GDPR
On May 25, 2018, the GDPR law is going to come into effect. This law will make it mandatory for companies to protect personal data of European citizens if they are storing or sharing the same. When we say personal data, it includes an individual’s name, photos, contact information, email ID, etc.
This is a new step taken to protect customers’ rights and will regulate the export of customer data. With complete transparency, now customers will know when and where their data is being used.
We are proud to announce that CandidateZip is General Data Protection Regulation (GDPR) compliant.
We've launched a new update to our parsing API keeping the GDPR guidelines in mind. CandidateZip has never stored resume information during/after parsing on its cloud servers since its inception.
We only keep
-
A log of IP
-
Timestamp
-
User Key
-
Sub user Value
-
File Name.
IP- It means your IP address of server from where you call our service. This is your outbound server IP and not that of candidate’s.
User Key, Sub User ID - are predefined. Has nothing to do with Candidate information.
File Name - This can be considered as private information of candidate. We save file name for billing purpose only. Now with GDPR compliant product, you can delete these file names.
We never store personal data of candidates on our servers. This includes
-
Name
-
Contact details (phone number, email address)
-
Photos
-
Bank details
-
Medical information
-
Marital status
-
Gender
-
Date of birth
-
Nationality
-
Salary
-
Location
-
Family details
-
Street addresses
-
Social media links
Apart from this, we also do not save
-
Any references mentioned in the resume/CV
-
Any URLs and IP addresses
Another compliant issue is data traveling to non-EU servers. For this, we can host the cloud API for you on an EU node of AWS.
We keep user data with us only till the logs are analysed. Once the analysis is done, we delete this data. You can also send a request to delete your account. It will change the username and other information to a non-recognizable number. We also assume that you are authorized to share candidates’ data with third-party (us) and have the right to get their information deleted if required.
According to this law, it is legal to collect and use data of candidates as long as they have shared it with you willingly. But if your company misrepresents it or shares the same with a third-party without candidates’ knowledge, you will be charged with a heavy fine. Candidates have the right to get their data deleted at any time, and you must accept their request. If there is a security breach, companies must inform authorities within 72 hours. To adhere the guidelines of GDPR, let your candidates know where you are using their data and oblige them when they would like to delete it.
CandidateZip’s Data Protection Officer is Paramdeep Singh
San Ramon, CA, 94583, USA
+1-925-272-9424