Privacy and Data Protection Policy – Summary

This summary is an overview of our Privacy and Data Protection Policy. Please read the full Policy for more detailed information.

This Privacy and Data Protection Policy (the Policy) informs you how the Security Management Resources® Group of Companies (SMR) prioritizes your privacy, processes and protects your personal data. The Policy concerns the SMR website and any other SMR products or services which collect personal data or which are linked to this Policy or on which this Policy is visible. SMR is the data controller for the processing of personal data under applicable law.

This Policy does not apply to third party websites to which the SMR website, products or services may link.


SMR has recently updated our Privacy and Data Protection Policy to clarify how we protect your personal data in keeping with new standards introduced by the European data protection law known as the General Data Protection Regulation (GDPR).

Privacy and data protection standards and laws vary by country and are subject to change. We recommend you read the full Policy carefully and check back frequently to review any updates made as a result of evolving privacy and data protection laws.

Lawful Basis of Processing

SMR will only process personal data where we have a legal basis for doing so. We may collect and process your data on one or more of several legal bases:

Your consent, whereby we have obtained your prior expressed consent.

It is a contractual necessary in connection with any contract between SMR and you.

To manage, operate or promote our business.

In compliance with a legal obligation that we are subject to.

SMR will review the personal data we hold on a regular basis to ensure it is being lawfully processed and it is accurate and relevant.

Personal Data We Collect

As a recruitment and consultancy business, SMR collects and processes both personal data and sensitive personal data. We may collect data from you in a variety of ways. This may include directly from you, from your devices that interact with our services or from third party sources. Types of information we collect may include:

Information you provide. Personal data you provide when you create a candidate profile, register for our products or services, respond to questionnaires or surveys or enter into a contract with SMR.

Information collected automatically. Your IP address and non-identifying information about your use of the SMR website may be collected automatically using cookies and analytical software.

Information from other sources. Personal data from third party service providers that may include data resulting from the completion of assessment instruments, reference details and other information that would normally be collected during recruitment activities.

Privacy Notices

SMR will issue privacy notices to individuals either at the time when we first obtain their personal data or within one month where we collect personal data other than from the individual directly. If we intend to disclose the personal data to a third party, SMR will issue the privacy notice either prior to or when the personal data are first disclosed.

How We Use Your Personal Data

SMR processes personal data in relation to our own staff, employment seekers (candidates) and individual client contacts. We may hold personal data on individuals for the following purposes:

  • To communicate with you.
  • Administration and processing of candidates’ personal data for the purposes of providing employment services, including processing using software solution providers and back office support.
  • Administration and processing of clients’ personal data for the purposes of introducing candidates, providing consultancy services and execution of any additional contractual obligations.
  • Staff administration.
  • Accounts and records.
  • Advertising, marketing, public relations and customer service.
  • To improve your experience on our website.
  • To notify and report to authorities under our legal obligations.

How Long Your Data is Stored

SMR takes every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Policy.

We will retain candidate data only as long as your candidate profile account is valid, plus the applicable period for limitation of legal claims and any additional periods required or permitted under applicable law. You may indicate you no longer wish to be considered for employment opportunities, withdraw your consent, or request that your data be deleted as described in the section titled “Individual Rights Regarding Data Processing”.

You will be asked to update your data on a regular basis. It is important to regularly review your personal data for accuracy and ensure it is kept up-to-date.

Information We Share

Except as described in this Policy, SMR does not sell, lease, rent or otherwise disclose your personal data to any third party.

With your consent, we may disclose your personal data to:

  • Our clients; candidate data – for the purpose of placing candidates in their employ.
  • Our candidates; client data – for the purpose of evaluating the organization and any positions for possible employment.
  • Third party candidate management system providers.
  • Third party service providers of assessment testing instruments.
  • Third party service providers of background and reference checking services.

We may be required by the binding requirements of applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.

Each of the SMR companies are privately held and managed by their owners. In the event of any change of ownership or reorganization of our businesses (i.e. mergers and acquisitions), we may disclose your personal data to potential or actual purchasers or their advisers, where appropriate. We will promptly notify you of any such action.

Personal Data of Children

SMR’s business is not targeted to children. Therefore, we do not collect personal data of children and will not carry out any automated decision-making or profiling using the personal data of a child.

Safeguarding Your Personal Data

SMR has implemented technical and organizational security measures designed to ensure that data protection is integral to all processing activities and to protect your personal data. We maintain a variety of physical, electronic and procedural safeguards to protect your personal data including encryption and a secure candidate portal.

Our services may be provided using resources and servers located in various countries, partly located outside of EU/EEA. Therefore, your personal data may be transferred across international borders outside the country in which you use our services. We will ensure any such transfer is covered by appropriate contractual measures (i.e. using European Commissions Standard Contractual Clauses), that the transfer has an appropriate legal basis and that the data processing and confidentiality fulfills the requirements in relevant laws.

Our candidate management system is certified under the Privacy Shield Framework as relates to compliant data flows between the EU (and Switzerland) and the US.

Please note that the transmission of information via the internet is never completely secure.

Individual Rights Regarding Data Processing

You may choose not to provide your personal data to us. Please note that if you wish to be considered a candidate for any of the positions for which SMR is recruiting, we may be unable to consider you if you elect not to provide your personal data.

You have the right to see and obtain a copy of the personal data about you that we maintain as well as to ask us to make corrections to inaccurate or incomplete personal data about you. If you have created a candidate profile, you may correct or otherwise modify your own personal data at any time by logging in via the secure candidate portal. You have the right to receive data that you have provided to us in a machine-readable format and to transmit that data to another controller. You may also request the erasure of your personal data or the restriction of its processing, or object to the processing of personal data about you.

Subscription to any of SMR’s products, services or marketing is entirely voluntary and requires a proactive action including expressed consent on the part of the individual. We include an unsubscribe link in all electronic messages we send you (i.e. job announcements, newsletters). You may withdraw your consent to receiving these at any time.

You may withdraw your consent to the processing of your personal data at any time. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases such as storing your data as required by applicable law. Withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.

All requests regarding individual rights should be sent to . You may also Contact Us from the SMR website. Additionally, you may contact us via postal mail at:

Security Management Resources®
Attention: Privacy Officer
41 West Lee Highway
Warrenton, VA 20186 USA

Your local Data Protection Authority is responsible for making sure that applicable privacy laws are followed in your locality. Please review the section titled “Individual Rights Regarding Data Processing” in our full Policy for links to supervisory authorities.

Website Privacy

We want you to have a secure, seamless experience during your visit to the Security Management Resources® website. Please note that certain features on our website are offered by third parties and the third party privacy policies apply.

The SMR website is owned and operated by SMR in the United States, but the information you provide will be accessible SMR employees and third party suppliers in other countries in accordance with this Policy. If you are visiting the SMR website from a country other than in the United States, your communications with us will necessarily result in the transfer of information across international borders. The level of legal protection for personal data is not the same in all countries, however we will take security measures described in this Policy in an effort to keep your information secure.

By using the SMR website, you understand that your personal data will be stored and processed in the United States and in any country to which we may transfer your information in the course of our business operations.


Cookies are small text files that are placed on your computer by websites that you visit. The SMR website utilizes cookies that allow you to navigate through our website smoothly. These cookies do not collect information that can identify you. No targeting or advertising cookies are present on the SMR website. Your browser software can be set to disable cookies.


Social Media: Links to SMR’s pages on social media outlets are available in several locations on the site. Should you choose to follow these links and leave the SMR site, each such third party service provider may collect personal data regarding your visits and interaction with its services based on its own polices and rules concerning data privacy.

Content: Content published on the SMR website often includes links to third party sites that contain additional information on a topic, event or article. Should you choose to follow these links and leave the SMR website, each such third party service provider may collect personal data regarding your visits and interaction with its services based on its own policies and rules concerning data privacy.


SMR uses Google Analytics to analyze usage of our website. The information that Google Analytics collects is in an anonymous form. It helps to compile reports so that we can understand usage of our website and improve it. If you want further information about how Google Analytics function or do not want your data used by Google Analytics, please visit Google’s “Safeguarding your data” or the Google Analytics Opt-out Browser Add-on page.

Data Breaches

Should SMR establish that a personal data breach has taken place, we will take steps to contain and recover the breach. We will notify the relevant supervisory authority for data breaches in the effected jurisdiction. If we identify a personal data breach resulting in a high risk to the rights and freedoms of any individual, we will notify all affected individuals without undue delay.

Updates to This Policy

SMR reserves the right to change and modify this Policy from time to time. When we update this Policy, we will modify the “Effective Date” to indicate when such changes have come into effect. If the changes are material and affect you in an adverse way, we will contact you via email and/or prominently post a notice advising the change at the beginning of this Policy.

Please review the full Policy for additional information.

© 2024 - Security Management Resources®. All Rights Reserved.