Talascend International is committed to ensuring the privacy and security of all personal data retained. The main board directors and senior managers are committed to the delivery of this policy statement and ensuring it is understood and followed throughout the business.
The Talascend International company structure facilitates transparent and compliant administration of the General Data Protection Regulations (GDPR), this includes assigning responsibilities for Data Protection to a specific individual within the structure of the organisation.
Through the implementation of defined processes and with a strong focus on managing risk, Talascend International communicate openly with internal and external customers on how their personal data is collected and stored.
Talascend only process personal data that is essential to business operations or our continued compliance with government and regulatory bodies where we are required to achieve certain operational, vocational and administrative standards. This may include the need to verify certain competencies or qualifications held by an individual which may be essential for them to be considered by a client.
Personal data will be captured through completion of the Talascend International application, registration or verbally by a consultant. At this stage, an explanation will be provided on what information will be required, the reason for obtaining this information and how it will be stored. Talascend International confirm that no personal data will be passed to a third party without the express permission of the individual.
All personal data is stored in a secure password-protected database. Hard copy documentation is archived off-site in a secure storage facility.
Through the continual monitoring of compliance with this policy, Talascend International regularly review the accuracy of personal data held and offer routine opportunities for this to be updated. The quality and accuracy of all personal data is a primary concern and upon reasonable request, all personal data that is being held, where/how it was obtained and who it may be shared with will be made available.
Individuals are provided with every opportunity to reasonably exercise their right to access the personal data that Talascend International hold. Any and all requests for subject access will be answered within 28 days of the request being received. The subject’s personal data will be provided in a clear, standardised format. Talascend International ensure that all relevant options are detailed within this format to assist the individual with their decision.
All individuals retain the right to complain to the Information Commissioners Office (ICO) should they feel there is a cause for concern regarding the manner in which their personal data is being managed or processed. In the first instance, all investigations will be carried out at a senior management level and escalated to the Managing Director in the event that an acceptable resolution cannot be achieved.
Talascend International ensure that all consent mechanisms used in the consent process are unambiguous. Every opportunity is provided for the individual to assert a positive indication of agreement and that they have been afforded the opportunity to make a decision, rather than proceed on an assumption of acceptance by default. In the event that it is necessary to hold personal data for children, the consent process will include the same positive consent mechanism to gain confirmation from a parent/carer for the personal data to be held.
Data security is of paramount importance to Talascend International as part of our protection from any data breaches. Systems are constantly monitored, audited and assessed to facilitate the detection of potential breaches. Any breaches deemed to be of a level that may involve suffering, financial loss or damage through identity theft or confidentiality breach will be notified to the ICO. To assist in the ongoing protection of personal data, Talascend International conduct Data Protection Impact Assessments (DPIA) at regular intervals and link them to existing risk assessments and company risk register.
GDPR Privacy statement
Review date May 2019
Our policies are continually reviewed and we reserve the right to amend this policy at any time.