Information Security and Data Protection Policy

1. Overview

  1. The company is committed to protecting the privacy of existing and prospective candidates, clients and employees and follows the regulations in the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).
  2. Project Partners is registered under the Data Protection Act 2018 as part of the Hydrogen Group. Our registration numbers are:
    Hydrogen Group plc: Z9443309
  3. All client and candidate data are stored in a secure cloud-based system only accessible via Project Partners’ secure network. All Personal Data is accessible to the wider business. For Special Personal Data, only members of the Compliance Team will be able to view this information with client/candidate’s prior written consent.
  4. We always offer clients and candidates the opportunity to opt out/unsubscribe or manage their communication preferences via our Preference Centre, or be removed from our database e.g. for a request for erasure / right to be deleted. We inform all candidates that personal data is never submitted to a third party unless prior confirmation has been given e.g. a candidate is first asked about a job opportunity before we forward details for interview.


2. Monitoring the Policy

  1. We have a dedicated team responsible for the day-to-day management of data. This team monitors employee usage to ensure our guidelines are being upheld including email monitoring to prevent anyone sending personal data out of the company and printing is regularly audited, again to prevent users from taking hard copies of data off company premises.
  2. All employees are advised and trained on the company’s Data Protection policy when they join the organisation. We regularly review all internal policies and processes to ensure that we fully adhere to legislative changes and all employees receive advice and guidelines when amendments are made.


3. Your rights

The GDPR provides you with the following rights. To:

  1. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  2. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask Information Security and Data Protection Policy us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  3. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  4. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  5. Request the transfer of your personal information to another party in certain formats, if practical.
  6. Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/.
  7. The Act and the GDPR give you the right to access information held about you. Your right of access can be exercised in accordance with the Act (and the GDPR once it is in force). Prior to 25th May 2018 any access request under the Data Protection Act will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. A subject access request should be submitted to info@project-partners.local. No fee will apply once the GDPR comes into force.


4. Third Party Processors

Project Partners may select partners and service providers to process personal information about individuals on our behalf as described below:

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

Project Partners
How can we help your business?

Free, impartial advice on business transformation

bp logo
Al Rayan Bank
takeda logo