|Data Subjects – Your applicants/candidates.
|Personal Data — The information that your applicants/candidates that can be used to identify the data subject. This data could be names, addresses, IP addresses, email, contact number etc.
|Data Controllers – You. i.e. an employer or recruitment agency.
|Data Processors – Jobsoid or any other ATS or legal bodies that process personal data on your behalf.
The EU – General Data Protection Regulation (GDPR) comes into full effect across all European member states on 25 May 2018.
Generally speaking, GDPR dictates data privacy and data protection principles by giving the data subjects control of their own data and making both, the controllers as well as the processors responsible for security and privacy of this data.
Though Jobsoid was already compliant with most data protection laws, we have taken extra care to make your experience with Jobsoid more secure than ever. As a ‘Processor’ under GDPR, we have ensured that all our data processing activities are fully in compliance with GDPR.
Here is a brief outline of our current approach and ongoing commitment to welcome GDPR. In addition, we also help you become GRPR compliant.
- We process Your data only as per Your instructions and nothing more.
- We always act in accordance with the Data Processing Agreement styled as the Master Service Agreement.
- We make sure that any data that we handle for you is kept confidential. We have put in place non-disclosure and confidentiality agreements with our employees who have authorized access Your data.
- We have styled our internal policies to ensure optimum data security and compliance to data protection. This involves technical measures such as pseudonymization of some data, using a default privacy setting on the user’s profile. Additionally, we have also taken organizational measures whereby we restrict access to personal data to employees below a certain cadre.
- We have reviewed our contracts with sub-processors to have same data security and data sharing contractual obligations as we have with You.
- We have reviewed our third-party contracts with all platforms (such as cloud providers) and made sure that we only contract with those that follow a high standard of data security policies. This is to ensure that Your data is safe.
- We maintain written records of all data processing activities.
- We have conducted training programmes with our team giving information about data protection, data privacy and GDPR.
- We have an easy mechanism in place to service requests of persons exercising rights under GDPR such as deletion, return or change of personal data.
- If you wish to delete any of Your data from our system, we will do so on your instructions.
- We have migrated all our services to data centers in secure locations. We provide adequate protection for the transfers of personal data through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.
Our Privacy and other policies and documents, which reflect our GDPR compliance, are easily available to You. We will be happy to address any concerns or clarifications you may have on the same.
GDPR compliance is a fluid and ongoing process and we are zealously committed to the implementation of the same. We will regularly share our journey with GDPR, and insights and tips on how you can be more compliant with GDPR on our blog.