General Data Protection Regulation (GDPR) Of M/s Tech Fetch
Executive Summary
Techfetch is a company that provides services of online Pre Employment Tests to the employers of various organizations and companies to help them choose the right candidates for the job roles they are hiring for. The company helps employers in choosing the right skill analysis tests suitable for the specific job roles for which the candidates are interviewed for.
In order to conduct these tests, Techfetch needs to have access to the personal details of the candidate for the test to be conducted without any hindrance. Therefore the company is obliged to follow Data Protection and Privacy guidelines set forth by the EU in General Data Protection and Regulation or GDPR.
The GDPR has the primary aim of making sure that the data of individuals within the hands of an organisation are transparently and safely processed for the purpose for which the data was held in the first place. Techfetch follows the rules and regulations as per GDPR so that the collected data is used only for the purpose of smooth functioning of the tests and to make sure that the data is not leaked or breached in any case.
The Company’s approach in regard to the GDPR compliance is explained and outlined in the coming sections .
Tech Fetch GDPR Compliance
Recruitment is the first process of Tech Fetch in which employers are assisted in conducting the skills tests and thereby shortlisting candidates for the final interview. This includes all the personal details of the job applicants to be fed into our websites for registration. Therefore, as per GDPR guidelines,Tech Fetch acts a Data Processor whereas our clients who are the employers or management of the organization acts as the Data Controller.
Data Processor has the authority to handle the data received from the Data Controller with precision and supreme care. The safety and security of this collected data is taken into highest account and precautionary steps and care is taken as per GDPR guidelines. Also, in accordance with Article 32 of the GDPR guidelines , an incident response plan is pre planned to take control of the situation in case of any unpleasant incident that might put the personal data of the candidates at risk.
Data Subject Consent
The Pre Employment Skills tests are usually conducted using the personal mail id of the candidates. Also our clients or employers have access to additional information like the resume of the applicants. The personal information that helps in candidate identification like the name of the candidate, gender, education details, residence, etc, requested by our clients will also be in regards to GDPR.
The Article 5 of GDPR mentions that the data can be collected only for explicit reasons and specified purposes which are legitimate enough and hence it should not be further utilized or processed in an unethical manner. This is in order to ensure that the data is processed in a transparent and fair manner.
According to Article 6 of GDPR , the data can be lawfully processed by Tech Fetch because of the following reasons :-
- Execution of a process for which data subject is important as in the case of a job application
- It is necessary for conformity with a legal liability to which controller is answerable
- For protecting the interests of the data subjects
- For the smooth functioning of a process carried out in the interests of the public
- For execution of authority of the data controller
- For legitimate purposes followed by a third party or the controller
Data Management and Processing
The data collected from the data controller is handled by using the following steps or processes :-
- Data Transfer
- Data Storage
- Secure Data Processing
The candidates are entitled to know the details regarding the security aspects involved during data handling while collecting data from our clients.
Data Transfer
According to Article 46, it is possible to transfer data across EU borders if the data controller or the customer and the Data Processor or the Interview Mocha have made an agreement which includes clauses specified by the EU. Also the later should have taken the necessary security measures required for the transfer. The transfer is to be completely in compliance with the GDPR. Article 49 also provides confirmation regarding this by stating it can be done for the necessity of carrying out a contract between the data controller and the data subject.
Data Storage
Tech Fetch gives full guarantee on the secure keeping of your data.The private information is not supposed to be stored for longer periods as per GDPR. Hence Tech Fetch provides a flexible system for our clients or data controllers. As per their need, we maintain or delete the database for a specific period of time.
The personal database can also be retained if necessary for only the limited purpose of the task at hand.This is done only when that particular data is needed for processing for an urgent and specific purpose which is mentioned within our privacy policy. Otherwise, the data is not stored for longer periods than it is necessary.
Secure Data Processing
The processing of data is done by taking the necessary security measures as prescribed in Article Number 25. The data which can be accessed only using the candidate’s mail id and password is secure and encrypted. At Tech Fetch, data security is taken very seriously and is made in compliance to EU standards as well.
There are certain rights pertaining to the users of our services. Our service team is responsible for providing users with the assistance regarding the usage of these services. All users are subjected to enjoy the following rights while using our services and tests :-
- Right to Erasure
- Right to Rectification
- Right to object processing
- Right to Restrict Processing
- Right to data portability
Rights of the Data Subject
The data subjects are entitled to the following rights regarding the management of their data as per GDPR rules :-
- Right to Object
- Right to Data Portability
- Right to be Forgotten
- Right to Rectification
- Right to Access
According to Article 5 of the GDPR guidelines, the controller will need to access, store as well as process the data for system to be fair upon legitimate interests. So the controller can decide upon taking a decision on the request from the data subject or the candidate.If the request is found valid, the data will not be processed and they reject it as well if they find the request to be invalid on the basis of the terms and conditions between the controller and the subject.
Tech Fetch provides its customers with configurable tools that will help them identify the data policies which provides rights to the data subjects. These include :-
- Customer can go for a routine deletion process for the data
- They can transfer the information of a candidate
- The Controllers can delete any information regarding a candidate. All the personal data will be deleted, whereas the non personal ones will be anonymously stored.
- The candidate information can be edited by the data controllers
Maintaining Record of Data
All the activities and tasks related to the individual data of a candidate needs to be maintained by the representative of each data controller within a well maintained record as per the Article 30. Our company maintains a detailed log of all the processes involved and any additional tasks will be recorded as per customer needs in compliance with the policies.
Data Breach and Mitigation Process
The Article 33 of the GDPR specifies that the authority who is in the superior position needs to be made aware of any kind of breach in data within 72 hours of the happening of data breach. Our company has the necessary facilities and mechanisms for monitoring data to be notified of any such violations. Within less than 24 hours of the incident, we will notify our customers or data controllers about the situation in case a breach is discovered. Article 33 has guidelines on the measures needed to be taken for communication between the processor and the controller. In this way, we ensure that our customers have required time needed for contacting the authority on data breach.
Tech Fetch - GDPR Commitment
Tech Fetch gives importance in protecting and managing the database received from our clients in the utmost secure way in regards to the guidelines put forth in the GDPR regulations and laws. We ensure compliance in both ways which includes our company M/s Tech Fetch as the data processor as well as our clients, the employers or the data controllers. Both parties are expected to be in accordance with the rules and regulations of GDPR. And hence we assure that our company and its processes are GDPR compliant in every aspect involving data handling of the profiles of candidates or the data subjects.