Date of policy: 01/09/2023
This policy will be reviewed every 12 months (as a minimum).
Review Date: 01/09/2024

We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes. This policy sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

Information About the Company
Maze Recruitment Group
Private Limited Company registered in England and Wales under company number 12913358 at 2 Timperley Close, Wakefield, WF1 2FT
VAT number: 361 0261 39
Data Protection Officer: Nicola Wilson
Email address:
Telephone number: 0113 4660 370

Maze Recruitment Group is a member of the Association of Professional Staffing Companies (APSCo) and of the Information Commissioners Office.

The Data Protection Act 2018
Companies processing personal data are required to abide by the eight principles of the Data Protection Act 2018 (“DPA”), which require that data is:

• Fairly and lawfully processed.
• Processed for limited purposes.
• Adequate, relevant and not excessive.
• Accurate.
• Not kept longer than necessary.
• Processed in accordance with the data subjects’ rights.
• Kept securely Not transferred to countries outside the European Economic Area without adequate protection.

Personal data means data, which relates to a living individual who can be identified from the data or
from the data together with other information, which is in the possession of, or is likely to come into
possession of Maze Recruitment Group. Data may only be processed with the consent of the person whose data is held.

The definition of “processed” is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes both hard and soft copy data.

Maze Recruitment Group adheres to the strict GDPR. The General Data Protection Regulation states
that personal data must be kept “no longer than is necessary” for the purposes for which the personal data are processed.

Policy Objective
The objective of this policy is to ensure that all external stakeholders and staff members are aware of the Maze Recruitment Group policy with regard to processing personal data, and that employees are fully aware of the requirements and obligations required of them and Maze Recruitment Group by the DPA.

Policy Statement
Maze Recruitment Group is required to keep certain information regarding its employees, candidates and clients to enable it to carry out its day to day operations, and to comply with its legal obligations.

Maze Recruitment Group are committed to ensuring that all personal data is processed in line with the DPA. To comply with the principles of the DPA, as outlined above, personal information will be collected and used fairly, stored safely and not disclosed to any other person or organisation unlawfully.

Policy Responsibilities
Maze Recruitment Group is registered with the Information Commissioners Office and has appointed Nicola Wilson as Data Protection Officer. Nicola Wilson is responsible for ensuring the provision of suitable DPA advisory, training and awareness, DPA request handling, and compliance with Maze Recruitment Group obligations under the DPA.

It is the responsibility of all employees to ensure that they understand their obligations under the
DPA, and to inform the Data Protection Officer if they do not; and all data processed is done so in line with this policy.

All data subjects have the right to access the information held about them, ensure that it is correct and fairly held, and to complain to the Data Protection Officer if they are dissatisfied. All requests to access personal data will be handled in accordance with the DPA.

Data subjects include all staff, candidates, clients, contacts, and any other person about whom Maze Recruitment Group processes personal data. Maze Recruitment Group may not always seek the consent of data subjects when processing personal data, for example, when processing for normal business purposes or when the information is already in the public domain or permission for data to be accessed or downloaded has already been given via a third party organisation, for example, a CV job board.

Everyone who provides personal data to Maze Recruitment Group is responsible for ensuring adherence to the DPA, especially with regard to accuracy and, in the case of third parties providing the personal data of others, the right to disclose this personal data.

Maze Recruitment Group will review this policy on a regular basis to ensure its relevance and effectiveness.

If an employee is found to have deliberately acted in contravention of this policy, s/he will be subject to the company’s Disciplinary Policy, and such behaviour could lead to disciplinary action. Any queries regarding this policy should be raised in the first instance with the Data Protection Officer: