Security and Privacy Policy

Last updated: 04/06/2024

Introduction

AMO Consultancy Services Ltd is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. We respect your privacy and protect your personal data, adopting a “Personal Data Protection Policy” that sets out how we seek to protect personal data in accordance with all applicable regulations, including the European Data Protection Regulation (EU) 2016/679 of 27 April 2016.

Objectives

The objective of Information Security is to ensure business continuity and minimize business damage by preventing and minimizing the impact of security incidents. Information assets must be protected to ensure

Confidentiality

Protection against unauthorized disclosure.

Integrity

Protection against unauthorized or accidental modification.

Availability

Ensuring information is accessible when required.

Definitions

Candidate / Applicant

Person who has sent an application and/or has been contacted by AMO Consultancy Services Ltd regarding a job offer.

Data Subject

The individual who is the subject of personal data.

Data Controller

Entity that determines the purposes and means of processing personal data.

Data Processor

Entity that processes personal data on behalf of the Data Controller.

Employee

Person recruited by AMO Consultancy Services Ltd.

GDPR

European Data Protection Regulation (EU) 2016/679.

HR or Human Resources

Department involved in personnel management, recruitment, payroll, or staff relations.

Personal Data

Information relating to an identifiable person.

Processing

Operations performed on personal data, such as collection, recording, storage, etc.

AMO Consultancy Services Ltd

AMO Consultancy Services Ltd and all subsidiaries.

Responsibilities

Directors

Approve and oversee the Information Security and Privacy Policy, ensuring compliance and continuous improvement.

Data Protection Officer (DPO)

Manages day-to-day data protection responsibilities and ensures compliance with applicable regulations. Contact: [email protected].

Employees and Agents

Safeguard organizational assets and report any security breaches immediately.

Data Collected

We commit to collecting and processing Personal Data lawfully, fairly, and transparently. Personal Data collected includes:

Identifying Information

Name, address, phone number, email.

Job Application Data

Professional experience, resume details, etc.

Professional Data

Job title, company affiliation.

HR Data

Social security number, payroll information, training records, etc.

Purpose of Data Collection

Clients/Prospects/Suppliers

To provide services, manage contracts, and communicate offers.

Candidates

To manage job applications and recruitment processes.

Employees

To manage employment relationships, administer HR processes, and comply with legal obligations.

Data Storage and Retention

We store data only as long as necessary for the purposes outlined in this policy. Criteria for retention include:

Cookies 

Stored according to local authority limits.

Job Applications

Stored for up to 2 years unless consent for longer retention is provided.

HR Data

Retained for the duration of employment and as required by law thereafter.

Data Subject Rights

Data Subjects have the following rights:

Right of Access

The right to ask and obtain confirmation whether we are processing your Personal Data or not. If this is the case, you can access your Personal Data and obtain information such as the purpose of the processing, the categories of personal data concerned, etc.

Right to Rectification

The right to obtain from us the rectification of inaccurate Personal Data concerning you.

Right to Erasure

The right to obtain the erasure of your Personal Data, insofar as one of the reasons justifying this right applies to your situation.

Right to Restriction

The right to obtain the restriction of the Processing, where one of the grounds justifying the exercise of this right applies to your situation.

Right to Object

Object to data processing based on specific situations.

Right to Data Portability

Receive data in a portable format.

Post-Death Directives

Define directives for data after death.
To exercise these rights, contact: [email protected].
We will respond within one month, extendable by two months if necessary.

Data Access and Sharing

Only authorized individuals and trusted service providers may access personal data as necessary. We ensure confidentiality and security through contracts and regular reviews.
We make every effort to ensure that the number of such individuals is kept as small as possible and to maintain the confidentiality and security of your Personal Data.
In this regard, we share with them only the information they need to provide the service and we ask them not to use your Personal Data for any other purpose. We always make our best efforts to ensure that all our trusted service providers with whom we work, maintain the confidentiality and security of your Personal Data. We also ensure that when our relationship with a trusted service provider comes to an end, that service provider deletes your Personal Data without delay.
We select our trusted service providers with great care, ensuring that they provide sufficient guarantees, including expertise, reliability and resources, to implement the technical and organizational measures to meet the requirements of applicable legislation, including security of processing. In this regard, we ensure that our trusted service providers process Personal Data only on our documented instructions. We also ensure that their personnel are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.
Internally, your personal data can only be accessed by the HR department or any other departments having a strict need to know. This access is under strict review by our Data Privacy Officer in order to ensure the Group’s compliance with applicable laws.

Data Storage Location

Data is stored within the EEA. Transfers outside the EEA are allowed under strict conditions.

Security Measures

We implement appropriate technical and organizational measures to protect data, including access controls, authentication processes, and regular policy reviews.

Cookies

Cookies collect information about your activities on our website. You can manage cookies through your browser settings. We use Google Analytics for anonymized traffic data.

Third-Party Links and Social Media

Our website may contain links to third-party websites and social media platforms. We encourage you to review their privacy policies.

Policy Review

This policy is regularly reviewed and may be amended by the Directors to ensure ongoing viability, applicability, and legal compliance.