Security & privacy

TalentLyft recognizes that customer trust is essential, particularly in the recruitment industry where sensitive personal data is handled regularly. Ensuring the privacy of users, candidates, and visitors is critical to maintaining this trust. We emphasize that all personal data, including contact details, employment history, and educational background, is treated with the highest level of confidentiality.

TalentLyft security & privacy

Get started

  • GDPR Compliance

    As of May 2018 the European Union implemented the General Data Protection regulation, or GDPR for short, and made significant improvements in data protection of its citizens.

  • EEO/OFCCP Compliance

    In the US the Equal Employment Opportunity laws prohibit employers from discriminating against potential candidates and require the collection demographic information from applicants.

  • Security Compliance

    Ensure that all of your potentially sensitive data is stored and handled securely and in compliance with your security requirements through our Data Processing Addendum (DPA) and Master agreements.

GDPR

What is GDPR compliance in recruitment and how TalentLyft manages it

GDPR, or General Data Protection Regulation, is data protection legislation that has been implemented by the European Union and enforced since May 2018. It grants individuals greater control over their personal data. TalentLyft ensures that the candidates in your database have all the necessary rights including the ability to access, correct and delete their personal data. Additionally, TalentLyft helps you manage the explicit consents from your candidates and makes sure your database remains secure and compliant.

  • You (data controller)

    If you use TalentLyft, then you are seen as a data controller. As a data controller you have the responsibility for the protection of your applicants' personal data. This means you'll need to have full control over how your ATS processes personal data.

  • TalentLyft (data processor)

    We are seen as a data processor for the personal data of applicants that is processed with our ATS. Our mission is to make sure our customers have all the tools required to shape their data processing as they see fit. Our customers stay in control, we handle the technical side.

  • Candidates (data subjects)

    Data Subjects are your applicants and candidates, who supply their personal data (name, surname, job title, previus positions, hyperlinks to social networks, address, e-mail address, phone number, etc.) when pursuing employment opportunities with your company.

How does TalentLyft help you with GDPR compliance?

  • Data Accuracy

    Allow the candidates to enter their personal data, later verify it and change it if needed. They also have the ability to delete their data.

  • Data Minimization

    Collect only necessary personal information through the use of customisable job application forms.

  • Purpose Limitation

    The purpose of the data collection can be clearly communicated to the candidates through the compliance settings in TalentLyft.

  • Recruitment Records

    Detailed records are kept about any relevant personal information, along with information about access or any changes that have occurred.

  • Third-Party Processors

    TalentLyft uses sub-processors, and uses only the EU entities for those processors so that the candidate data does not leave the EU.

  • Privacy by Design

    At TalentLyft when developing new features privacy and data protection are key elements of the development process.

  • Data Transfers and Residency

    All the data stays within the EU and all the sub processors are contractually bound to handle the data with utmost care.

  • Explicit Consent

    TalentLyft allows you to manage your consent configurations and gives you the ability to ask candidates for their explicit consent for processing their personal data including retention period and sharing consents.

  • Consent Management and revoking

    Candidates have the ability to exercise their rights under GDPR and they can access, change or delete their personal data at any time, as well as revoke their consents.

  • Role Based Access Rights

    Use the roles defined in TalentLyft to make sure that only the users that require access can see specific departments, jobs, candidates and functionalities.

  • Security Measures

    Security measures implemented in TalentLyft ensure that the data is encrypted in transit and at rest. Access controls are put in place and regular security assessments are conducted.

  • Data Breach Notifcation

    Security measures are in place to detect, investigate and report personal data breaches. As per the regulation the supervisory authority is notified of any incidents.

  • Storage Limitation

    Retention period defined in the compliance section, can be adjusted depending on the needs. Once the retention period expires the candidates are flagged for deletion. Additionally candidate information can be anonymized removing any personal identifiable information. 

Privacy & Policies

  • Terms and conditions

    Terms and conditions for TalentLyft users and visitors regulate the access and use of both the website and the platform.

  • Privacy Policy

    Customer confidence and privacy is critical to everything we do at TalentLyft.

  • Data Processing Addnendum (DPA)

    In the DPA, we focus on privacy and security by defining rules of engagement to safeguard personal data precisely and compliantly.

  • Master Subscription Agreement

    In order to make it easier we have one document that helps us define the details of our software relationships here at TalentLyft.

  • Service Level Agreement (SLA)

    The nitty gritty details of the availability and support of the TalentLyft platform.

  • Fair Use Policy

    Sensible limits to the numbers of candidates in the system, emails that can be sent and bounced coming from your company.

Platform security, privacy & compliance

  • TalentLyft organizational measures

    To ensure security we keep our internal organizational policies up to date and help our staff expand their security knowledge and experience. All the sub processors have SCC in place to ensure data protection.

  • TalentLyft Security and Performance

    Customer data security and platform performance are key to everything we do at TalentLyft so we make sure that our Cloud infrastructure is always up to date and optimized. Additionally we have a vulnerability disclosure program and regular security assessments to make sure that the data security is always up to date.

  • TalentLyft File Security & Malware Scanning

    We are always looking to protect our users and to that end we make sure that any files that might end up in TalentLyft are safe for our users.

Simple and affordable recruitment software