Data Protection Policy Statement, GDPR, Security
HRLocker has implemented this policy statement to provide guidance to all interested parties on our approach to managing personal information throughout our organization, with full consideration for our obligation toward relevant data protection legislation, including EU-GDPR. The company management system has been developed to include appropriate measures determined by the ISO 27001 Standard, to which we are certified. Where appropriate, HRLocker has determined specific mechanisms to control how personal data is managed throughout operational and support processes, based on the following precepts with consideration for Article 5 of the GDPR directive (Principles relating to the processing of personal data)
1) Personal information is only gathered for the legitimate purposes of our business, including where necessary, legal and regulatory purposes,
2) Only the minimum amount of information necessary for effective operations is processed,
3) HRLocker ensures that we only process relevant and adequate personal information throughout operations,
4) Personal information is processed in a fair and lawful manner,
5) HRLocker maintains an inventory of categories of personal information processed by the organization,
6) All personal information is kept accurate and up-to-date,
7) Personal information is only retained for as long as is necessary for legal or regulatory reasons or for legitimate organizational purposes, and HRLocker then ensures its timely and appropriate disposal,
8) In all circumstances, the rights of natural persons to their personal information are respected,
9) Adequate resources are allocated to ensuring that all personal information is processed and stored by HRLocker in a secure operational environment,
10) The transfer of personal information outside our national boundary is only done in circumstances where it can be adequately protected,
11) Where we provide our goods and services to EU citizens across national boundaries, HRLocker ensures that appropriate regulatory aspects are addressed,
12) HRLocker does not currently carry out any operations where the application of the various exemptions allowable by data protection legislation is required,
13) We have developed our management system to provide for the formal management of personal information, which provides for all measures documented herein,
14) HRLocker has identified internal and external interested parties and the degree to which they are involved in the governance of the organization’s management system relevant to personal information,
15) The top management has appointed management representatives with specific responsibility and accountability for personal information within the management system,
16) Appropriate records of the processing of personal information are maintained throughout operations. HRLocker has implemented an Internal Audit Programme to ensure that the ongoing suitability, conformity, and continual improvement of the management system is assured. The management system complies with ISO 27001 and is subject to regular external audit in order to maintain our certification to this standard. The management system has the full support of all interested parties. All operational and support processes are within the scope of this management system. All personnel have been provided with a copy of this document