AMORIA BOND & GDPR – information for Clients

Amoria Bond takes data privacy very seriously and has invested a lot of time making sure that we comply with the General Data Protection Regulation (GDPR). We have received enquiries from some clients asking us what actions we have taken to comply with GDPR legislation.

So here is an overview to let you know how we think GDPR impacts upon the transfer of personal data between you and us and what we do to protect that personal data, fully taking in account the rights and freedoms of the individuals (data subjects) whose data we hold.

We and you (our clients) share and process personal data relating to candidates who engage with Amoria Bond for recruitment & employment agency services. Whilst we collect and store personal data on the lawful basis of our own commercial Legitimate Interest, when this personal data is shared with you (e.g. a candidate CV where the individual is identifiable) it is done so on the basis of Legitimate Interest.

Impact of GDPR

(a) Transfer and processing of personal data (lawful basis)

When we transfer personal data to you we assume that you are acting as a Data Controller. As you will be aware, GDPR requires that you therefore must have a lawful basis for collecting, storing or transferring that data and that might be, for example, “legitimate interest”, “consent” or “performance of a contract”.

When we receive personal data we also act as a Data Controller because we will, for example, collect & process CV’s, qualify candidates and market our services to the candidates.  Again, GDPR makes it our obligation to ensure that we have a lawful basis for the different types of processing that we undertake.

This is further defined in our Privacy notice here

(b) Complying with Data Subjects’ rights & requests

Amoria Bond employees receive training on data protection and are required to adhere to company policies and procedures to ensure data security and that we respond in a timely and correct way to Data Subject requests. These include but are not limited to; the right to Object, the right to Erasure, the right to Rectification and the right of Access.

This is further defined in our Privacy notice here

(c) Transparency

We will be transparent with our candidates about where we have received their data from. We will convey this information both through our telephone conversations with candidates and through our Privacy Notice. We strongly believe that it is best practice and will reduce the risk of complaints if you also make it clear to Amoria Bond if you intend to share the personal data of the candidates we provide to you with any other third party (for example a RPO organisation)  

(d) Security

We will continue to review our organisational measures to keep personal data secure and we will always seek to maintain the confidentiality, integrity and accessibility of personal data. Our contracts with our I.T providers have been reviewed and we are satisfied that they provide adequate levels of data security in order to comply with the requirements of the GDPR. Both of our I.T. providers are certified by the British Standards Institution in accordance with ISO27001.

Further detail on our levels of I.T. security can be found in our Privacy Notice here

(e) Data Retention Policy

Amoria Bond will remove candidate data from our database after a 5 year period of inactivity.

This is further defined in our Privacy notice here

When we share personal information with you, the GDPR requires that this data is kept ‘for no longer than is necessary’. Amoria Bond would deem this period of time to include the time it takes you to fill your vacancies and the period of time Amoria Bond can claim ‘ownership’ of the candidate CV, otherwise referred to as an ‘introduction’ in our terms of business – this is normally defined as 12 months from the date that the candidates CV was submitted for your vacancy.

GDPR Statement:

As required by the GDPR principles of fair, transparent and lawful processing, Amoria Bond’s data processing complies with legislation in the following way:

The personal data of our Candidates is collected stored and shared with Third Parties on the lawful basis of legitimate interest;

To process Candidate data that is provided by Amoria Bond, if appropriate, Clients may wish to rely on their own lawful basis and must ensure that personal data is stored securely, not shared with any other third parties or intermediaries and not kept for longer than is necessary;

The Client, or the Client’s Intermediary, shall process Candidate data it receives from Amoria Bond solely for the purposes of filling a specified vacancy only.

(f) Our relationship with you

GDPR does not require a formal contractual relationship where personal data is moving between ‘Data Controllers in common’. However, we hope that you have confidence in the thorough approach that Amoria Bond has taken and will continue to take towards GDPR compliance.

Whilst GDPR places additional responsibilities upon all of us, Amoria Bond also believe this provides a platform to drive best practice in the recruitment industry. Through our actions we aim to demonstrate to our clients and candidates that we take the security of personal data very seriously - whilst still being able to offer an effective, efficient and GDPR compliant recruitment service.

If you have any other questions, feel free to get in touch or alternatively you can read our full Privacy notice here