Data Protection Policy

Version: 03 MAY 2018

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

Davis Nolan Ltd. t/a Inbound Talent will comply with the GDPR as a data controller and processor when it takes effect on 25th May 2018.

Please note that we may amend this policy on a regular basis. Please visit this page to keep up to date.

1°) Who is responsible for Data Protection?

Chloe Morisson mydata@inboundtalent.eu +353 1 96 09 787

2°) Why do we keep your data?

Davis Nolan Ltd. t/a Inbound Talent only collect personal information for the purpose of Recruitment Marketing; that is create and implement talent attraction models for clients to attract and retain the right talent for their organisation using digital marketing and employer branding strategies. We may also collect any other details that are relevant to the delivery of this service.

3°) What personal data do we keep about you?

Work email addresses.

The emails we exchange throughout the process, notes and call recordings are also processed (all of our calls are recorded for training, monitoring and compliance purpose).

4°) Who do we share these data with?

Davis Nolan Ltd. t/a Inbound Talent is an international organisation; this is what enables us to offer the level of services that we do. In order for us to continue operating in this way, we need to transfer or store your data internationally between our entities. These data are accessible by Davis Nolan Ltd. t/a Inbound Talent’s staff. We will never share any data with anyone outside of our organisation without your express written permission. Should a specific client process their data outside of the EEA, we will request your written permission for that specific transfer.

When we share your data with one of our specified client, we both become controllers of your data.

5°) How do we collect your data?

Our lawful basis to acquire your data is the contract signed between Davis Nolan t/a Inbound Talent and you as a client. We only collect and process the data necessary for the performance of this contract or in order to take steps at the request of the data subject prior to entering a contract.

We only collect work email addresses and anonymous surveys.

6°) Where is your data stored and processed?

We use multiple cloud based systems to carry out our various recruitment tasks.

Our Survey system is fully GDPR compliant; their servers are currently hosted in the US through Liquid web (Liquid Web is Safe Harbour compliant https://www.liquidweb.com/about-us/data-centers/us-central/). They have a consent feature built-in so the survey respondents have to give their consent for their Personally Identifiable information to be stored outside of the EU.

We use a VoIP phone provider; all of our calls are recorded for training, monitoring and compliance purpose. Their servers are AWS in London, UK.

We use Microsoft 365 as email provider; this is a cloud based application, and Microsoft provides a double layer of encryption.

7°) How long do we keep your data?

We keep your data for 2 years from the expiration date of our contract or until an erasure request is made, whichever is the shortest.

8°) How do we protect your data?

We endeavour to treat your data the same way we would like ours processed. From Day 1, our employees are made aware of data protection and their responsibilities, and regular refresher training is carried out throughout the year.

We endeavour to only use software and systems that are committed to be GDPR compliant.

Our passwords are reset automatically every 90 days and we have systems in place to detect unusual behaviours that could lead to a potential data breach. We also have a number of procedures that restrict remote accessibility of data.

All of our systems’ providers have committed to being GDPR compliant and offer various level of encryption and pseudonymisation.

9°) Under the GDPR you have the right to:

  1. Be informed
  2. Access the data we hold about you
  3. Restrict the processing of your data
  4. Rectify the data we hold about you
  5. Erasure (right to be forgotten)
  6. Data portability
  7. Object to the use of your data
  8. Automated decision-making and profiling

10°) How can you exercise your rights as a Data Subject?

Email our Data Protection Champion, Chloe Morisson mydata@inboundtalent.eu +353 1 96 09 787 with the right you wish to exercise in the subject line.

Please be aware that you may be asked for a proof of identity, which will not be kept after processing your request. We may also need to ask for more information about your request to process it.

Under the GDPR we have 30 days to comply with your request, unless we have a legal obligation preventing us to do so; in which case we will share that reason with you.

11°) I have a question that is not covered in this document:

Please contact our Data Protection Champion, Chloe Morisson mydata@inboundtalent.eu +353 1 96 09 787

12°) What data do you collect when I visit your site?

When you access our website we will also collect certain data from you. If you would like more information about this, please click here to view our Website Privacy & Cookies Policy.

SUPPLIER DATA: 

We collect very little data about our Suppliers. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect company bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

All of our calls inbound and outbound are recorded for training, monitoring and compliance purpose.
When you access our website we will also collect certain data from you. If you would like more information about this, please click here to view our Website Privacy & Cookies Policy.