Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements or the Data Protection Bill Schedule 1 condition and have high-level encryptions and protections on all such data.