GDPR

GDPR



IPAS GDPR POLICY INTRODUCTION

IPAS Group recognizes that the protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the 'Charter') and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The Regulation in fact applies to all Companies registered within the EU territory, regardless of the fact that data may be processed outside the EU. IPAS Partners Ltd has also been audited and attested by TÜV Nord / TÜV Cyprus for strictly following GDPR Personal Data Protection Regulations.

According to EU Regulation 2016/679 the principles of data protection should apply to any information concerning an identified or identifiable natural person, and to any information concerning an identified or identifiable natural person. As per the Regulation, any entity that collects and/or controls, and/or process personal data, shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance to the same Regulation.

At IPAS, we treat the protection of personal data seriously and strive to ensure that our partners, clients, but most of all our consultants feel secure and comfortable when visiting our Internet pages, sharing their Curriculum Vitae and other personal information with us. At IPAS Group we believe that strong relationships are based on mutual trust.

The IPAS policy in relation to GDPR (The General Data Protection Regulation) describes the practices we follow in order to ensure that your data is protected with us at all times. The policy has been developed after a data protection impact assessment and a detailed process analysis assessment.



CODE OF CONDUCT: LAWFULNESS, FAIRNESS, TRANSPARENCY

At IPAS we are committed to the following principles regarding Personal Data Handling, all 10 principles being part of our Code of Conduct:

  • • Always handle personal data with lawfulness, fairness, security and transparency in mind
  • • Collect only necessary personal data based on legitimate interest
  • • Collect and store personal data only after obtaining written consent to do so by the data subject
  • • Only collect personal data which are adequate, relevant and limited to what is necessary for the purposes for which they are processed
  • • Ensure that access to personal data is allowed only after the identity of the data subject has been verified
  • • Update personal data at least once a year and renew consent
  • • Inform public about our GDPR policy and Data Subjects of their rights
  • • Be especially sensitive and protective of personal data of children
  • • Notify local authorities and data subjects in case of personal data breaches
  • • Ensure value along the GDPR chain with partners and clients


TRANSPARENCY: PERSONAL DATA THAT WE COLLECT AND REASONS FOR COLLECTING THEM

At IPAS, we fully recognize that any processing of personal data should be lawful and fair. It should be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. According to EU Regulation 2016/679, the principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand. That principle concerns, in particular, information to the data subjects on the identity of the controller (e.g. who would be handling personal data) and the purposes of the processing (why data is collected and for what reasons would they be processed).

In particular, the specific purposes for which personal data are processed should be explicit and legitimate and determined at the time of the collection of the personal data. The personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed. Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means.

We would therefore prefer to be fully transparent and stress the reasons when IPAS does need to obtain and process personal data.