information or to lodge a complaint, you may also contact your local data protection authority.