GDPR Compliance

Table of Contents
This is also a heading
 This is a heading

Data Processing and Ownership

SkillSauce acts as a data processor, handling Personally Identifiable Information (PII) on behalf of our recruiting clients. We collect and store candidate information such as email address, name, and other optional data like phone number, education details, and professional experience when a candidate begins an assessment. Additionally, metadata for proctoring may include IP addresses and session data, subject to the client's discretion.
To ensure GDPR compliance, candidates provide consent when signing up for assessments, acknowledging our transparent data processing methods, as outlined in our privacy policy.

Data Subject Rights

Under GDPR, candidates have rights to data portability, rectification, and erasure. SkillSauce facilitates this by forwarding requests to our clients, who have mechanisms to manage and access candidate data. We empower our clients to fulfill these requests in accordance with their policies, maintaining their control over candidate data.

Data Management

SkillSauce secures data with industry-standard encryption. Cross-border EU data transfers are compliant with GDPR through EU-specific contractual agreements. Clients determine the retention period of PII, ensuring data is not stored indefinitely and is deleted post-contract and grace period.
SkillSauce maintains comprehensive activity logs for client access and additional log requests can be fulfilled by contacting support@SkillSauce.io

Data Breach and Mitigation Process

In alignment with our incident response policy, SkillSauce promptly notifies clients of any personal data breaches within 72 hours, allowing for appropriate authorities to be informed. General incidents are communicated via our blogs and social media, while specific breaches are directly emailed to affected parties.

Infrastructure

SkillSauce prioritizes safeguarding customer information with robust security infringement prevention mechanisms. Maintaining a dedicated security team, we adhere to GDPR requirements and uphold contractual commitments.
For further insights into our security protocols, please visit our security page, which details our technical and organizational measures, as well as encryption standards.

Company prohibits caching the Site, unauthorized hypertext links to this Site, and the framing of any materials available through this Site. Company reserves the right to disable any unauthorized links or frames and specifically disclaims any responsibility for the contents of any other Internet sites linked to this Site. Other internet sites which are linked to the Site have their own terms and conditions of use and privacy policies. Access to any other Internet sites linked to the Site is at your own risk and Company expressly disclaims any and all liability related to such websites.

Request to delete your data
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
FAQS section

Frequently Asked Questions (FAQs)

Can we edit a candidate's data?
Clients have the ability to update or rectify candidate data as required. Any modifications must comply with GDPR regulations.
Is SkillSauce GDPR compliant? Where is the stored information hosted?
Yes, SkillSauce is GDPR compliant. Candidate data is stored securely using industry-standard encryption and is hosted in data centers that comply with EU data protection regulations.
How to access audit logs?
Audit logs are accessible through the SkillSauce dashboard. Clients can also request log exports for compliance purposes.
Can the deleted data be reinstated?
No, once candidate data is permanently deleted as per GDPR guidelines, it cannot be reinstated.
Which roles/permissions are required for employees of the client to have access to candidate data?
Clients can define role-based permissions within SkillSauce. Typically, only recruiters and administrators have access to candidate data, ensuring controlled access based on job responsibilities.
How do clients request candidate data to be deleted?
Clients can request candidate data deletion via the SkillSauce dashboard. Requests are processed based on client-defined data retention policies and GDPR requirements.
What data do we collect?
We collect the following candidate information on behalf of our clients:
  • Email address
  • Name
  • Optional: Phone number, last school attended, academic degree, major, programming experience, resume, and links to social profiles (GitHub, LinkedIn, etc.)
  • Metadata for proctoring: IP Address, Webcam snapshots, Browser usage data, and Session recording data (optional at client's discretion)
If the recruiter uses a SkillSauce account to invite candidates to assessments, we store
  • Name
  • Email address
  • Phone number (Optional)
Who has access to candidate data?
Only authorized client personnel with appropriate permissions can access candidate data. SkillSauce employees do not access candidate data unless required for compliance or support purposes.
For how long is the candidate data stored?
Candidate data is stored for the duration of the contracted period with our client and a grace period thereafter, as determined by the client's data retention policy.
Can I delete/edit/view/access my test attempt or personal information?
Candidates can request access, edits, or deletion of their data by contacting the organization they applied to. SkillSauce processes such requests as directed by its clients, in accordance with GDPR guidelines.
Who is responsible for candidate data?
SkillSauce processes candidate data on behalf of its clients. The client is the data controller and determines how the data is used, stored, and deleted.
Read all FAQs

Explore Our Comprehensive Programming & Assessment Library

We provide a comprehensive assessment library designed to evaluate diverse skills, ensuring smarter hiring decisions and streamlined talent selection for every need.

10k+
Assessment Library
Watch a demo Get Started Free