Privacy Policy

Welcome to R and A Consulting ("we", "us", or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website www.raconsultingandbrokerage.com (the "Website") or interact with us in any wa

GDPR Compliance Policy

Introduction

At R and A Consulting ("we", "us", or "our"), we are committed to safeguarding the privacy and personal data of our clients, employees, partners, and all individuals who interact with us. This GDPR Compliance Policy outlines how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

Our Commitment

We ensure that personal data is processed lawfully, fairly, and transparently.
We collect personal data for specified, explicit, and legitimate purposes.
We process personal data only where it is adequate, relevant, and limited to what is necessary.
We keep personal data accurate and, where necessary, up to date.
We retain personal data only for as long as necessary.
We ensure that appropriate security measures are in place to protect personal data.

1. Data Protection Principles

We adhere to the following principles when processing personal data:

1.1 Lawfulness, Fairness, and Transparency

Personal data shall be processed lawfully, fairly, and in a transparent manner.
We provide clear and transparent information about how we use personal data.

1.2 Purpose Limitation

Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

1.3 Data Minimization

Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

1.4 Accuracy

Personal data shall be accurate and, where necessary, kept up to date.
We take every reasonable step to ensure that inaccurate personal data is rectified or deleted without delay.

1.5 Storage Limitation

Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary.

1.6 Integrity and Confidentiality

Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

1.7 Accountability

We are responsible for and able to demonstrate compliance with the GDPR principles.

2. Lawful Basis for Processing

We process personal data based on one or more of the following lawful grounds:

Consent: The individual has given clear consent for us to process their personal data for specific purposes.
Contractual Necessity: Processing is necessary for a contract we have with the individual or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: Processing is necessary for us to comply with the law.
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party unless overridden by the interests or fundamental rights and freedoms of the data subject.

3. Individual Rights

Under the GDPR, individuals have the following rights regarding their personal data:

3.1 Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data.

3.2 Right of Access

Individuals can request access to their personal data and obtain a copy.

3.3 Right to Rectification

Individuals have the right to have inaccurate personal data corrected or completed if it is incomplete.

3.4 Right to Erasure

Individuals can request the deletion or removal of personal data where there is no compelling reason for its continued processing.

3.5 Right to Restrict Processing

Individuals have the right to request the restriction or suppression of their personal data under certain circumstances.

3.6 Right to Data Portability

Individuals can obtain and reuse their personal data for their own purposes across different services.

3.7 Right to Object

Individuals have the right to object to the processing of their personal data in certain circumstances.

3.8 Rights Related to Automated Decision-Making and Profiling

Individuals have rights concerning automated decision-making and profiling.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below.

4. Data Collection and Use

We collect and use personal data for the following purposes:

4.1 Recruitment and Employment

Purpose: To assess suitability for employment, manage employment relationships, and fulfill contractual obligations.
Data Collected: Contact details, employment history, qualifications, references, and other information provided during the recruitment process.

4.2 Service Delivery

Purpose: To provide our services to clients, manage contracts, and deliver projects.
Data Collected: Contact information, professional qualifications, and project-related communications.

4.3 Marketing and Communication

Purpose: To inform individuals about our services, updates, and events.
Data Collected: Name, email address, and preferences.
Consent: We obtain explicit consent for marketing communications, and individuals can opt-out at any time.

4.4 Legal Compliance and Obligations

Purpose: To comply with legal and regulatory obligations, such as tax, employment law, and health and safety regulations.
Data Collected: Identification documents, financial information, and other legally required data.

5. Data Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

Access Controls: Restricting access to personal data to authorized personnel only.
Encryption: Using encryption technologies to protect data during transmission and storage.
Firewalls and Antivirus Software: Protecting our systems from external threats.
Regular Audits and Assessments: Conducting regular security assessments to identify and mitigate risks.
Staff Training: Ensuring employees are trained in data protection and understand their responsibilities.

6. Data Sharing and Disclosure

We may share personal data with:

6.1 Service Providers and Partners

Purpose: To facilitate our services, we may share data with third-party service providers such as IT support, payroll processors, and professional advisors.
Safeguards: We ensure that all service providers adhere to data protection regulations and have appropriate safeguards in place.

6.2 Clients

Purpose: To fulfill contractual obligations and deliver services.
Data Shared: Only the necessary data required for the specific service or project.

6.3 Legal Obligations

Purpose: To comply with legal requirements, we may disclose data to regulatory authorities, law enforcement agencies, or governmental bodies.

7. International Data Transfers

Within the EEA: Personal data may be transferred and processed within the European Economic Area.
Outside the EEA: If data is transferred outside the EEA, we ensure adequate protection through:
- Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
- Standard Contractual Clauses: Utilizing contractual clauses approved by the European Commission.
- Consent: Obtaining explicit consent from individuals where necessary.

8. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including:

Recruitment Data: Retained for up to 12 months after the recruitment process unless otherwise required by law.
Employment Data: Retained for the duration of employment and as required by law after termination.
Financial Records: Retained for at least 6 years for accounting and tax purposes.
Marketing Data: Retained until the individual opts out or withdraws consent.

After the retention period, we securely delete or anonymize personal data.

9. Data Breach Response

In the event of a data breach:

Assessment: We will promptly assess the breach to determine its scope and impact.
Notification: If required, we will notify the relevant supervisory authority within 72 hours.
Communication: Where appropriate, we will inform affected individuals without undue delay.
Mitigation: We will take necessary steps to mitigate the breach and prevent future occurrences.

10. Privacy by Design and Default

We integrate data protection into all our processing activities by:

Assessing Risks: Conducting Data Protection Impact Assessments (DPIAs) where necessary.
Minimizing Data: Collecting only the data necessary for each purpose.
Default Settings: Ensuring systems are configured to protect privacy by default.

11. Employee Training and Responsibilities

Training: Employees receive regular training on data protection principles and GDPR compliance.
Confidentiality Agreements: All staff members are required to sign confidentiality agreements.
Policies and Procedures: Employees must adhere to internal policies regarding data handling and security.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and compliance.

Data Protection Officer
Email: dpo@raconsultingandbrokerage.com

13. Contact Us

For any questions, concerns, or to exercise your rights regarding your personal data, please contact us:

R and A Consulting
1 quardrant place
Belfast, BT12 4hx
United Kingdom

Email: privacy@raconsultingandbrokerage.com

14. Changes to This Policy

We may update this GDPR Compliance Policy periodically. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Policy regularly.

Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the data controller is:

R and A Consulting
1 Quardrant place
Belfast, BT12 4HX
Email: info@raconsultingandbrokerage.com

1. Data We Collect
We may collect and process the following types of personal data:

1.1 Personal Identification Information
Full name
Email address
Postal address
Telephone number
Date of birth
National Insurance number
1.2 Professional Information
Curriculum Vitae (CV) or résumé
Employment history
Qualifications and certifications (e.g., CSCS cards)
References and recommendations
1.3 Financial Information
Bank account details (for payroll purposes)
Tax identification numbers
1.4 Usage Data
IP address
Browser type and version
Pages visited on our Website
Time and date of visit
Time spent on each page
Referring site details
Other diagnostic data
1.5 Cookies and Similar Technologies
Session cookies
Preference cookies
Security cookies
Analytics and performance cookies
2. How We Collect Your Data
2.1 Direct Interactions
Job Applications: When you apply for a position through our Website or via email.
Contact Forms: When you fill out forms on our Website to request information or services.
Communication: When you contact us by phone, email, or post.
2.2 Automated Technologies
Website Usage: As you navigate through our Website, we collect technical data using cookies and similar technologies.
2.3 Third Parties
Recruitment Agencies: Information provided to us by third-party recruiters.
Publicly Available Sources: Such as LinkedIn or other professional networking sites.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:

Consent: When you have given clear consent for us to process your personal data for a specific purpose.
Contractual Necessity: To perform a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: To comply with legal and regulatory obligations.
Legitimate Interests: For our legitimate business interests, provided that your interests and fundamental rights do not override those interests.
4. How We Use Your Data
We use your personal data for the following purposes:

4.1 Recruitment and Staffing
Evaluating your suitability for employment or engagement.
Communicating with you about recruitment processes.
Verifying your information and conducting reference checks.
4.2 Service Delivery
Assigning you to client projects based on your skills and experience.
Managing contracts and employment relationships.
Processing payments and payroll.
4.3 Communication
Responding to your inquiries and requests.
Providing you with information about our services.
4.4 Website Improvement
Monitoring and analyzing usage to improve our Website functionality and user experience.
Ensuring the security and integrity of our Website.
4.5 Legal Compliance
Complying with applicable laws and regulations.
Responding to legal processes or requests from governmental authorities.
5. Disclosure of Your Data
We may share your personal data with:

5.1 Clients and Business Partners
To facilitate placements and assignments on client projects.
To verify qualifications and certifications relevant to client requirements.
5.2 Service Providers
IT and system administration services.
Professional advisors including lawyers, bankers, auditors, and insurers.
Payroll processors and financial service providers.
5.3 Regulatory and Legal Authorities
When required to comply with legal obligations.
To protect the rights, property, or safety of our company, our clients, or others.
5.4 Third-Party Recruiters
With your consent, to share your information with recruiters for potential opportunities.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission.
Binding Corporate Rules.
Adequacy Decisions by the European Commission for certain countries.
7. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. These measures include:

Encryption of data both in transit and at rest.
Firewalls and secure server environments.
Access controls restricting personal data to authorized personnel only.
Regular security assessments and staff training.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including:

Recruitment Data: Retained for up to 12 months after the recruitment process ends unless you become an employee.
Employment Records: Retained in accordance with statutory requirements.
Financial Records: Kept for at least 6 years for tax purposes.
Usage Data: Retained for analytical purposes for up to 24 months.
After the retention period, we will securely destroy or anonymize your personal data.

9. Your Rights Under GDPR
You have the following rights regarding your personal data:

9.1 Right to Access
You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification
You can ask us to correct any incomplete or inaccurate data we hold about you.

9.3 Right to Erasure
You can request that we delete your personal data under certain conditions.

9.4 Right to Restrict Processing
You can ask us to suspend the processing of your personal data under specific circumstances.

9.5 Right to Data Portability
You can request to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

9.6 Right to Object
You have the right to object to the processing of your personal data when we are relying on legitimate interests.

9.7 Right to Withdraw Consent
If we are processing your personal data based on your consent, you may withdraw that consent at any time.

9.8 Right to Complain
You have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner's Office (ICO) in the UK.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section.

10. Cookies Policy
We use cookies and similar tracking technologies to enhance your experience on our Website.

10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and improve your user experience.

10.2 Types of Cookies We Use
Essential Cookies: Necessary for the operation of the Website.
Performance Cookies: Help us understand how visitors interact with our Website by collecting and reporting information anonymously.
Functionality Cookies: Remember your preferences and settings.
10.3 Managing Cookies
You can control and delete cookies through your browser settings. However, disabling cookies may affect the functionality of our Website.

For more detailed information, please refer to our Cookie Policy.

11. Third-Party Links
Our Website may contain links to external websites not operated by us. We have no control over the content and practices of these websites and cannot accept responsibility for their privacy policies.

12. Children's Privacy
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us to request deletion.

13. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

R and A Consulting
123 Main Street
Belfast, BT1 1AA
Email: info@raconsultingandbrokerage.com
Phone: +44 28 1234 5678

Consent

By using our Website or engaging with our services, you consent to the collection and use of your personal data as described in this Privacy Policy.

Acknowledgment

We acknowledge our responsibility to protect your personal data and are committed to complying with the GDPR and other applicable data protection laws.