FAQ on GDPR
At HireTeamMate, Inc. dba hireEZ ("hireEZ"), we believe personal information is important, valuable, and private to its owner ("data subject"). hireEZ is committed to taking serious policy and technical measures to protect the data of our customers and the individuals involved.
As hireEZ builds advanced sourcing technology in our product to understand and serve customers better, we are keenly aware of our obligations with respect to data subjects' rights to privacy and security. We have put in place a process to respond to data subject requests to exercise their rights under privacy laws. In addition, hireEZ adheres to the EU-US Privacy Shield Framework set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Although the Court of Justice of the European Union invalidated Privacy Shield as a transfer mechanism for EU personal information, discussions for a replacement are ongoing and we are actively monitoring developments related to cross-border transfers, as well as relying on alternative measures to safeguard transferred data such as standard contractual clauses. hireEZ is committed to GDPR compliance.
Last Update: June 28, 2023
Overview of GDPR
GDPR demands data controllers and processors provide greater transparency to E.U. residents on how their personal data is lawfully, fairly and transparently collected and processed. This means companies in and outside of the E.U. that handle personal data of E.U. residents must make sure they comply with GDPR when processing this personal data. Entities may face harsh penalties for violations of GDPR obligations.
Who does GDPR apply to?
GDPR applies to both controllers and processors of personal information. The data controller determines the purpose and means of processing personal data from any E.U. natural person, who is called "data subject", while the processor processes personal data on behalf of the controller.
An example of a data controller and processor obligation includes implementing appropriate security measures, both on a technical and organization level, to ensure that when personal data is processed it is only used for the specific purpose for which it was collected.
How does GDPR apply to hireEZ?
hireEZ is both a "data controller" and "data processor" under GDPR, and is responsible for meeting its GDPR obligations under each role.
hireEZ as a Data Controller
When we (i) collect candidate information and provide our customers with access to such information in our platform, and (ii) engage in marketing our platform to customers and potential customers, we act in the role of a controller.
hireEZ as a Data Processor
When we process personal data in accordance with our customers' authorization and instructions, we are acting as a processor.
What personal data does hireEZ collect?
As a Data Controller, hireEZ collects the following data about potential candidates:
Estimated Location (City and Country)
Social profile picture
Social profile links
As a Data Processor, hireEZ may also process this data on behalf of its customers.
What rights do data subjects have under GDPR?
Data subjects' rights under GDPR include the following:
Right to Data Portability - the right to receive data from a controller in a commonly used and machine-readable format and transmit such data to a new data controller.
Right to be Forgotten - the right to have one's personal data erased or removed if, among other possible reasons, there is no compelling reason for its continued processing.
Right to Restrict Processing - the right to block or suppress processing of personal data.
Right to Information Regarding Processing - the right to receive information that explains how a data subject's personal data are to be used and for what purposes.
Right to Rectification - the right to have inaccurate personal data corrected and/or incomplete personal data completed.
Right of Access - the right to access their personal data.
Right to Object - the right to object to the use of personal information in certain circumstances including profiling and marketing unless the data controller has compelling legitimate grounds.
Right to not be subject to automatic decision making or profiling if it would produce legal effects or significantly affects the data subject - the right is to safeguard against potentially damaging decisions taken without human intervention.
hireEZ's efforts to comply with GDPR
GDPR Article 5 requires that personal data may only be collected "for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes". hireEZ and our customers, as data controllers, will therefore need to pay extra attention to what personal data is being stored and why. Both hireEZ and our customers will not store personal data that is not necessary or justifiable for that purpose, or use it for other purposes. In order to comply with GDPR, hireEZ has instituted the following:
hireEZ appointed a Data Protection Officer (DPO), who is properly and timely involved in all issues related to the protection of personal data and reports to the highest management at hireEZ.
hireEZ sends out notices to data subjects informing them of their rights under GDPR and how they can exercise them through channels created by hireEZ.
hireEZ provides a portal on our website where data subjects can submit requests to exercise their rights with respect to their data, such as access, removal, and correction.
hireEZ enters into Data Processing Agreements with customers and data suppliers to contractually safeguard data processing activities.
hireEZ undergoes Data Protection Impact Assessments (DPIA) whenever there is a substantial change to our processing activities.
hireEZ has undergone a legal basis analysis, and reviews it whenever there is a major process change.
hireEZ appointed TRUSTe LLC, a subsidiary of TrustArc, to conduct an independent audit of our data protection practices against GDPR requirements. For more information on our TrustArc GDPR validation, please click here.
hireEZ's ongoing commitment to data protection
Data security is one major component for GDPR compliance. As part of our continuous efforts, we have implemented the following organizational measures to secure and protect the data of candidates and customers:
hireEZ's data protection and security policies set out the technical and organizational measures hireEZ deploys to keep personal data secure based on the nature of the data we process and reasonably foreseeable threats. We review these policies regularly.
hireEZ is certified for being compliant with the ISO/IEC 27001 standard, which sets out the requirements for information security management system (ISMS). The ISO/IEC 27001 auditing evaluates the ISMS supporting the assets, technologies and processes employed by hireEZ for processing, management, and delivery of services to our customers.
hireEZ uses Amazon Web Services (AWS) for platform hosting. AWS is ISO/IEC 27018 certified and has a system of controls in place that specifically address the protection of hireEZ's data. ISO/IEC 27018 established commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
hireEZ is SOC 2 certified. SOC 2 is an auditing procedure that ensures hireEZ securely manages data to protect the interests and privacy of customers.
hireEZ continuously evaluates and improves its internal and external system security for data protection with practices that include performing regular penetration testing and vulnerability scanning, improving the security of data processing, and reviewing and tightening endpoint security on hireEZ devices and platforms.
hireEZ has policies and practice in place to Improve our real-time ability to prevent, identify, and investigate security incidents.
All hireEZ employees undergo annual security training.
hireEZ is committed to GDPR compliance. Part of that commitment is providing tools that make it easier and more efficient for our customers to manage their compliance with privacy directives and legislations such as GDPR.
Please note that the information in this FAQ is not legal advice. hireEZ recommends that our customers seek their own advice from legal counsel with respect to GDPR.
hireEZ is happy to discuss with our customers questions about our compliance with applicable data privacy laws, including GDPR. Customers can reach out to their account manager or contact hireEZ's privacy team at email@example.com with questions.
Learn more about hireEZ's TRUSTe GDPR Validation Letter.