How We Comply With GDPR

---

  Data Controller: Mynydd Limited, 28 Grange Road, West Cross, Swansea SA3 5ES

    We will comply with data protection law and principles, which means that your data will be:

• Used  lawfully, fairly and in a transparent way
• Collected  only for valid purposes that we have clearly explained to you and not used  in any way that is incompatible with those purposes.
• Relevant  to the purposes we have told you about and limited only to those purposes.
• Accurate  and kept up to date
• Kept  only as long as necessary for the purposes we have told you about.
• Kept   securely.

• Name and address
• Job  title
• Work  history
• Credit  history
• Results  of Veriphy search (anti-money-laundering and credit checking service)
• Bank account and payment details
• ID  documentations
• Contact   preferences
• Information  about criminal activity
• Issues  relating to confidential employment matters you instruct us on.

  We collect personal information about candidates from the following sources:

• You,  the client;
• Your  employer, where you are not the employer;
• The  other side in contentious matters
• Veriphy
• HMRC.

  Advise you on the matters you have chosen to instruct us about;

• Decide  whether to enter to accept your instructions/retainer
• Litigate and negotiate on your behalf on employment matters
• Arrange  payment of our fees
• Comply  with our legal and regulatory obligations
• For  recommendations/testimonials on our website/legal publications (with your consent only).

We will only share your personal information with the following third parties in order to provide and support our services, this being necessary for them to provide that service: IT service providers, insurers, auditors, professional advisors including solicitors and accountants, credit check agencies, legal publications and on our website (with your consent only). All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Our duty to keep information about you and your affairs confidential is governed by law. We are required by law to keep it confidential unless we need to disclose it in the course of providing our service to you; or you consent to us disclosing it to a particular person; or we are legally required to disclose it.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will retain your personal information for a minimum of 7 years. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have acted in accordance with our obligations. After this period, we will securely destroy your personal information in accordance with our data management policy.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to  you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

  Under certain circumstances, by law you have the right to:

• Request  access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request   correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about  you corrected.
• Request   erasure of your personal information. This enables you to ask us to delete  or remove personal information where there is no good reason for us  continuing to process it.
• Object  to processing of your personal information where we are relying on a  legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to  processing on this ground. You also have the right to object where we are  processing your personal information for direct marketing purposes.
• Request  the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for  processing it.
• Request  the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.