DATA Protection / GDPR
GeniusReserve is committed to and complies with its obligations under Data Privacy and Protection Legislation in relation to all Protected Personal Data that is processed in the course of performing our business.
“Data Protection Legislation” means, to the extent applicable to the provision of any Services, the EU Data Protection Directive 95/46/EC, the EU Directive on Privacy and Electronic Communications 2002/58/EC, Commission decisions and guidance and all national implementing legislation, and all other applicable laws and regulations relating to data protection and privacy in any jurisdiction in which the Services are being provided or the Personal Data is being Processed and any jurisdiction from which we provide any of the Services.
“Personal Data” means any and all personal data in respect of which GeniusReserve is a data controller and which will be processed by GeniusReserve in the performance of its obligations where “personal data” and “data controller” have the meanings given to them by the EU Data Protection Directive 95/46/EC;
“Processing” has the meaning given to that term by the EU Data Protection Directive 95/46/EC and Process and Processed shall have corresponding meanings.
Data is captured electronically and stored on a secure server. No data is encrypted at GeniusReserve, it is secured under user access details and no-one can access without an authorised GeniusReserve logon. The Managing Director controls who has permission to access the system.
GeniusReserve maintains an automated, monitored, full daily backup of the system to a UK Hosted Data Centre hosted by Acronis. These backups are retained for 6 months. Servers are maintained under a 24/7 4 hour response warranty on critical servers and are maintained by an outsourced accredited support company who are Microsoft and Dell Partnered. Symantec Endpoint Protection is regularly updated to provide a secure firewall.
GeniusReserve interacts with potential candidates for specific roles within our client companies. This interaction includes capture and storage of personal data which is treated as confidential and is not shared with any third party without the prior consent of the individual involved.
The data captured is transferred to GeniusReserve presentation format, used to generate reports and transmitted via e-mail to client companies and authorised individuals working on specific assignments.
We have a standard clause used in our proposals/contracts with client companies:
These reports contain legally privileged, proprietary and highly confidential information which is intended solely for the attention and action of authorised individuals within [the client company] & GeniusReserve management teams. Any unauthorised disclosure, duplication &/ or distribution of this information is prohibited & unlawful. [the client company] is required to protect the security and confidentiality of all information provided to them.
- GeniusReserve does not process, disclose or use Protected Personal Data except to the extent necessary for the provision of Services under any applicable Contract;
- GeniusReserve does not disclose any Protected Personal Data to any Third Party, even for back-up or storage purposes, without the prior consent of candidates.
- GeniusReserve implements and maintains an effective information security program that
- (a) includes administrative, technical, and physical safeguards, and
- (b) appropriate technical and organisational measures,
in each case, adequate to insure the security and confidentiality of Protected Personal Data, protect against any anticipated threats or hazards to the security or integrity of Protected Personal Data, protect against unauthorized access to or use of Protected Personal Data, protect Protected Personal Data against unlawful Processing and protect against accidental loss, destruction, damage, alteration or disclosure of Protected Personal Data.
Without limiting the foregoing, such safeguards and measures shall be appropriate to protect against the harm that may result from unauthorised or unlawful Processing, use or disclosure, or accidental loss, destruction or damage to or of Protected Personal Data and the nature of the Protected Personal Data, and shall include (as a minimum):
- implementing the measures prescribed by Data Protection Legislation, the Data Privacy Minimum Control Requirements, the Company IT Security Schedule or provision of a Contract;
- taking reasonable steps to ensure the reliability of employees having access to the Protected Personal Data, and
- implementing and maintaining reasonable disposal measures and training of employees
Should you wish to have your data removed from our system please email email@example.com with Remove Data as the Subject. We will confirm with you once all your details have been removed from our system.