Privacy Policy Old

Data Protection Policy

1. About this Policy

1.1 This Policy is to help Talenture Group deal with data protection matters internally. This should be kept with other Talenture Group’s policies and a copy should be given (or made available) to all staff members, volunteers and others who come into contact with personal data during the course of their involvement with Talenture Group.

1.2 Talenture Group (“we”, “our”, “us”) handle personal data about current, former, and on occasion prospective employees, clients, candidates [and their references], volunteers, other recruitment agencies, contractors, third parties, suppliers, and any other individuals that we communicate with.

1.3 In your official capacity with Talenture Group, you may process personal data on our behalf and we will process personal data about you. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the Nigerian Data Protection Regulation 2019 (NDPR).

1.4 Correct and lawful treatment of this data will maintain confidence in Talenture Group, and protect the rights of employees and any other individuals associated with Talenture Group. This Policy sets out our data protection responsibilities and highlights the obligations of Talenture Group, which means the obligations of our employees, committee, volunteers, members, and any other contractor or legal or natural individual or organisation acting for or on behalf of Talenture Group.

1.5 You are obliged to comply with this policy when processing personal data on behalf of the Talenture Group, and this policy will help you to understand how to handle personal data.

1.6 Talenture Group will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the Operations Department.

1.7 We process staff, volunteer, contractor, manager, supplier and third party personal data for administrative and Company management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on business or employment matters, and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for 12 months after the end of your official relationship with the Talenture Group unless required otherwise by law and / or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with Talenture Group.

1.8 All the key definitions under NDPR can be found here.

2. What we need from you

2.1. To assist with our compliance with NDPR we will need you to comply with the terms of this policy. We have set out the key guidance in this section but please do read the full policy carefully.

2.2. Please help us to comply with the data protection principles (set out briefly in section 3 of this policy and in further detail below):

2.2.1. Please ensure that you only process data in accordance with our transparent processing as set out in our Privacy notice;

2.2.2. Please only process personal data for the purposes for which we have collected it (i.e. if you want to do something different with it then please speak to your Line Manager first);

2.2.3. Please do not ask for further information about client or candidates and / or staff and / or volunteers without first checking with your Line Manager;

2.2.4. If you are asked to correct an individual’s personal data, please make sure that you can identify that individual and, where you have been able to identify them, make the relevant updates on our records and systems;

2.2.5. please comply with our retention periods listed in our Privacy Notice and make sure that if you still have information which falls outside of those dates, that you delete/destroy it securely;

2.2.6. Please treat all personal data as confidential. If it is stored in electronic format then please consider whether the documents themselves should be password protected or whether your personal computer is password protected and whether you can limit the number of people who have access to the information. Please also consider the security levels of any cloud storage provider (and see below). If it is stored in hard copy format then please make sure it is locked away safely and is not kept in a car overnight or disposed of in a public place;

2.2.7. if you are looking at using a new electronic system for the storage of information, please talk to the Operations Manager first so that we can decide whether such a system is appropriately secure and complies with NDPR;

2.2.8. if you are planning on sharing personal data with anybody new or with a party outside the Talenture Group structure then please speak to your Line Manager before doing so who will be able to check that the correct contractual provisions are in place and that we have a lawful basis to share the information;

2.2.9. If you receive a subject access request (or you think somebody is making a subject access request for access to the information we hold on them) then please tell the Operations Manager as soon as possible because we have strict timelines in which to comply;

2.2.10. If you think there has been a data breach (for example you have lost personal data or a personal device which contains personal data or you have been informed that a staff has done so, or you have sent an email and open copied all contacts in) then please speak to the Operations Manager who will be able to help you to respond.

If you have any questions at any time then please just ask the Operations Manager. We are here to help.

3. Data protection principles

3.1. Anyone processing personal data must comply with the enforceable principles of data protection. Personal data must be:

3.1.1. Processed lawfully, fairly and in a transparent manner;

3.1.2. Collected for only specified, explicit and legitimate purposes;

3.1.3. Adequate, relevant and limited to what is necessary for the purpose(s) for which it is processed;

3.1.4. Accurate and, where necessary, kept up to date;

3.1.5. Kept in a form which permits identification of individuals for no longer than is necessary for the purpose(s) for which it is processed;

3.1.6. Processed in a manner that ensures its security by appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage;

3.2. We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.

Fair and lawful processing

This Policy aims to ensure that our data processing is done fairly and without adversely affecting the rights of the individual.

Lawful processing means data must be processed on one of the legal bases set out in the NDPR. When special category personal data is being processed, additional conditions must be met.

4. Processing for limited purposes

Talenture Group collects and processes personal data. This is data we receive directly from an individual and data we may receive from other sources.

We will only process personal data for the purposes of Talenture Group’s business as instructed by the Management of Talenture Group, or as specifically permitted by the NDPR. We will let individuals know what those purposes are when we first collect the data or as soon as possible thereafter.

Consent

One of the lawful bases on which we may be processing data is the individual’s consent.

An individual consents to us processing their personal data if they clearly indicate specific and informed agreement, either by a statement or positive action.

Individuals must be easily able to withdraw their consent at any time and withdrawal must be promptly honoured.

Explicit consent is usually required for automated decision-making and for cross-border data transfers, and for processing special category personal data. Where children are involved then the consent must be in writing from parent/guardian

Where consent is our legal basis for processing, we will need to keep records of when and how this consent was captured.

Our Privacy Notice sets out the lawful bases on which we process data of our staff, clients and candidates.

Notifying individuals

Where we collect personal data directly from individuals, we will inform them about:

 

[/vc_column_text][/vc_column][/vc_row]

Data Protection Policy

1. About this Policy

1.1 This Policy is to help Talenture Group deal with data protection matters internally. This should be kept with other Talenture Group’s policies and a copy should be given (or made available) to all staff members, volunteers and others who come into contact with personal data during the course of their involvement with Talenture Group.

1.2 Talenture Group (“we”, “our”, “us”) handle personal data about current, former, and on occasion prospective employees, clients, candidates [and their references], volunteers, other recruitment agencies, contractors, third parties, suppliers, and any other individuals that we communicate with.

1.3 In your official capacity with Talenture Group, you may process personal data on our behalf and we will process personal data about you. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the Nigerian Data Protection Regulation 2019 (NDPR).

1.4 Correct and lawful treatment of this data will maintain confidence in Talenture Group, and protect the rights of employees and any other individuals associated with Talenture Group. This Policy sets out our data protection responsibilities and highlights the obligations of Talenture Group, which means the obligations of our employees, committee, volunteers, members, and any other contractor or legal or natural individual or organisation acting for or on behalf of Talenture Group.

1.5 You are obliged to comply with this policy when processing personal data on behalf of the Talenture Group, and this policy will help you to understand how to handle personal data.

1.6 Talenture Group will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the Operations Department.

1.7 We process staff, volunteer, contractor, manager, supplier and third party personal data for administrative and Company management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on business or employment matters, and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for 12 months after the end of your official relationship with the Talenture Group unless required otherwise by law and / or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with Talenture Group.

1.8 All the key definitions under NDPR can be found here.

2. What we need from you

2.1. To assist with our compliance with NDPR we will need you to comply with the terms of this policy. We have set out the key guidance in this section but please do read the full policy carefully.

2.2. Please help us to comply with the data protection principles (set out briefly in section 3 of this policy and in further detail below):

2.2.1. Please ensure that you only process data in accordance with our transparent processing as set out in our Privacy notice;

2.2.2. Please only process personal data for the purposes for which we have collected it (i.e. if you want to do something different with it then please speak to your Line Manager first);

2.2.3. Please do not ask for further information about client or candidates and / or staff and / or volunteers without first checking with your Line Manager;

2.2.4. If you are asked to correct an individual’s personal data, please make sure that you can identify that individual and, where you have been able to identify them, make the relevant updates on our records and systems;

2.2.5. please comply with our retention periods listed in our Privacy Notice and make sure that if you still have information which falls outside of those dates, that you delete/destroy it securely;

2.2.6. Please treat all personal data as confidential. If it is stored in electronic format then please consider whether the documents themselves should be password protected or whether your personal computer is password protected and whether you can limit the number of people who have access to the information. Please also consider the security levels of any cloud storage provider (and see below). If it is stored in hard copy format then please make sure it is locked away safely and is not kept in a car overnight or disposed of in a public place;

2.2.7. if you are looking at using a new electronic system for the storage of information, please talk to the Operations Manager first so that we can decide whether such a system is appropriately secure and complies with NDPR;

2.2.8. if you are planning on sharing personal data with anybody new or with a party outside the Talenture Group structure then please speak to your Line Manager before doing so who will be able to check that the correct contractual provisions are in place and that we have a lawful basis to share the information;

2.2.9. If you receive a subject access request (or you think somebody is making a subject access request for access to the information we hold on them) then please tell the Operations Manager as soon as possible because we have strict timelines in which to comply;

2.2.10. If you think there has been a data breach (for example you have lost personal data or a personal device which contains personal data or you have been informed that a staff has done so, or you have sent an email and open copied all contacts in) then please speak to the Operations Manager who will be able to help you to respond.

If you have any questions at any time then please just ask the Operations Manager. We are here to help.

3. Data protection principles

3.1. Anyone processing personal data must comply with the enforceable principles of data protection. Personal data must be:

3.1.1. Processed lawfully, fairly and in a transparent manner;

3.1.2. Collected for only specified, explicit and legitimate purposes;

3.1.3. Adequate, relevant and limited to what is necessary for the purpose(s) for which it is processed;

3.1.4. Accurate and, where necessary, kept up to date;

3.1.5. Kept in a form which permits identification of individuals for no longer than is necessary for the purpose(s) for which it is processed;

3.1.6. Processed in a manner that ensures its security by appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage;

3.2. We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.

Fair and lawful processing

This Policy aims to ensure that our data processing is done fairly and without adversely affecting the rights of the individual.

Lawful processing means data must be processed on one of the legal bases set out in the NDPR. When special category personal data is being processed, additional conditions must be met.

4. Processing for limited purposes

Talenture Group collects and processes personal data. This is data we receive directly from an individual and data we may receive from other sources.

We will only process personal data for the purposes of Talenture Group’s business as instructed by the Management of Talenture Group, or as specifically permitted by the NDPR. We will let individuals know what those purposes are when we first collect the data or as soon as possible thereafter.

Consent

One of the lawful bases on which we may be processing data is the individual’s consent.

An individual consents to us processing their personal data if they clearly indicate specific and informed agreement, either by a statement or positive action.

Individuals must be easily able to withdraw their consent at any time and withdrawal must be promptly honoured.

Explicit consent is usually required for automated decision-making and for cross-border data transfers, and for processing special category personal data. Where children are involved then the consent must be in writing from parent/guardian

Where consent is our legal basis for processing, we will need to keep records of when and how this consent was captured.

Our Privacy Notice sets out the lawful bases on which we process data of our staff, clients and candidates.

Notifying individuals

Where we collect personal data directly from individuals, we will inform them about: