Information Security and Compliance

Under the California Consumer Privacy Act (CCPA), any California consumer can request to view all information a company has saved on them along with a full list of all third parties that data is shared with. If privacy guidelines are violated, even if there is no breach, consumers have the right to sue the company. hireEZ values consumer trust and is CCPA compliant.

The GDPR is the latest data protection directive for businesses to protect the privacy of EU citizens with enhanced security provisions. hireEZ is GDPR compliant.

The SOC 2 Type 2 reports concern policies and procedures over a specified time period. For this more rigorous designation, systems must be evaluated for a minimum of six months. hireEZ’s procedures and controls have been third-party audited to validate our success in ensuring the security, availability, processing integrity and confidentiality of our customer’s information.

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

The Privacy Shield Framework, approved by the European Union (EU) and US Government, is a recognized mechanism for complying with EU data protection requirements when transferring personal data from the European Economic Area (EEA) to the United States. Organizations participating in the Framework are deemed to provide “adequate” privacy protection of data, as required under the EU Data Protection Directive and the General Data Protection Regulation (GDPR). hireEZ is aware of the Schrems II decision. In lieu of the Schrems II decision, hireEZ relies on the Standard Contractual Clauses (SCCs) from the GDPR incorporated into its Data Processing Addendums for any data transfers from the EEA to the U.S.

The Office of Federal Contract Compliance (OFCCP) is a federal government organization that is responsible for ensuring that the companies working with the government are in compliance with fair employment practices. hireEZ supports record keeping standards established by OFCCP as required by our customers who are subject to this compliance. hireEZ helps the customers with their OFCCP audit by providing diversity reports that allows recruiters to gain analytical insights to their candidate pipelines. These reports provide a breakdown on the search by gender and ethnicity for candidates that they've taken an action on or engaged with on hireEZ's platform. These diversity reports from hireEZ can help a team's good faith diversity efforts in the case of an OFCCP audit, by allowing them to track and demonstrate the number of diversity searches performed and the ratio of underrepresented candidates in their pipeline.

To the Management of HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual:

Scope
TRUSTe LLC (“TRUSTe”), an independent subsidiary of TrustArc Inc (“TrustArc”) has reviewed the hireEZ platform of HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual (“Organization”) as of November 4, 2022 against the 44 GDPR Privacy Practices Compliance Validation Requirements (the “Validation Requirements”) comprising the TrustArc GDPR Privacy Practices Compliance Validation. These Validation Requirements focus on practices-level measures for demonstrating that the processing of personal information conducted by HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual is performed in compliance with the EU General Data Protection Regulation (GDPR). The Validation Requirements cover the following 9 areas aligned with the IMPLEMENT and DEMONSTRATE Standards set forth in the TrustArc Privacy & Data Governance (“P&DG”) Framework, for establishing, maintaining, and continually improving a GDPR-compliant privacy practices aligned with the ISO 27001 International Standard for Information Security ...