GDPR Compliance
✓ GDPR CompliantOur Commitment to Data Protection
Lodestone is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). We implement robust data protection measures to ensure your personal information is handled securely, transparently, and in accordance with your rights.
1. GDPR Compliance Framework
✓ Lawful Processing
We process data only on legal bases: consent, contract, legitimate interest, or legal obligation.
✓ Data Minimization
We collect only data necessary for specified purposes and retain it no longer than needed.
✓ Transparency
Clear privacy notices explain what data we collect, why, and how we use it.
✓ Data Security
Technical and organizational measures protect against unauthorized access and breaches.
✓ Individual Rights
Mechanisms to exercise all GDPR rights: access, rectification, erasure, and more.
✓ Accountability
Documentation, policies, and procedures demonstrate our compliance efforts.
2. Data Protection Principles
2.1 Lawfulness, Fairness, and Transparency
- ✓ We inform you about data collection before or at the point of collection
- ✓ We obtain explicit consent for processing where required
- ✓ We provide clear privacy notices in plain language
2.2 Purpose Limitation
- ✓ Data is collected for specific, explicit, and legitimate purposes
- ✓ We do not process data in ways incompatible with original purposes
- ✓ New processing purposes require additional consent or legal basis
2.3 Data Minimization
- ✓ We collect only data adequate, relevant, and necessary
- ✓ Forms request only essential information
- ✓ Optional fields are clearly marked
2.4 Accuracy
- ✓ Mechanisms to update or correct personal data
- ✓ Regular reviews to ensure data accuracy
- ✓ Prompt rectification of inaccurate data
2.5 Storage Limitation
- ✓ Defined retention periods for each data category
- ✓ Automatic deletion after retention period expires
- ✓ Secure disposal methods for deleted data
2.6 Integrity and Confidentiality
- ✓ SSL/TLS encryption for data in transit
- ✓ Encrypted databases for data at rest
- ✓ Access controls and authentication systems
- ✓ Regular security audits and penetration testing
3. Your GDPR Rights
We Make It Easy to Exercise Your Rights:
- Right to Access (Article 15): Request a copy of your personal data we hold
- Right to Rectification (Article 16): Correct inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
- Right to Restriction (Article 18): Limit how we process your data
- Right to Data Portability (Article 20): Receive your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing
To exercise any right: Email privacy@lodestone.io
Response time: Within 30 days (extendable to 60 days for complex requests)
4. Data Processing Activities
4.1 Recruitment Services
- Data Collected: CV, contact details, work history, skills, references
- Legal Basis: Consent and contract performance
- Retention: 3 years from last application (with consent)
- Sharing: With client companies (with your explicit consent)
4.2 Employer Branding Services
- Data Collected: Company information, contact persons, project details
- Legal Basis: Contract performance and legitimate interest
- Retention: Duration of contract + 5 years for business records
- Sharing: With service providers under data processing agreements
4.3 Event Management
- Data Collected: Name, email, company, dietary requirements
- Legal Basis: Consent and legitimate interest
- Retention: 1 year after event completion
- Sharing: With event co-hosts and venues (as necessary)
5. Data Security Measures
Technical Measures:
- 🔐 Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
- 🔒 Access Control: Role-based access with multi-factor authentication
- 🛡️ Firewalls: Network segmentation and intrusion detection
- 📊 Monitoring: 24/7 security monitoring and logging
- 💾 Backups: Encrypted daily backups with secure storage
Organizational Measures:
- 👥 Staff Training: Regular GDPR and data protection training
- 📝 Data Processing Agreements: With all processors and sub-processors
- 🔍 Privacy Impact Assessments: For high-risk processing activities
- 📋 Data Breach Response Plan: Notification within 72 hours
- ✅ Regular Audits: Annual GDPR compliance reviews
6. International Data Transfers
If we transfer data outside the EU/EEA, we ensure adequate safeguards:
- ✓ Standard Contractual Clauses (SCCs): EU Commission-approved contracts
- ✓ Adequacy Decisions: Transfers to countries with equivalent protection
- ✓ Additional Safeguards: Encryption, access controls, data minimization
7. Data Breach Procedures
In the Event of a Data Breach:
- Detection & Containment (0-24 hours): Immediate action to stop the breach
- Assessment (24-48 hours): Evaluate scope, impact, and affected individuals
- Notification (Within 72 hours):
- Supervisory authority notification (if high risk)
- Affected individuals notification (if high risk to rights and freedoms)
- Remediation: Fix vulnerabilities, prevent recurrence
- Documentation: Record all breaches in our breach register
8. Third-Party Processors
We work only with GDPR-compliant processors:
- ✓ Email services, CRM platforms, analytics tools
- ✓ All processors sign Data Processing Agreements (DPAs)
- ✓ Regular audits of processor compliance
- ✓ List of processors available upon request
9. Children's Data
We do not knowingly process data of individuals under 16. If we discover we've collected data from a child, we will delete it immediately and notify parents/guardians.
10. Contact Our Data Protection Officer
Data Protection Officer (DPO)
Email: dpo@lodestone.io
General Privacy Inquiries: privacy@lodestone.io
Supervisory Authority:
You have the right to lodge a complaint with your data protection authority.
Find your local authority: https://edpb.europa.eu
11. Updates to Compliance
We continuously review and update our GDPR compliance measures. This page was last reviewed on February 3, 2026.
Questions About GDPR Compliance?
We're here to help. Contact our Data Protection Officer at dpo@lodestone.io for any questions about how we protect your data.