Introduction
AMO Consultancy Services Ltd is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. We respect your privacy and protect your personal data, adopting a “Personal Data Protection Policy” that sets out how we seek to protect personal data in accordance with all applicable regulations, including the European Data Protection Regulation (EU) 2016/679 of 27 April 2016.
Objectives
The objective of Information Security is to ensure business continuity and minimize business damage by preventing and minimizing the impact of security incidents. Information assets must be protected to ensure
Confidentiality
Protection against unauthorized disclosure.
Integrity
Protection against unauthorized or accidental modification.
Availability
Ensuring information is accessible when required.
Definitions
Candidate / Applicant
Person who has sent an application and/or has been contacted by AMO Consultancy Services Ltd regarding a job offer.
Data Subject
The individual who is the subject of personal data.
Data Controller
Entity that determines the purposes and means of processing personal data.
Data Processor
Entity that processes personal data on behalf of the Data Controller.
Employee
Person recruited by AMO Consultancy Services Ltd.
GDPR
European Data Protection Regulation (EU) 2016/679.
HR or Human Resources
Department involved in personnel management, recruitment, payroll, or staff relations.
Personal Data
Information relating to an identifiable person.
Processing
Operations performed on personal data, such as collection, recording, storage, etc.
AMO Consultancy Services Ltd
AMO Consultancy Services Ltd and all subsidiaries.
Responsibilities
Directors
Approve and oversee the Information Security and Privacy Policy, ensuring compliance and continuous improvement.
Data Protection Officer (DPO)
Manages day-to-day data protection responsibilities and ensures compliance with applicable regulations. Contact:
[email protected].
Employees and Agents
Safeguard organizational assets and report any security breaches immediately.
Data Collected
We commit to collecting and processing Personal Data lawfully, fairly, and transparently. Personal Data collected includes:
Identifying Information
Name, address, phone number, email.
Job Application Data
Professional experience, resume details, etc.
Professional Data
Job title, company affiliation.
HR Data
Social security number, payroll information, training records, etc.
Purpose of Data Collection
Clients/Prospects/Suppliers
To provide services, manage contracts, and communicate offers.
Candidates
To manage job applications and recruitment processes.
Employees
To manage employment relationships, administer HR processes, and comply with legal obligations.
Data Storage and Retention
We store data only as long as necessary for the purposes outlined in this policy. Criteria for retention include:
Cookies
Stored according to local authority limits.
Job Applications
Stored for up to 2 years unless consent for longer retention is provided.
HR Data
Retained for the duration of employment and as required by law thereafter.
Data Subject Rights
Data Subjects have the following rights:
Right of Access
The right to ask and obtain confirmation whether we are processing your Personal Data or not. If this is the case, you can access your Personal Data and obtain information such as the purpose of the processing, the categories of personal data concerned, etc.
Right to Rectification
The right to obtain from us the rectification of inaccurate Personal Data concerning you.
Right to Erasure
The right to obtain the erasure of your Personal Data, insofar as one of the reasons justifying this right applies to your situation.
Right to Restriction
The right to obtain the restriction of the Processing, where one of the grounds justifying the exercise of this right applies to your situation.
Right to Object
Object to data processing based on specific situations.
Right to Data Portability
Receive data in a portable format.
Post-Death Directives
Define directives for data after death.
To exercise these rights, contact:
[email protected].
We will respond within one month, extendable by two months if necessary.
Data Access and Sharing
Only authorized individuals and trusted service providers may access personal data as necessary. We ensure confidentiality and security through contracts and regular reviews.
We make every effort to ensure that the number of such individuals is kept as small as possible and to maintain the confidentiality and security of your Personal Data.
In this regard, we share with them only the information they need to provide the service and we ask them not to use your Personal Data for any other purpose. We always make our best efforts to ensure that all our trusted service providers with whom we work, maintain the confidentiality and security of your Personal Data. We also ensure that when our relationship with a trusted service provider comes to an end, that service provider deletes your Personal Data without delay.
We select our trusted service providers with great care, ensuring that they provide sufficient guarantees, including expertise, reliability and resources, to implement the technical and organizational measures to meet the requirements of applicable legislation, including security of processing. In this regard, we ensure that our trusted service providers process Personal Data only on our documented instructions. We also ensure that their personnel are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.
Internally, your personal data can only be accessed by the HR department or any other departments having a strict need to know. This access is under strict review by our Data Privacy Officer in order to ensure the Group’s compliance with applicable laws.
We engage carefully selected third-party partners and service providers who process personal data on our behalf in compliance with GDPR. From time to time, we appoint digital marketing agencies to conduct outreach and marketing activities on our behalf. As part of these activities, personal data may be processed in accordance with applicable data protection laws. Our appointed data processors include:
- Prospect Global Ltd (trading as Sopro): Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro is registered with the ICO Reg: ZA346877. Their Data Protection Officer can be emailed at: [email protected].
- ZoomInfo Technologies LLC: 805 Broadway St, Suite 900, Vancouver, WA 98660, USA. ZoomInfo provides data intelligence and business contact information for our B2B marketing and sales efforts. You can view their privacy policy and exercise your data rights at: privacy.zoominfo.com. Their privacy team can be contacted at: [email protected]
Data Storage Location
Data is stored within the EEA. Transfers outside the EEA are allowed under strict conditions.
Security Measures
We implement appropriate technical and organizational measures to protect data, including access controls, authentication processes, and regular policy reviews.
Cookies
Cookies collect information about your activities on our website. You can manage cookies through your browser settings. We use Google Analytics for anonymized traffic data.
- Analytics: Google Analytics helps us see website traffic anonymously.
- Marketing: The Sopro plugin uses cookies (like _obid) to tell us when people from our email campaigns visit our website.
You can turn off cookies at any time in your browser settings, but some parts of the site may not work as well if you do.
Third-Party Links and Social Media
Our website may contain links to third-party websites and social media platforms. We encourage you to review their privacy policies.
Policy Review
This policy is regularly reviewed and may be amended by the Directors to ensure ongoing viability, applicability, and legal compliance.