top of page

Fair Processing Policy

for

Paradigm.

  • Facebook
  • X
  • LinkedIn
  • Instagram
Woman in Grey Suit

Effective Date: 2nd Sep 2024

Fair Processing Policy for Job Applicants & Employees

 

Paradigm Consulting Solutions Ltd

Review Cycle: Annually or as required by law

1. Introduction

This Fair Processing Policy explains how Paradigm Consulting Solutions Ltd (“the Company”, “we”, “us”) collects, uses, stores, and protects personal data of:

  • Individuals applying for employment or consultancy roles (“job applicants”)

  • Current and former employees, contractors, and associates

The Company is committed to processing personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the information security requirements of ISO 27001.

2. Purpose of Processing

We process applicant and employee data to:

  • Assess and manage job applications, including screening, interviewing, and recruitment decisions

  • Fulfil pre-employment checks and legal requirements

  • Manage the employment or contractor relationship, including HR administration, payroll, benefits, training, and performance management

  • Maintain secure access to Company systems and facilities

  • Comply with legal obligations, regulatory requirements, and employment law

3. What Data We Collect

The personal data we process may include:

  • Identification details: name, date of birth, address, email, phone number

  • Employment history, CVs, qualifications, and references

  • Proof of right to work in the UK (e.g., passport, visa details)

  • Background check results (where applicable)

  • Bank details and payment information (for employees/contractors)

  • Emergency contact information

  • Records of interviews, assessments, and correspondence

  • Performance, training, and appraisal records

Special category data (e.g., health information, disability details) may be collected if relevant to your application or employment to ensure compliance with legal and equality obligations.

4. Legal Basis for Processing

Under UK GDPR and DPA 2018, we process personal data on the following lawful bases:

  • Contractual necessity: to take steps at your request prior to entering into a contract or to perform a contract of employment or services.

  • Legal obligation: to comply with UK employment, immigration, tax, and other applicable laws.

  • Legitimate interests: for efficient recruitment, workforce planning, and business operations (balanced with your rights).

  • Consent: where we rely on your explicit consent for specific purposes (e.g., retaining your CV for future vacancies).

5. How We Use and Share Your Data

Your personal data will only be used for the purposes outlined above and may be shared with:

  • Internal HR, recruitment, and management teams involved in the hiring or employment process

  • External service providers (e.g., background check providers, payroll processors, recruitment platforms) bound by confidentiality and data protection agreements

  • Regulatory or government authorities where legally required

We do not sell or share your data for marketing without your consent.

6. Data Retention

  • Job applicant data: retained for up to 12 months after the recruitment process ends unless you consent to a longer retention period for future opportunities.

  • Employee data: retained for the duration of employment and in line with statutory requirements (typically up to 6 years after termination for legal and contractual obligations).

Data no longer needed is securely deleted or anonymised.

7. Security of Your Data (ISO 27001)

We maintain an Information Security Management System (ISMS) in line with ISO 27001 to protect your personal data against loss, unauthorised access, or misuse. Measures include:

  • Access control and authentication

  • Encryption of data in transit and at rest (where appropriate)

  • Regular vulnerability scanning and patching

  • Secure disposal of records and devices

  • Employee and contractor training on data protection

8. Your Rights

As a data subject, you have rights under the UK GDPR, including:

  • Access to your personal data

  • Rectification of inaccuracies

  • Erasure of data (where lawful)

  • Restriction of processing in certain circumstances

  • Data portability (where applicable)

  • Objection to processing based on legitimate interests

  • Withdraw consent (where processing is based on consent)

Requests can be made via [insert contact email/address]. We will respond within one month, unless an extension is legally permitted.

 

9. Data Breach Management

Should a personal data breach occur involving your information, we will:

  • Assess and mitigate the incident in accordance with our ISO 27001 incident response plan

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if there is a risk to your rights and freedoms

  • Inform you without undue delay if the breach poses a high risk

 

 

10. International Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place (e.g., UK International Data Transfer Agreements or other approved mechanisms).

11. Updates to this Notice

This Fair Processing Policy may be updated periodically to reflect legal, regulatory, or operational changes. The latest version will always be available on our website.

12. Contact Information

For any questions, data access requests, or concerns about your personal data, please contact:

Data Protection Lead: Ann Samuels
Paradigm Consulting Solutions Ltd
www.paradigm-it.co.uk
DPO@paradigm-it.co.uk

If you believe your data protection rights have been violated, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk

bottom of page