Where are the candidates’ data stored (servers location)?
– Data centres for the Europe region are based in Belgium. We are hosted in Google Cloud Platform, which means we get the same infrastructure level security Google uses for its own systems.
2. How and where is that specific data transferred to/from; how do you ensure this data is protected?
– Candidates’ data are normally only transferred within TempBuddy systems or with 3rd party systems that we use to provide a better service (mainly Intercom) through a private network between server components, and over https with clients (desktop browsers and Apps); and these client requests are always completed with standard security mechanisms (access tokens). In the case of transferring candidate data to a 3rd party system, it’s always done over https.
List of third party systems where we might be sending candidate data -
i) Intercom (name, email address, etc)
ii) Google geo-location service (address, location coordinates)
3. What type of encryption is used to secure the information, both in transit and on cloud-based servers?
– We don’t encrypt stored data although we do encrypt data in transit using the standard SSL (over https).
4. Does GDPR apply to Bullhorn (and implicitly TempBuddy)?
– GDPR standards apply directly to TempBuddy because we process and store data in the EU server. We are making significant changes to our data storage, processes, and enhancements to provide better data control to individuals.
If you aren’t an EU company, please confirm that you are a part of the Privacy Shield (for U.S. companies) which will result in an effective data processing agreements that will oblige you to follow GDPR’s guidelines.
5. How do you plan to become GDPR compliant?
– To prepare for the approaching new regulations, we have –
i) added new features to allow the Admin/Privacy Officer to electronically distribute policy notifications to Candidates and Client Contacts
ii) created workflows to – record policy consent/declines, GDPR status changes and actions to support data removal requests, data access requests, and restrict data processing
6. Do you use compliant vendors/subcontractors? If you do, please confirm if all your vendors have data processing agreements with TempBuddy and eRecruit in place.
– We only use 3rd party vendors mentioned above and they are compliant.
7. Do you have a clear updated process for the GDPR change privacy policies in place?