General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a significant piece of legislation designed to strengthen and unify data protection laws across the European Union (EU). Enforceable since May 25, 2018, GDPR replaces the Data Protection Directive (DPD 95/46/EC), enhancing the rights of EU individuals over their personal data and reinforcing data privacy protections.

Although GDPR is an EU regulation, its impact extends globally, affecting any organization that processes or controls the data of European citizens, regardless of the organization’s location.

What is the Aim of GDPR?
The primary goal of GDPR is to offer EU citizens (including those in the UK) robust protection against data breaches and to enhance the privacy of individuals’ personal data. GDPR broadly defines “personal data” to include any information relating to an identified or identifiable individual, known as a “data subject.”

Under GDPR, individuals are granted a range of data subject rights, which they can exercise under certain conditions or exceptions. Key changes brought about by GDPR include:

  • Expanded rights for individuals: GDPR provides EU individuals with greater control over their personal data, including the right to be forgotten and the right to access their data.
  • Compliance obligations: Organizations are required to implement appropriate policies, conduct privacy impact assessments, maintain detailed records, and enter into written agreements with vendors.
  • Data breach notification and security: GDPR mandates organizations to report certain data breaches to authorities and, in some cases, to affected individuals.
  • Profiling and monitoring regulations: Organizations engaged in profiling or monitoring the behavior of EU individuals must adhere to additional obligations.
  • Increased enforcement: GDPR allows for significant penalties, with fines up to €20 million or 4% of an organization’s annual global revenue, whichever is higher.

How CvSorter Complies with GDPR
CvSorter fully complies with GDPR as a data processor. Given the complexity of GDPR, we have worked closely with privacy experts and legal advisors to ensure complete compliance.

Steps CvSorter Has Taken to Ensure GDPR Compliance

  1. Appoint a Data Protection Officer: We have designated a Data Protection Officer to oversee our GDPR compliance efforts.
  2. Thoroughly Research GDPR Impact: We have identified and analyzed areas of our product and business that are affected by GDPR.
  3. Rewrite Our Privacy Policy: We have revised our Data Protection Agreement (Privacy Policy) to align with GDPR requirements.
  4. Develop a GDPR Strategy: We have formulated a strategy and guidelines to address GDPR-related impacts on our product.
  5. Implement Necessary Changes: We have made necessary changes and improvements to our product to meet GDPR standards. (Details can be found in the “Acknowledging Data Rights” section below.)
  6. Revise Internal Processes: We have updated our internal processes and procedures to achieve and maintain GDPR compliance.
  7. Thoroughly Test Changes: We have rigorously tested all changes to ensure they meet GDPR requirements.
  8. Communicate Our Compliance: We have made our GDPR compliance efforts clear on our website.

Acknowledging Data Rights

Below is a summary of the eight essential data subject rights under GDPR and how CvSorter facilitates these rights to ensure the privacy and security of our customers:

  1. Right to be Informed
    • What does it mean?
      Individuals have the right to know how their data is acquired, who is processing it, and how it will be used.
    • How CvSorter complies
      When candidates apply through the job application page, CvSorter provides an opt-in button along with a privacy document detailing data usage. If you manually add candidates into the system, you, as the “Data Controller,” are responsible for informing them about data usage.
  2. Right to Access
    • What does it mean?
      Individuals can request access to their personal data held by organizations.
    • How CvSorter complies
      Our Update Resume functionality allows you to provide candidates with a link to access all their stored information.
  3. Right to Rectification
    • What does it mean?
      Candidates can request to correct or update any inaccurate or outdated information.
    • How CvSorter complies
      With the Update Resume functionality, you can send candidates a link to update their information.
  4. Right to Erase
    • What does it mean?
      Candidates can request the deletion of their personal data or submit a “request to be forgotten.”
    • How CvSorter complies
      If a candidate requests deletion, you can delete their record in CvSorter, and we will immediately erase all associated files.
  5. Right to Restrict Processing
    • What does it mean?
      Individuals can request restrictions on the processing of their data under certain conditions.
    • How CvSorter complies
      CvSorter allows you to change a candidate’s status to inactive or suspended, preventing their data from being processed further.
  6. Right to Data Portability
    • What does it mean?
      Individuals can request the transfer of their data from one system to another.
    • How CvSorter complies
      You can export candidate data from CvSorter using the Export Data feature.
  7. Right to Object
    • What does it mean?
      Individuals can object to the processing of their personal data, particularly for direct marketing purposes.
    • How CvSorter complies
      We provide an unsubscribe option in all emails, allowing candidates and clients to opt-out of communications.
  8. Rights in Relation to Automated Decision Making and Profiling
    • What does it mean?
      GDPR regulates decisions made solely through automated processes without human involvement.
    • How CvSorter complies
      All actions within CvSorter are performed by a human user, ensuring that no automated decision-making occurs without oversight.

Advanced Security Measures

In the event of a data breach, it is our responsibility as the data processor to inform you without undue delay if the breach could cause harm. To safeguard your data, CvSorter encrypts all information and stores it in world-class data centers managed by Amazon Web Services (AWS) in the Europe region. We also use AWS services to ensure regular backups and data availability.

Disclaimer

This information is intended to help you understand how CvSorter has addressed key GDPR requirements. If you have any questions, please contact us at:

co*****@cv***.ai