Information Security and Data Protection Policy

1. Overview

  1. The company is committed to protecting the privacy of existing and prospective candidates, clients and employees and follows the regulations in the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).
  2. Project Partners is registered under the Data Protection Act 2018 as part of the Hydrogen Group. Our registration numbers are:
    Hydrogen Group plc: Z9443309
  3. All client and candidate data are stored in a secure cloud-based system only accessible via Project Partners’ secure network. All Personal Data is accessible to the wider business. For Special Personal Data, only members of the Compliance Team will be able to view this information with client/candidate’s prior written consent.
  4. We always offer clients and candidates the opportunity to opt out/unsubscribe or manage their communication preferences via our Preference Centre, or be removed from our database e.g. for a request for erasure / right to be deleted. We inform all candidates that personal data is never submitted to a third party unless prior confirmation has been given e.g. a candidate is first asked about a job opportunity before we forward details for interview.

2. Monitoring the Policy

  1. We have a dedicated team responsible for the day-to-day management of data. This team monitors employee usage to ensure our guidelines are being upheld including email monitoring to prevent anyone sending personal data out of the company and printing is regularly audited, again to prevent users from taking hard copies of data off company premises.
  2. All employees are advised and trained on the company’s Data Protection policy when they join the organisation. We regularly review all internal policies and processes to ensure that we fully adhere to legislative changes and all employees receive advice and guidelines when amendments are made.

3. Your rights

The GDPR provides you with the following rights. To:

  1. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  2. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask Information Security and Data Protection Policy us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  3. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  4. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  5. Request the transfer of your personal information to another party in certain formats, if practical.
  6. Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/.
  7. The Act and the GDPR give you the right to access information held about you. Your right of access can be exercised in accordance with the Act (and the GDPR once it is in force). Prior to 25th May 2018 any access request under the Data Protection Act will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. A subject access request should be submitted to info@project-partners.local. No fee will apply once the GDPR comes into force.

4. Third Party Processors

Project Partners may select partners and service providers to process personal information about individuals on our behalf as described below:

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.



5. Modern Slavery Statement

Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person’s liberty by another in order to exploit them for personal or commercial gain. 

Project Partners has a zero-tolerance approach to modern slavery, and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains. 

We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the Modern Slavery Act 2015. 

We expect the same high standards from all of our contractors, suppliers and other business partners, and as part of our contracting processes, in the coming year we will include specific prohibitions against the use of forced, compulsory or trafficked labour, or anyone held in slavery or servitude, whether adults or children, and we expect that our suppliers will hold their own suppliers to the same high standards. 

This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners. 

This policy does not form part of any employee’s contract of employment and we may amend it at any time. 

Responsibility for the policy 

The Company has overall responsibility for ensuring this policy complies with our legal and ethical obligations, and that all those under our control comply with it. 

The Company has primary and day-to-day responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering modern slavery. 

Management at all levels are responsible for ensuring those reporting to them understand and comply with this policy and are given adequate and regular training on it and the issue of modern slavery in supply chains. 

You are invited to comment on this policy and suggest ways in which it might be improved. Comments, suggestions and queries are encouraged and should be addressed to the Managing Director. 

Compliance with the policy 

You must ensure that you read, understand and comply with this policy. 

The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control. 

You are required to avoid any activity that might lead to, or suggest, a breach of this policy. 

You must notify your line manager OR a company Director as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. 


Project Partners
How can we help your business?

Free, impartial advice on business transformation

bp logo
Al Rayan Bank
takeda logo