My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. GDPR

Recruitly's GDPR Policies

Published:

At Recruitly.io, we take GDPR compliance seriously, ensuring robust data protection and respect for user privacy. Our strategy is essential to everything we do. We understand that the effectiveness of GDPR compliance is only as strong as the people handling the data. If our team members don't follow GDPR guidelines and try to bypass the system, we, as a company, would still be accountable for any breaches. This is why it's crucial that everyone on our team is fully trained and understands the importance of GDPR. We ensure our staff are well-informed about the impact of non-compliance and are equipped always to follow the regulations diligently. Ensuring this level of awareness and adherence isn't just about avoiding penalties; it's about respecting the privacy and trust of our users.


1. Data Processing and Security:
  • Why It Matters: Keeping your data safe is central to our operations. Mishandling data can lead to serious penalties and damage our reputation. We use Amazon Web Services (AWS), which offers top-notch security measures like encryption and firewalls. Think of it as a high-tech version of a lock and key, keeping your data safe and sound.
  • Impact: Using a trusted provider like AWS, which adheres to international security standards, ensures that Recruitly meets GDPR requirements for data security and mitigates risks associated with data handling.
2. Automated GDPR Compliance:
  • Why It Matters: Handling GDPR compliance manually can be risky because human errors are always a possibility. Automating this process means we can manage your data more reliably and consistently. For example, when we add new users to our database, everything from sending consent requests to anonymizing data if consent isn’t given is handled automatically. This reduces mistakes and ensures that we stay on the right side of the law.
  • Impact: By automating consent management and data anonymization, Recruitly not only adheres to legal requirements but also enhances trust with users by showing a commitment to their privacy and right to control their personal information.
3. User Rights and Access:
  • Why It Matters: GDPR gives you a lot of rights, like accessing your data, correcting it, or even having it deleted. We make it easy for you to exercise these rights, which is not only good legal practice but also builds trust. By giving you control over your data, we show that we value your privacy and autonomy.
  • Impact: Empowering users in this way helps maintain transparency and builds a positive relationship with them, which is crucial for customer retention and satisfaction.
4. Transparency and Compliance Features:
  • Why It Matters: Being transparent about how we handle data is a key principle of GDPR. Our features like real-time updates, detailed logs, and clear policies ensure that you and regulatory bodies can see and understand how your data is managed. This openness not only complies with the law but also reassures you of our commitment to protecting your privacy.
  • Impact: Enhanced transparency leads to increased accountability, which can significantly reduce legal risks and promote a culture of compliance within the organization.
In the broader context:
  • Robust Infrastructure: Using services like AWS and Google Cloud, which comply with international standards, ensures our infrastructure is secure and capable of managing data according to global regulations. This flexibility is crucial as it helps us operate across different regions while keeping your data safe.
  • High Availability and Scalability: Our scalable cloud environments and data storage across multiple locations ensure that our operations can continue smoothly in any eventuality. This is vital under GDPR, which requires that data protection and access are maintained at all times, no matter what happens.
  • Automated Consent and Data Management: By automating how we manage consent and data, we drastically cut down the risk of slip-ups and non-compliance. When new contacts are added, our system can immediately manage consent requests and take necessary actions like data anonymization, ensuring compliance is swift and precise.

Each of these elements reflects our strategic approach to GDPR compliance, prioritizing security, efficiency, and your rights, ensuring that Recruitly not only meets legal obligations but also provides a secure and trustworthy service.

Publicly Available Information:

Contact details

GDPR Automations




Simplified GDPR Compliance Guide for Recruitly UK Ltd
General Principles
1. Lawful Basis for Processing
  • Consent: Collect clear, informed consent for marketing.
  • Contractual Necessity: Process data to fulfil orders and services.
  • Legal Obligation: Comply with laws (e.g., tax, financial regulations).
  • Legitimate Interests: Process data for business needs like marketing and fraud prevention, ensuring these don’t override individual rights.
  • Documentation: Keep records of the lawful basis for data processing and update privacy policies to inform customers.
2. Data Subject Rights
  • Access: Provide an easy way for individuals to see and download their data.
  • Rectification: Allow updates to incorrect or incomplete data.
  • Erasure: Offer a process to delete data upon request if conditions are met.
  • Restriction of Processing: Temporarily limit data processing if requested.
  • Data Portability: Provide data in a machine-readable format like CSV or JSON.
  • Objection: Allow opt-out from marketing and other processing activities.
  • Automated Decision Making: Inform and provide recourse against automated decisions affecting individuals.
3. Data Protection by Design and by Default
  • During Design:
    • Conduct Privacy Impact Assessments (PIAs).
    • Minimise data collection.
    • Anonymise or pseudonymise data.
  • Default Settings:
    • Use the highest privacy settings by default.
    • Require opt-in for data processing.
  • Ongoing Practices:
    • Regularly review data protection measures.
    • Train employees on data protection principles.
4. Data Security
  • Technical Measures:
    • Encrypt data.
    • Implement strict access controls.
    • Regularly update security patches.
    • Use intrusion detection systems (IDS).
  • Organisational Measures:
    • Develop comprehensive data protection policies.
    • Establish an incident response plan.
    • Conduct regular security audits.
    • Ensure third-party vendors comply with data protection requirements.
Accountability and Governance
1. Data Protection Officer (DPO)
  • Requirement Assessment: Determine if a DPO is needed based on data processing activities.
  • Appointing a DPO: Ensure the DPO has expertise in data protection laws and practices, and provide them with the necessary resources and independence.
2. Records of Processing Activities
  • Documentation: Maintain detailed records of all data processing activities.
  • Regular Updates: Periodically update records to reflect changes.
3. Data Protection Impact Assessment (DPIA)
  • High-Risk Activities: Identify activities requiring DPIAs.
  • Conducting DPIAs: Follow a structured process to assess and mitigate risks.
Breach Notification
1. Preparation and Detection
  • Incident Response Plan: Develop and maintain a plan for addressing data breaches.
  • Detection Mechanisms: Implement tools to detect breaches promptly.
2. Notification to Authorities
  • 72-Hour Notification: Notify the relevant authority within 72 hours if a breach occurs.
  • Content of Notification: Include details about the breach, its consequences, and measures taken.
3. Notification to Individuals
  • High-Risk Notification: Inform affected individuals if their rights are at high risk.
  • Content of Notification: Provide clear information about the breach and protective measures.
International Data Transfers
1. Safeguards
  • Standard Contractual Clauses (SCCs): Use SCCs for transfers to non-EU countries.
  • Binding Corporate Rules (BCRs): Implement BCRs for intra-group transfers.
  • Adequacy Decisions: Transfer data to countries with an adequacy decision from the European Commission.
2. Documentation and Monitoring
  • Impact Assessments: Regularly review and document international transfers.
  • Audits: Conduct periodic audits to ensure compliance.
Consent Management
1. Obtaining Consent
  • Clear Opt-In: Require a clear, affirmative action for consent.
  • Detailed Information: Provide detailed information about data processing purposes.
2. Managing Consent
  • Record Keeping: Maintain records of obtained consents.
  • Easy Withdrawal: Ensure individuals can easily withdraw consent.
Vendor and Partner Management
1. Data Processing Agreements
  • Contractual Clauses: Include GDPR-compliant clauses in contracts with data processors.
  • Due Diligence: Assess vendors’ compliance with GDPR before entering agreements.
2. Monitoring and Review
  • Regular Audits: Audit vendors and partners regularly.
  • Compliance Documentation: Maintain records of all vendor agreements and compliance checks.
Training and Awareness
1. Training Programmes
  • Regular Sessions: Conduct regular GDPR training for all employees.
  • Specialised Training: Offer specialised training for those handling sensitive data.
2. Awareness Campaigns
  • Ongoing Communication: Implement communication strategies to keep data protection a priority.
  • Resources and Support: Provide access to GDPR resources and support for employees.
Supervisory Authority Interaction
1. Proactive Engagement
  • Point of Contact: Designate a contact for communications with supervisory authorities.
  • Notification Procedures: Establish procedures for notifying authorities of breaches and other issues.
2. Response to Requests
  • Timely Cooperation: Respond promptly to requests or investigations.
  • Documentation: Maintain detailed records of interactions with authorities.
Access denied
Access denied