GDPR COMPLIANCE POLICY
1. Introduction to GDPR Compliance
HR HUB MEDIA (“we,” “us,” or “our”) is fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679, which governs data protection and privacy for individuals within the European Union (EU) and European Economic Area (EEA). This policy outlines our approach to GDPR compliance, detailing how we collect, process, store, and protect personal data while respecting individuals’ privacy rights.
2. GDPR Principles We Follow
To ensure compliance with GDPR, we adhere to the following core principles:
Lawfulness, Fairness, and Transparency
We process personal data only when we have a legal basis (consent, contract, legal obligation, etc.).
Our Privacy Policy clearly explains how we use data.
Purpose Limitation
We collect data only for specified, legitimate purposes and do not use it for incompatible purposes.
Data Minimization
We only collect data that is necessary for the intended purpose.
Accuracy
We ensure data is accurate and kept up to date.
Storage Limitation
We retain data only for as long as necessary.
Integrity and Confidentiality
We implement strong security measures to protect data from breaches.
Accountability
We document our compliance efforts and conduct regular audits.
3. Data We Collect & Legal Basis for Processing
A. Types of Personal Data Collected
We may process the following personal data:
Contact Information: Name, email, phone number, job title
Professional Data: Resume/CV (for job applicants), company details
Technical Data: IP address, browser type, cookies (see Cookie Policy)
User-Generated Data: Comments, feedback, survey responses
B. Legal Basis for Processing
We rely on one or more of the following legal bases under GDPR:
Consent: When you opt in (e.g., newsletters, cookies).
Contractual Necessity: When processing is required to fulfill a service (e.g., job applications).
Legal Obligation: When required by law (e.g., tax records).
Legitimate Interest: For business operations (e.g., fraud prevention, website analytics).
4. Data Subject Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of your data. | Email [dpo@hrhubmedia.com] |
| Right to Rectification | Correct inaccurate data. | Update account settings or contact us. |
| Right to Erasure (“Right to Be Forgotten”) | Request deletion of your data (where applicable). | Submit a written request. |
| Right to Restrict Processing | Limit how we use your data. | Specify restrictions in your request. |
| Right to Data Portability | Receive your data in a structured format. | Request via email. |
| Right to Object | Opt out of processing (e.g., direct marketing). | Unsubscribe or contact us. |
| Right to Withdraw Consent | Revoke previously given consent. | Update preferences or email us. |
| Right to Lodge a Complaint | Report concerns to a supervisory authority. | Contact your local DPA. |
Note: We may verify your identity before fulfilling requests.
5. Data Security Measures
We implement technical and organizational measures to protect personal data, including:
Encryption: SSL/TLS for data transmission.
Access Controls: Role-based permissions for staff.
Regular Audits: Security assessments and penetration testing.
Employee Training: GDPR and cybersecurity awareness programs.
Data Breach Protocol: Immediate response and notification (within 72 hours if required).
6. Data Transfers Outside the EU/EEA
If we transfer data outside the EU/EEA (e.g., via cloud services), we ensure safeguards such as:
Standard Contractual Clauses (SCCs)
Adequacy Decisions (for countries with approved data protection laws)
7. Roles & Responsibilities
| Role | Responsibilities |
|---|---|
| Data Protection Officer (DPO) | Oversees compliance, handles GDPR requests, and liaises with regulators. Contact: [dpo@hrhubmedia.com]. |
| IT Security Team | Implements cybersecurity measures and monitors threats. |
| Marketing Team | Ensures opt-in consent for campaigns and honors unsubscribe requests. |
| All Employees | Complete GDPR training and follow data protection protocols. |
8. Third-Party Processors
We use GDPR-compliant vendors for services like:
Email marketing (Mailchimp, HubSpot)
Analytics (Google Analytics – anonymized data)
Hosting (AWS, GDPR-compliant servers)
All third parties sign Data Processing Agreements (DPAs) to ensure compliance.
9. Data Retention & Deletion
We retain personal data only as long as necessary, based on:
Legal requirements (e.g., tax records: 7 years).
Business needs (e.g., active accounts).
User requests (e.g., deletion upon withdrawal of consent).
After retention periods expire, data is anonymized or securely deleted.
10. Updates to This Policy
We may revise this policy to reflect regulatory changes. The latest version will always be available at [https://hrhubmedia.com/gdpr-policy].