Data Security and Use Policy and Guidelines

Effective Date: May 14, 2024

Policy

This Data Security and Use Policy outlines Ferretti Search’s commitment to protecting the personal data of individuals (“Data Subjects”), including candidates, clients, and employees. This policy aims to comply with all applicable data protection laws and regulations.

Data Collection

We may collect various types of personal data, including:

Candidate Data:

• • Contact information (name, address, phone number, email)
  • Employment history (work experience, education, skills)
  • Resumes
  • Cover letters
  • Professional work samples
  • References
  • Interview notes
  • Salary expectations
  • Background checks, if applicable
  • Drug screenings, if applicable

Client Data:

• • Contact information (company name, address, contact person, email)
  • Job descriptions
  • Hiring requirements
  • Benefit packages
  • Interview schedules
  • Professional assessments
  • Organizational charts and reporting structures
  • Offer letters, bonus structures, and incentive packages
  • Applicant Tracking System access

Employee Data:

• • Contact information
  • Employment history
  • Payroll information
  • Performance reviews
  • Background checks

Other Data:

• • Website usage data (cookies, IP addresses)
  • Correspondence (emails, phone calls)

Data Processing Principles

We process personal data in accordance with the following principles:

• Lawfulness, Fairness, and Transparency: We only process personal data lawfully, fairly, and transparently.
• Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it further in an incompatible manner.
• Data Minimization: We collect only the personal data necessary for processing.
• Accuracy: We ensure personal data is accurate and updated as necessary.
• Storage Limitation: We retain personal data only as long as necessary.
• Integrity and Confidentiality: We implement security measures to ensure data confidentiality.

Legal Bases for Processing

We rely on the following legal bases for processing personal data:

• Consent: Where we obtain explicit consent from the Data Subject.
• Contract: Where processing is necessary for contract performance.
• Legitimate Interests: Where processing is necessary for our or a third party’s legitimate interests.
• Legal Obligation: Where processing is required to comply with legal or regulatory obligations.

Data Subject Rights

Data Subjects have the following rights:

• Right of Access: The right to access and confirm whether their personal data is processed.
• Right to Rectification: The right to request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): The right to request deletion of personal data under certain conditions.
• Right to Restriction of Processing: The right to request restricted data processing in specific circumstances.
• Right to Data Portability: The right to receive and transmit their data in a structured format.
• Right to Object: The right to object to processing under certain circumstances.
• Right to Withdraw Consent: The right to withdraw consent at any time when consent is the legal basis for processing.

Data Security

We implement appropriate security measures to protect personal data from unauthorized access, use, or disclosure, including:

• Access Controls: Restricting access to authorized personnel on a need-to-know basis.
• Data Encryption: Encrypting sensitive personal data.
• Secure Data Storage: Storing personal data in secure environments.
• Regular Security Audits: Conducting regular security assessments with third-party IT providers.
• Incident Response Plan: Having a response plan for data breaches or security incidents.

Data Breaches

In the event of a data breach, we will:

• Investigate the breach promptly.
• Notify relevant authorities and affected individuals as required by law.
• Mitigate the impact of the breach with our third-party IT provider.
• Modify policies and provide formal updates and training as needed.

Contact Information

If you have any questions, concerns, or complaints, contact our Data Management Administrator:

Jenna Webb
Email: jwebb@ferrettisearch.com
Phone: (704) 773-5449
Address: 110 Matthews Station St Suite 2D, Matthews, NC 28105

Modifications

We may update this Data Security and Use Policy from time to time. Any material changes will be posted on our website.