GDPR Ready Hiring
Information Security is one of our core values which determines our service design, culture and our business practices both internally and externally. AmazingHiring is committed to providing the secure service for our Customers, therefore, the goal of AmazingHiring is to have the high-level information security, which includes organizational and technical measures to ensure that data security is sufficient to protect the business against all types of threats. We want our customers and partners to have confidence that their data is protected and transparency with respect to AmazingHiring’s activities to fulfill its responsibilities in accordance with European Union General Data Protection Regulation (“GDPR”).
That is why we at AmazingHiring:
- Updated our systems and services and introduced necessary controls to strengthen the security of personal data processing;
- Clearly described our approach to information security and compliance in the Security & Compliance Whitepaper;
- Produced Guidelines for our partners and customers to become GDPR Ready.
Henceforth, AmazingHiring commits to ensure GDPR compliance prior to its entry into force on 25th of May 2018.
We have significantly improved our Information Security Policy and Information Security Management System with respect to the following controls: operational security, access control, and physical security. We apply appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, use, disclosure, or destruction. All our processes and procedures have been reviewed and modified in accordance with the ISO 27001 requirements. To have appropriate controls, AmazingHiring has an internal audit team that reviews compliance practice against the applicable rules and regulations and Good Industry Practice.
Data Protection in the Cloud
AmazingHiring is using certified service providers to ensure that data is stored in secure environments and in accordance with modern security standards. All the data which is a subject of European and US jurisdiction is being stored and processed by our services that run in Hetzner Online data centers - ISO 27001 certified cloud provider.
Secure Data Transmission
AmazingHiring integrates with different services and tools using APIs. We protect information transmitted over the network without compromising the security of the data. Communication through APIs is performed in accordance with modern web security standards using TLS 1.2 encryption.
Data Subject’s Privacy
AmazingHiring values protection of Data Subject’s rights, hence, is committed to making sure Data Subjects can exercise their rights, and that Data Subject’s requests are handled in a timely fashion.
Right to Access. Data Subject can request (free of charge) access to his/her personal data and obtain a copy of such personal data in a format acceptable to the Data Subject (e.g. Word) Data Subject can submit a request form online via www.amazinghiring.com/gdpr/form. After the form is submitted, our privacy team reviews the form and conducts requestor’s identity verification without undue delay. Upon successful verification, Data Subject is provided with a copy of his/her personal data.
Right to Data Portability. AmazingHiring ensures Data Portability in a manner that if a Data Subject is willing to transfer its data to another service provider we provide Data Subject with data in a structured, commonly used and machine-readable format.
Right to Erasure (“Right to be forgotten”) and Right to Rectification. Data Subjects are entitled to request Erasure or Rectification of their data by filing an appropriate request via www.amazinghiring.com/gdpr/form. AmazingHiring has a process in place for handling requests for data to be rectified or deleted, unless there is a legal requirement that prohibits such request to be fulfilled. When request is fulfilled, Data Subject will be informed that his/her data are changed or erased and are not-longer derived from the data sources, however, to fulfill our legal requirements AmazingHiring will store information about each requestor for the purposes of providing an evidence that a request has been fulfilled.
Right to Object. At all times, Data Subject is entitled to object to processing of personal data concerning him or her. Right to Object can be exercised by submitting a form at www.amazinghiring.com/gdpr/form. Upon receipt of the form AmazingHiring ceases the processing, unless there is a legal or statutory ground for such processing.
Right to be informed. If Data Subject is inquiring about processing activities conducted with respect to his/her personal data, AmazingHiring, without undue delay, will provide information about: (i) purposes of processing; (ii) categories and types of personal Data; (iii) retention period; (iv) source of the relevant personal data; (v) privacy rights and information on data portability. Moreover, all information about the categories of personal data and processing operations conducted by AmazingHiring is available at the www.amazinghiring.com/privacy.