Lion&Bear Compliance – Data Protection
Under our standard contract terms, we act as a Data Processor for our clients who are the Data Controller. We act under the assumption that the Data Controller has satisfied a lawful basis of data processing under GDPR.
Lion&Bear operate a common operating, cloud environment with up to date McAfee antivirus on all devices, including mobiles. When information is stored locally and not in the cloud, they stay within our secured documents folder. We do not store work in progress and only store the completed work on which we are contracted to complete, for example the CV formatted into the clients chosen format.
In the event of a data subjects data access request to the Data Controller, we are able to comply with the request and also the possible outcome of the data subjects individual rights.
The focus for us as a processor is the maintenance and tracking of processing activities. We maintain records in secure environments and we track all activity as a time tracker that can be audited when required.
Destruction policy – when we receive the CV by email, we complete the work and send back. Once the consultant confirms they are happy with this, we delete all records on confirmation. We will not keep any CV for longer than 30 days.
Using a clients system– when L&B operate within the client environment, no data is stored outside of that environment.
Lion&Bear are fully insured against data breach under our Hiscox PI insurance.