GDPR Compliance
Learn about SkillSauce's GDPR compliance practices, data processing, subject rights, and our commitment to protecting personal information in accordance with European regulations.
Table of Contents
SkillSauce GDPR Compliance Statement
SkillSauce is committed to protecting personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines our data processing practices, your rights as a data subject, and our security measures.
Data Processing and Ownership
SkillSauce acts as a data processor, handling Personally Identifiable Information (PII) on behalf of our recruiting clients. We collect and store candidate information such as email address, name, and other optional data like phone number, education details, and professional experience when a candidate begins an assessment. Additionally, metadata for proctoring may include IP addresses and session data, subject to the client's discretion.
To ensure GDPR compliance, candidates provide consent when signing up for assessments, acknowledging our transparent data processing methods, as outlined in our privacy policy.
Data Subject Rights
Under GDPR, candidates have rights to data portability, rectification, and erasure. SkillSauce facilitates this by forwarding requests to our clients, who have mechanisms to manage and access candidate data. We empower our clients to fulfill these requests in accordance with their policies, maintaining their control over candidate data.
Your Rights Include:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
- Right to restrict processing
Data Management
SkillSauce secures data with industry-standard encryption. Cross-border EU data transfers are compliant with GDPR through EU-specific contractual agreements. Clients determine the retention period of PII, ensuring data is not stored indefinitely and is deleted post-contract and grace period.
SkillSauce maintains comprehensive activity logs for client access and additional log requests can be fulfilled by contacting [email protected]
Data Breach and Mitigation Process
In alignment with our incident response policy, SkillSauce promptly notifies clients of any personal data breaches within 72 hours, allowing for appropriate authorities to be informed. General incidents are communicated via our blogs and social media, while specific breaches are directly emailed to affected parties.
Infrastructure
SkillSauce prioritizes safeguarding customer information with robust security infringement prevention mechanisms. Maintaining a dedicated security team, we adhere to GDPR requirements and uphold contractual commitments.
For further insights into our security protocols, please visit our security page, which details our technical and organizational measures, as well as encryption standards.
Request to Delete Your Data
As part of your GDPR rights, you can request the deletion of your personal data. If you would like to exercise this right, please contact us using the information below, and we will process your request in accordance with applicable data protection laws.
Contact Information for Data Requests
Email: [email protected]
Subject: GDPR Data Deletion Request
Required Information: Please include your full name, email address, and details about the data you wish to have deleted.
Questions About GDPR Compliance?
Contact our team if you have any questions about data protection or need to exercise your GDPR rights.