This policy sets out how JMK Group UK is committed to protecting your personal information in accordance with the Data Protection Act 2018 (DPA 2018) and the EU General Data Protection Regulation (GDPR).

DATA PROTECTION
The DPA 2018 sets out the framework for data protection law in the UK. It sits alongside the GDPR and tailors how the GDPR applies in the UK. Together, these laws protect personal data relating to identified or identifiable individuals.

DATA CONTROLLERS AND PROCESSORS

Data controllers are the main decision makers who exercise control over the purposes and means of processing data. Data processors act on behalf of, and only on the instructions of, the relevant controller. Both controllers and processors have certain obligations in respect of data protection and supervisory authorities can hold both parties to account if they fail to comply.

JMK Group UK is the data controller for any personal information supplied to us in relation to enquiries about our products, services and when registering as a client or candidate, unless otherwise stated.

THE PRINCIPLES
The GDPR sets out seven key principles and these principles lie at the heart of our approach to processing data. The actions taken by JMK Group UK in respect of each of the principles is set out below:

1. Lawfulness, fairness and transparency

– We have identified an appropriate lawful basis for our processing.
– If we are processing special category data, we have identified a condition for processing this type of data.
– We don’t do anything generally unlawful with personal data
– We have considered how the processing may affect the individuals concerned and can justify any adverse impact.
– We only handle people’s data in ways they would reasonably expect, or we can explain why an unexpected processing is justified.
– We do not deceive or mislead people when we collect their personal data.
– We are open and honest and comply with the transparency obligations.

2. Purpose limitation

– We have clearly identified our purpose or purposes for processing.
– We have documented those purposes
– We include details of our purposes in our privacy information for individuals.
– We regularly review our processing and, where necessary, update our documentation and privacy information for individuals.
– If we plan to use personal data for a new purpose other than a legal obligation or function set out in law, we check that this is compatible with our original purpose or we get specific consent for the new purpose.

3. Data minimisation

– We only collect personal data we need for our specified purposes.
– We have enough personal data to properly fulfil those purposes.
– We periodically review the data we hold and delete anything we don’t need.

4. Accuracy

– We ensure the accuracy of personal data we create.
– We have appropriate processes in place to check the accuracy of the data we collect, and we record the source of that data.
– We have a process in place to identify when we need to keep the data updated to properly fulfil our purpose, and we update it as necessary.
– If we need to keep a record of a mistake, we clearly identify it as a mistake.
– Our records clearly identify any matters of opinion, and where appropriate whose opinion it is and any relevant changes to the underlying facts.
– We comply with the individuals right to rectification and carefully consider any challenges to accuracy of the personal data.
– As a matter of good practice, we keep a note of any challenges to the accuracy of the personal data.

5. Storage limitation

– We know what personal data we hold and why we need it.
– We carefully consider and can justify how long we keep personal data.
– We have a policy with standard retention periods where possible, in line with documentation obligations.
– We regularly review our information and erase or anonymise personal data when we no longer need it.
We have appropriate processes in place to comply with individuals’ requests for erasure under the “right to be forgotten”.
– We clearly identify any personal data that we need to keep for public interest archiving, scientific or historical research, or statistic purposes.

6. Integrity and confidentiality (security)

– We have appropriate security measure in place to protect the personal data that we hold.

7. Accountability

– We take responsibility for what you do with personal data and comply with the other principles.
– We have appropriate measures and records in place to demonstrate our compliance.

THE LAWFUL BASIS FOR PROCESSING YOUR DATA
The lawful basis for our processing activities are as follows:

• Consent. Where we have received your consent, either where we have asked for your consent before undertaking a specific activity, or where you have specifically asked us to undertake a specific activity thereby giving your consent;
• Contract. Where we must do so to perform a contract with have with you, either a contract for services or contract of employment;
• Legal obligation. Usually in respect of reporting, compliance with regulators, and our legal obligations as an employer.

YOUR RIGHTS

Individuals have certain rights in respect of their data. These rights are:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

This policy should be read in conjunction with our Privacy Policy which explains how JMK Group UK collects and uses personal data. This policy can be found on our website or can be sent to you by post or email at your request.

Where JMK Group UK is the data controller you are entitled to the following subject to some legal exemptions: –

• request a copy of the personal information of which you are the data subject (“subject access request”)
• to have any inaccuracies corrected
• to have your personal data erased
• to place restrictions on us processing your data
• to object to processing
• to request your data to be ported (data portability)

You can object or withdraw your consent to the use of your personal information at any time. This may affect the services we are able to supply you.

If you have any questions about this policy or our data protection practices generally, or to request a copy of your personal information, please contact JMK Group UK on 01895 447800 or compliance@jmkgroupuk.com. Alternatively, you can write to us at: –

Data Protection Officer
JMK Group UK
Highbridge House
93-96 Oxford Road
Uxbridge