GDPR Compliance
As of May 2018 the European Union implemented the General Data Protection regulation, or GDPR for short, and made significant improvements in data protection of its citizens.
TalentLyft recognizes that customer trust is essential, particularly in the recruitment industry where sensitive personal data is handled regularly. Ensuring the privacy of users, candidates, and visitors is critical to maintaining this trust. We emphasize that all personal data, including contact details, employment history, and educational background, is treated with the highest level of confidentiality.
As of May 2018 the European Union implemented the General Data Protection regulation, or GDPR for short, and made significant improvements in data protection of its citizens.
In the US the Equal Employment Opportunity laws prohibit employers from discriminating against potential candidates and require the collection demographic information from applicants.
Ensure that all of your potentially sensitive data is stored and handled securely and in compliance with your security requirements through our Data Processing Addendum (DPA) and Master agreements.
GDPR, or General Data Protection Regulation, is data protection legislation that has been implemented by the European Union and enforced since May 2018. It grants individuals greater control over their personal data. TalentLyft ensures that the candidates in your database have all the necessary rights including the ability to access, correct and delete their personal data. Additionally, TalentLyft helps you manage the explicit consents from your candidates and makes sure your database remains secure and compliant.
If you use TalentLyft, then you are seen as a data controller. As a data controller you have the responsibility for the protection of your applicants' personal data. This means you'll need to have full control over how your ATS processes personal data.
We are seen as a data processor for the personal data of applicants that is processed with our ATS. Our mission is to make sure our customers have all the tools required to shape their data processing as they see fit. Our customers stay in control, we handle the technical side.
Data Subjects are your applicants and candidates, who supply their personal data (name, surname, job title, previus positions, hyperlinks to social networks, address, e-mail address, phone number, etc.) when pursuing employment opportunities with your company.
Allow the candidates to enter their personal data, later verify it and change it if needed. They also have the ability to delete their data.
Collect only necessary personal information through the use of customisable job application forms.
The purpose of the data collection can be clearly communicated to the candidates through the compliance settings in TalentLyft.
Detailed records are kept about any relevant personal information, along with information about access or any changes that have occurred.
TalentLyft uses sub-processors, and uses only the EU entities for those processors so that the candidate data does not leave the EU.
At TalentLyft when developing new features privacy and data protection are key elements of the development process.
All the data stays within the EU and all the sub processors are contractually bound to handle the data with utmost care.
TalentLyft allows you to manage your consent configurations and gives you the ability to ask candidates for their explicit consent for processing their personal data including retention period and sharing consents.
Candidates have the ability to exercise their rights under GDPR and they can access, change or delete their personal data at any time, as well as revoke their consents.
Use the roles defined in TalentLyft to make sure that only the users that require access can see specific departments, jobs, candidates and functionalities.
Security measures implemented in TalentLyft ensure that the data is encrypted in transit and at rest. Access controls are put in place and regular security assessments are conducted.
Security measures are in place to detect, investigate and report personal data breaches. As per the regulation the supervisory authority is notified of any incidents.
Retention period defined in the compliance section, can be adjusted depending on the needs. Once the retention period expires the candidates are flagged for deletion. Additionally candidate information can be anonymized removing any personal identifiable information.
Terms and conditions for TalentLyft users and visitors regulate the access and use of both the website and the platform.
Customer confidence and privacy is critical to everything we do at TalentLyft.
In the DPA, we focus on privacy and security by defining rules of engagement to safeguard personal data precisely and compliantly.
In order to make it easier we have one document that helps us define the details of our software relationships here at TalentLyft.
The nitty gritty details of the availability and support of the TalentLyft platform.
Sensible limits to the numbers of candidates in the system, emails that can be sent and bounced coming from your company.
To ensure security we keep our internal organizational policies up to date and help our staff expand their security knowledge and experience. All the sub processors have SCC in place to ensure data protection.
Customer data security and platform performance are key to everything we do at TalentLyft so we make sure that our Cloud infrastructure is always up to date and optimized. Additionally we have a vulnerability disclosure program and regular security assessments to make sure that the data security is always up to date.
We are always looking to protect our users and to that end we make sure that any files that might end up in TalentLyft are safe for our users.