Privacy Statement

1.    Policy Statement
The protection of personal data is governed within the UK and European Union by a legal framework called the General Data Protection Regulations (GDPR).  Eastwood & Partners are committed to ensuring that we are compliant with GDPR by keeping personal data safe, secure, confidential, and only using it for legitimate business purposes. 
2.    Purpose of the Policy
The protection of personal and sensitive data is of upmost importance to Eastwood & Partners and it is the purpose of this policy to reassure our job applicants that their personal data is kept safe, secure and confidential. 
This policy will therefore outline how we handle, store and process personal data, including the measures we take to ensure that all personal data is stored and processed securely. It is our aim, in conjunction with this policy; that our job applicants will understand how Eastwood & Partners legally collect, process and store their personal information.
3.    Why we collect your Personal Data
When Eastwood & Partners receive your personal data through your job application, we use this data to help identify your suitability for a job application or position within the firm. We also use your data to enable us to contact or maintain a record of your interest for the job role, also allowing us to contact you in the future. 
4.    The Privacy of your Personal Data 
Your electronically stored personal data is only available to view and be processed by those who have a legitimate business reason for doing so. Eastwood & Partners have restricted access to Directors, Human Resources and the IT Department only. Personal data held in any paper form is shredded or stored in lockable secure cabinets/drawers. 
5.    Sharing your Personal Data 
Your personal data is not shared with any third parties. We engage an IT support consultancy who can have access to personal data as and when they work alongside us. However, we have carried out the necessary checks with these software platforms and third parties to ensure GDPR compliance and to confirm that your personal data is secure, and not shared.  
6.    The Security of your Personal Data 
Our computer systems run a layered security system, which is the practice of combining multiple mitigating security controls to protect resources and data. We have had our perimeter defences tested twice in the last year and as part of our Cyber Security Essentials. Computer security testing is conducted annually. Access to any data on our system is restricted by job function which is reviewed on a regular basis. 
All data stored on network drives is securely backed up multiple times in multiple secure locations. Our backups exceed best practise guidelines and recovery is tested regularly. We encrypt all HR data that is backed up offsite. Access to our data by support organisations is also covered under the GDPR and their policies have also been confirmed to be in compliance.
7.    Retaining your Personal Data 
We only retain your job application/CV for a period of 6-12 months in order to enable us to provide a service to you, for which you gave us your personal details, namely your interest in a job vacancy. We aim to delete all personal data after this period unless a statutory reason prevents us otherwise.