Purpose of this Document
The purpose of Jobilla Oy Data Protection Policy is to describe how Jobilla approaches protecting our customers and users data and privacy, and how we’re complying with GDPR & the national data protection policies & laws.
Definitions of Key Terms
Data Privacy Officer (DPO)
An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR.
Data Controller (DC)
The entity that determines the purposes, conditions and means of the processing of personal data.
Data Processor (DP)
The entity that processes data on behalf of the Data Controller.
Data Subject (DS):
A natural person whose personal data is processed by a controller or processor.
Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.
Right to Access
Also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
The processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution.
Any automated processing of personal data intended to evaluate, analyse, or predict data subject behaviour.
Principles of Data Processing
Jobilla will never disclose nor sell the gathered personal data for third parties without an explicit written consent from all of the data subjects affected.
Personal Data processing activities within Jobilla can be broken down into 2 separate categories as follows.
1 Processing performed by Jobilla
Jobilla’s authorised personnel will be processing the personal data gathered solely for the purpose of helping our customers do better hires in a more cost effective manner, and within the boundaries of implementing the contracts between Jobilla and our customer companies.
Jobilla can perform automated machine learning powered analysis on the gathered data, in order to gain better understanding of the users of our platform and to better connect them with possibly interesting companies using our services.
Jobilla will never use the gathered data for anything else except for activities driven by the purpose of advancing our customers hiring process & it’s efficiency directly or indirectly.
2 Processing performed by Jobilla’s customer companies
Jobilla’s customers shall only be performing data processing activities for the following purposes:
1 Gathering & nurturing companies own ‘Talent register’ database for more efficient hiring activities 1. Discovering their gathered candidates from the database based on given criteria 2. Performing & storing all hiring related communications with the talent through the Jobilla platform
2 Performing regular hiring activities using Jobilla’s ‘Application Tracking System’ (ATS) 1. Receiving applicants job applications & CVs into Jobilla ATS 2. Performing the recruitment process of communicating with the candidate, evaluating the candidate, and selecting the most suitable candidate using the Jobilla’s ATS
All data subjects have a legal Right to Access and Right to be Forgotten as per GDPR. Due to this data subjects are able to request a record of all data Jobilla has about them via email, or can request an erasure of stored data regarding them. In order to fulfil this request the requester has to be able to identify themselves via the same email address they’re requesting the data about.
All customer facing communication with Jobilla’s servers are protected via TLS (HTTPS) encrypted connections to prevent accidental disclosure of confidential data by our users when using eg. a public wi-fi access point.
All production servers are being hardened and maintained according to industry’s best security practises to minimise the chance of accidental data breaches and incidents. Data is regularly, redundantly and automatically being backed up into multi-location storage solutions for incident recovery situations. Backups are being stored for a maximum duration of 12 months from their creation date.
Jobilla’s data is protected by an Access Control List (ACL) layer integrated into our web application that makes sure only authorised personnel are allowed to process certain personal data objects belonging to their company. All data processing activities are being automatically logged for later auditing purposes to ensure processing to be always lawful.
All data is being physically processed and stored within the borders of EU nations (Finland, Ireland, Germany, Netherlands), and will not be transfer-red outside of EU without a prior consent and notice of all data subjects being affected.
Jobilla’s DPO co-operates regularly with the local supervising data privacy authority to ensure compliance with the latest laws and regulations, and to ensure safety and privacy of our users.