Introduction
Global Collective is committed to ensuring compliance with the UK General Data Protection Regulations (GDPR) (EU Regulation 2016/679) and the UK Data Protection Act 2018 (DPA 2018). Our comprehensive policies and procedures are designed to protect the rights of data subjects and to ensure the confidentiality, integrity, and availability of personal data in alignment with UK legislation. These include Privacy Policy, GDPR, Data Erasure, and Data Protection policies that align with UK data regulations.
GDPR Policy Scope and Application
This policy applies to all personal data processed by Global Collective during recruitment and procurement activities. It encompasses data collection, processing, storage, and sharing practices for candidates, clients, subcontractors, and other stakeholders involved in public procurement processes. To support wider public procurement, Global Collective ensures compliance with key Procurement Policy Notes (PPNs), including PPN 02/18 (data protection), PPN 06/21 (sustainability), and PPN 03/23 (prompt payment). This alignment strengthens trust and guarantees adherence to GDPR and procurement regulations.
Technical Facilities: Our Processes and Systems
At Global Collective, we utilize secure cloud infrastructure to ensure a scalable, secure, and highly available platform for data storage and processing. How Global Collective upholds Confidentiality, Integrity, Availability, and Resilience:
- Confidentiality: Personal data is encrypted both in transit and at rest. Access to personal data is restricted to authorized personnel only, using role-based access control measures.
- Integrity: Regular audits and checks are conducted to ensure that data is accurate and up to date. Secure data handling practices and regular backups maintain data integrity.
- Availability: Data is stored on secure servers with redundancy and disaster recovery plans in place to ensure data availability. Regular maintenance and updates prevent data loss or breaches.
- Resilience: Systems are designed to withstand and recover quickly from data breaches, system failures, or other disruptions. Incident response plans are in place to address any data security incidents promptly.
Our data protection policies ensure that all personal data is processed fairly, lawfully, and transparently.
Procurement Data Governance
Our Data Protection Officer (DPO) oversees robust data governance and protection processes, ensuring real-time and future compliance with evolving digital, data, and technology standards in procurement. This includes:
- Data Lifecycle Management: Securing data at every stage, from creation to destruction.
- Governance Framework: Defining clear roles and responsibilities for overseeing data security policies and enforcement.
- Incident Management: Aligning with Cyber Essential frameworks to handle and report data breaches promptly, satisfying GDPR’s mandatory breach reporting requirements.
- Recording: Maintaining detailed records of all data processing activities, including purposes, categories of data subjects, personal data, data recipients, and retention periods.
Data Rights
Global Collective is committed to ensuring that the rights of data subjects are upheld. These include:
- Privacy Information: Clear and accessible privacy notices explain how personal data is collected, used, and shared. These notices are available on our website and during the initial data collection process. Access our Privacy Policy globalcollective.
- Access, Rectification, and Deletion: Data subjects can access, correct, or request the deletion of their data. Subject Access Requests (SARs) are processed within 30 days.
- Portability: Personal data can be provided in a structured, machine-readable format for transfer to another data controller.
- Consent-Based Processing: Clear, informed, and auditable consent is obtained before processing data. Individuals can withdraw consent at any time.
Data Security and Safeguarding Procedures
- Legal Compliance: Regular reviews ensure ongoing compliance with GDPR and other relevant legislation.
- Data Minimisation: Only necessary data is collected, following GDPR principles.
- Breach Management: Incident response plans ensure prompt assessment, containment, and notification of breaches, including to regulatory authorities if required.
Data is safeguarded through secure technologies such as Microsoft Azure and Google Cloud, ensuring compliance with GDPR and cybersecurity standards, including Cyber Essentials accreditation.
Contact Details
For any GDPR-related inquiries or concerns, please reach out to:
- Email: attend@globalcollective.ae
Policy Review: This GDPR Policy is reviewed and updated annually. The next review is scheduled for 01/01/2026.