GDPR Compliance Statement

Welcome to the GDPR and Data Security statement of Mployus Personnel Services trading as Mployus HR. This document aligns with our core Privacy Policy.

Accountability: At Mployus HR, we prioritise GDPR principles by integrating 'data privacy by design' into our operations. We maintain accountability through well-structured policies, systems, and appointing a Data Protection Officer (DPO) to ensure compliance with data protection regulations. Our policies undergo frequent review, and we regularly train our staff on data protection and security.

Transparency, Fairness, and Lawfulness: We are committed to processing data transparently, lawfully, and with fairness to all data subjects. Our procedures ensure that we efficiently manage data access requests and maintain legal compliance throughout.

Data Integrity and Confidentiality: We store data securely, and our systems are protected by certifications, ensuring data integrity. Our cyber security team and Incident Response Team monitor systems, ready to address any data compromises swiftly.

Data Minimization and Storage: Data is retained only when necessary and disposed of using industry-approved methods when no longer required. We ensure fair retention practices by adhering to lawful bases

Data Accuracy: Our staff is trained to maintain high standards of data accuracy, ensuring all information is complete and up-to-date.

Purpose Limitation: We use data strictly for the purposes it was originally collected for, ensuring no data is processed for unrelated reasons.

For any further questions regarding GDPR, please contact our DPO at GDPR@mployushr.com.

Physical Security: Although Mployus HR does not currently have a physical office, we are ensuring that any future office spaces will be equipped with secure access, including monitored entry points and CCTV coverage.

System Security: Our software follows standard Agile development methodologies, and we perform rigorous testing to ensure security and functionality. Sensitive data is processed on secure systems, and regular system updates ensure the use of advanced security tools.

Network Access & Encryption: Access to our systems is strictly controlled and protected by encryption and VPNs for remote access. We also employ comprehensive security measures, including firewalls and antivirus software, to safeguard against cyber threats.

Cloud Providers & Data Backup: We utilise cloud-based storage solutions that are regularly monitored and backed up. All data is stored within the UK or EU to ensure compliance with GDPR

Cybersecurity Measures: Our networks are secured with firewalls, antivirus protection, and dedicated security monitoring tools to detect and neutralise threats. Regular penetration testing ensures the robustness of our defences.

Third-Party Security: Any third-party vendors we work with are required to comply with GDPR standards, and we have Data Processing Agreements in place where necessary.

Staff Security: All staff undergo screening, training, and follow a strict clear-desk policy. Employees and other workers are also required to sign confidentiality agreements and abide by complex password protocols. Remote workers follow our secure data handling policies.

Data Retention: Client data is retained according to our retention policy, which complies with legal and commercial requirements. Typically, we retain data for seven years after the contract ends.

Data Disposal: Mployus HR has adopted a digital-first approach, minimising the use of paper records. When disposing of data or hardware, we use certified third parties to ensure secure destruction and issue certificates upon completion.

Queries and Complaints: Mployus HR has a dedicated representative for data protection queries. If you are unhappy with our response, you have the right to lodge a complaint with the Data Protection Commissioner (DPC).

This document was last updated in August 2024. We will continue to monitor and update it to comply with any changes in regulations that may affect your rights.