GDPR statement

GDPR Compliance Policy

Purpose and Scope:

This GDPR compliance policy outlines the organisation’s commitment to protecting personal data and ensuring compliance with the General Data Protection Regulation (GDPR). The policy applies to all employees, contractors, and third parties who handle personal data on behalf of the organisation.

Key Principles:

Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and transparently.

Purpose limitation:

Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

At Simon Acres Group LTD, we collect personal data through our contact forms and application forms solely for the purpose of delivering our services to our clients and candidates. Additionally, with the candidate’s explicit consent obtained during a preconsultancy call, we may share their data to contact them with job offers or other service offers strictly connected to our recruitment services. Any further processing of personal data will be conducted in a manner consistent with the original purpose for which it was collected and in compliance with applicable data protection laws.

At Simon Acres Group LTD, we adhere to the principle of data minimisation by collecting only the minimum and absolutely necessary information required for our services. This means that personal data collected from customers is:

  • Adequate: We ensure that the information collected is sufficient to meet customer requirements and minimum expectations without being excessive or intrusive.
  • Relevant: The data collected directly relates to the specific purposes for which it is processed, ensuring its relevance to the customer’s needs and objectives.
  • Limited: We collect only the essential information necessary to fulfill our obligations to customers, ensuring that we do not exclude anyone or undervalue anyone’s needs. In dealing with customers, we advise them to ask only the absolutely necessary questions relevant to their role or requirements.

By adhering to these principles, we prioritise the protection of customer privacy while effectively meeting their needs and expectations.


Personal data shall be accurate and, where necessary, kept up to date. Our staff conducts verification checks on candidates using public platforms to ensure the accuracy of the information provided to us before proceeding further. It is crucial for us to deliver only accurate information, as we provide candidate screening services. By entrusting information to us, candidates acknowledge their responsibility to provide truthful and accurate information. Candidates agree not to conceal important information that may influence the client’s decision-making process.

Storage limitation:

We are committed to storing personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This ensures that we uphold the principle of data minimisation and respect individuals’ privacy rights.

Integrity and confidentiality:

We process personal data in a manner that ensures appropriate security measures are in place, including protection against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage. We prioritize the integrity and confidentiality of personal data to maintain trust and compliance with data protection regulations.

Roles and Responsibilities:

As part of our commitment to data privacy and security, all employees are responsible for:

  • Ensuring compliance with data storage limitations and security measures outlined in this policy.
  • Safeguarding the integrity and confidentiality of personal data in their respective roles.
  • Reporting any potential security breaches or incidents to the appropriate authorities promptly.
  • Participating in ongoing training and awareness programs to stay informed about data protection best practices and their responsibilities.
  • By collectively upholding these roles and responsibilities, we maintain a culture of privacy and security within our organization, ensuring the protection of personal data and the trust of our stakeholders.

Data Controller: 

The organisation, as the data controller, determines the purposes and means of processing personal data.

Data Processor:

Third parties engaged by the organisation to process personal data on its behalf must adhere to GDPR requirements. When selecting service providers, our company ensures that they accept our privacy policy and meet GDPR rules. Additionally, we do not grant them the right to use the data provided by customers and candidates in our contact and application forms or added to our CMS for any purpose other than the specific services they are contracted for. This ensures that our customers’ and candidates’ data remains protected and used only in accordance with our privacy policy and GDPR regulations.

Data Protection Officer (DPO): 

As your trusted partner, we have appointed a dedicated Data Protection Officer (DPO) to oversee our compliance with data protection regulations, including the General Data Protection Regulation (GDPR). The role of our DPO is to ensure that we handle your personal data responsibly and in accordance with applicable data protection laws.

I, as your DPO, am responsible for providing guidance and advice on data protection matters, monitoring our compliance with GDPR requirements, and conducting audits to identify and mitigate potential risks. Additionally, I serve as your point of contact for any questions or concerns you may have regarding the processing of your personal data.

Rest assured that your privacy is our top priority, and We are here to ensure that we maintain the highest standards of data protection throughout our business operations. If you have any questions or require further information about how we handle your personal data, please don’t hesitate to reach out to our DPO.


As part of our commitment to protecting your privacy and personal data, we empower and entrust every employee with the responsibility of upholding GDPR standards in their day-to-day activities. This means that whether they are working in customer service, marketing, human resources, or any other department, our employees understand and prioritize the importance of safeguarding your data.

From the moment your data is collected to its processing, storage, and eventual deletion, every employee is trained to handle it with the utmost care and in accordance with GDPR regulations. This includes implementing security measures to prevent unauthorized access, regularly reviewing data handling practices to ensure compliance, and promptly addressing any potential breaches or concerns.

Data Protection Measures:

DPIAs (Data Protection Impact Assessments) are a vital part of our commitment to safeguarding your privacy. These assessments are conducted for any high-risk processing activities to thoroughly evaluate and mitigate potential privacy risks. By conducting DPIAs, we ensure that your personal data is handled with the highest level of care and protection.

In the unfortunate event of a personal data breach, we take immediate action to notify the appropriate supervisory authority and affected individuals without delay. This ensures transparency and accountability in our data handling practices, allowing us to swiftly address any breaches and mitigate their impact.

We recognise and respect your rights as data subjects. This includes your right to access, rectify, erase, restrict processing, and portability of your personal data. Our organisation is committed to facilitating the exercise of these rights, ensuring that you have control over your personal information and how it is processed.

When transferring personal data to third countries or international organisations, we adhere to strict GDPR requirements to ensure the continued protection of your data. This includes implementing appropriate safeguards and mechanisms to safeguard your privacy rights, regardless of where your data may be transferred.

At Simon Acres Group LTD, your privacy is our top priority, and we are dedicated to upholding the highest standards of data protection in everything we do.

Training and Awareness:

At Simon Acres Group LTD, we prioritise the importance of GDPR compliance and data protection. That’s why all of our employees receive comprehensive training on GDPR principles, requirements, and their individual responsibilities for safeguarding data.

We believe that knowledge is key to maintaining a strong culture of data protection. To reinforce this, we conduct regular awareness campaigns to ensure that every employee understands the significance of their role in protecting data and upholding GDPR standards.

By investing in training and awareness, we empower our employees to confidently navigate data protection challenges and uphold the highest standards of privacy for our customers and stakeholders.

Monitoring and Enforcement:

At Simon Acres Group LTD, we monitor compliance with this policy through regular audits and assessments.

We take non-compliance with GDPR requirements seriously and may take disciplinary action, including termination of employment or contract.

Policy Review:

At Simon Acres Group LTD, we periodically review and update this policy to ensure continued compliance with GDPR requirements and changes in the regulatory landscape.

Approval and Adoption:

This policy has been approved by senior management, and we expect all employees, contractors, and third parties who handle personal data on behalf of the organisation to adopt and adhere to it.

Version: 1.03 updated: 2024 – Feb – 16