RoboRecruiter’s GDPR Compliance Guide

We have made every effort to provide detailed overview of the GDPR compliance and how RoboRecruiter supports your business to operate within the confines of this regulation especially when it comes to candidate data and its verification through RoboRecruiter. But it is still advised to engage the services of a legal counsel in order to have a better understanding of GDPR compliance and the liabilities that come along with it. The following compliance guide is actually the practices, procedures and upgrades introduced in the internal working of RoboRecruiter to make its services GDPR complaint.

The deadline for GDPR compliance has passed and RoboRecruiter has wasted no time to make its services fully compliant with the EU’s User Data and Protection guidelines. We have adopted an approach to better protect the interests of not only our clients but their candidates as well.

Here is a summary of GDPR sections that are applicable to customers and users of RoboRecruiter services.

Cookies:

GDPR needs the websites and online businesses to intimate users that they are using cookies. The language of this intimation is also desired by GDPR to be easily understandable for an average user. Consent is required from user before they are tracked because of these cookies.

Lawful Basis:

GDPR only allows collection of user data for a legal reason. RoboRecruiter only collects data for recruitment purposes as per the legal agreement signed by RoboRecruiter and its customers. This data will be mostly limited to candidate PALS data (Position, Availability, Location and Skills) that is required by our customers, but may also contain other information required on a case-by-case basis in order to aid in a recruitment decision.

We provide the option for candidates to not take part in our processes, right at the beginning of their interaction with RoboRecruiter.

Deletion:

GDPR requires businesses and websites to forget and delete the user data when requested by the user.

RoboRecruiter has taken steps to provide full control to their customers over the candidate data held in RoboRecruiter.  The customer can, at any time, delete a candidate from the RoboRecruiter platform. Once deleted, RoboRecruiter can no longer process any data for that candidate, unless re-added by the customer or uploaded by another customer.

Here is our Game Plan for GDPR Compliance

Either you are a recruitment or staffing business, a corporate (in-house) talent acquisition professional or HR professional and you probably by this point have known about General Data Protection Regulation (GDPR) for some time. It is a new directive set by the European Union, a legislation that set forths guidelines regarding how information is collected and how it is processed and used.

The GDPR legislation was formed to harmonise data privacy laws across Europe. Empowering all EU citizen’s data privacy in the process, and to reshape how organisations approach data privacy in a secure and transparent manner.

At RoboRecruiter, tireless efforts have been made to assist our customers and our business and to help them understand what the GDPR means for their businesses and to assist them in establishing a compliant process of their own.

RoboRecruiter has prepared a ‘Game Plan’ for you to understand how GDPR operates behind the scenes, when a customer or their candidate interacts using our service.

Here is the Process:

Let's say that Adam is a potential candidate and lives in the UK. He is called the 'Data Subject' and your company 'the service provider' is called the 'Controller' of his data. Since RoboRecruiter is collecting and verifying the credentials against a specific role your company is recruiting for or collecting updating current data your company already possesses on Adam, then that makes RoboRecruiter, the 'Processor'

Here's how Adam might interact with RoboRecruiter:

  • A customer integrates RoboRecruiter into their recruitment process, either by using it as a standalone platform or directly integrated into an ATS or CRM via API

  • The customer searches for relevant candidates either on their own database or via another database (either directly or through an aggregator such as BroadBean)

  • The customer's search finds that Adam may be relevant for a role that it is recruiting for

  • The customer uses RoboRecruiter to send an email and/or SMS to invite Adam to apply for the role (the invite includes the ability to unsubscribe from future communications via RoboRecruiter)

  • Adam decides to apply for the role by interacting with Robo, RoboRecruiter's chatbot

  • Adam provides details during the conversation with Robo which will be used by the customer to assess relevancy for the role and to update any details held on Adam on the customer's database

The above stated steps gather user data from the ‘Data Subject’ on behalf of the ‘Controller’ that is passed on by the ‘Processor’. The following are various aspects of our data protection policy, privacy policy and Terms & Conditions that control the entire process, under the guidelines of GDPR.

User Data

User Data means any data, content, images or other materials of any type that User uploads, submits or otherwise transmits to or through the RoboRecruiter Service. User will retain all right, title and interest in and to User Data in the form provided to RoboRecruiter. RoboRecruiter stores data on industry secured servers located in EEA zone, and are monitored.

Access to Data

The Services include customer access to the Back-office, Clients may access and download (either manually or via API) the data from each of its candidates, including content or other materials submitted via RoboRecruiter interactions, via the Back-office for the Term. Upon termination of this Agreement for any reason, access to the Back-office, and therefore access to data storage, will be revoked. RoboRecruiter may delete any stored items in storage upon expiration or termination of this Agreement. RoboRecruiter will have no responsibility or liability for storing and deleting items in accordance with this.

User Data Access

You may instruct us to ,free of charge, provide you with any personal information we hold about you; provision of such information will be subject to:

  1. The payment of a fee (currently fixed at GBP 10) if the request is ‘manifestly unfounded or excessive’ and

  2. The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).


We may withhold personal information that you request to the extent permitted by law.

User’s Individual Rights Request

The GDPR enhances the rights of individuals in a number of ways.

Access and Privileges

User can request access to the personal data they have shared with RoboRecruiter about themselves. Personal data is anything identifiable, like name and email address. If access is requested, RoboRecruiter (as the processor) will provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS).

Adam can also request to see and verify the lawfulness of processing.

A client can seek access to their data by asking RoboRecruiter of what they require at info@roborecruiter.ai. We at RoboRecruiter believe to have a legal and moral obligation to facilitate any manner of an individual rights request.

RoboRecruiter enables you to grant any access request by easily exporting user record into a machine-readable format.

Modification

In the same manner as accessing information, a user can request RoboRecruiter to modify his personal data, if it is inaccurate, incomplete or requires any sort modification or amendment.

The GDPR requires that a company be able to accommodate modification requests, as and when required.

Deletion

Under the GDPR, a user has the right to request that RoboRecruiter delete all personal data it has collected on them. The GDPR requires RoboRecruiter to permanently remove a user’s information from their database, including all personal information, saved images, form submission data and content.

In a GDPR compliant manner, a client can seek to have their data deleted by contacting RoboRecruiter at info@roborecruiter.ai. The Data protection officer at RoboRecruiter in most cases will respond back within a 30 day period.

In many cases, the right to deletion is not absolute, and can depend on the context of the request, so it does not always apply.