The GDPR policy makes it mandatory for companies to protect the personal data of European citizens if they are storing or sharing the same. When we say personal data, it includes an individual’s name, photos, contact information, email ID, etc.
This is a new step taken to protect customers’ rights and will regulate the export of customer data. With complete transparency, now customers will know when and where their data is being used.
We are proud to announce that RChilli is General Data Protection Regulation (GDPR) compliant.
We've launched a new update to our parsing API keeping the GDPR guidelines in mind. RChilli has never stored resume information during/after parsing on its cloud servers since its inception.
We only keep
- A log of IP
- User Key
- Sub user Value
- File Name.
IP- It means your IP address of the server from where you call our service. This is your outbound server IP and not that of candidates.
User Key, Sub User ID - are predefined. They have nothing to do with candidate information.
File Name - This can be considered as the private information of the candidate. We save file names for billing purposes only. Now with GDPR compliant product, you can delete these file names.
We never store personal data of candidates on our servers. This includes
- Contact details (phone number, email address)
- Bank details
- Medical information
- Marital status
- Date of birth
- Family details
- Street addresses
- Social media links
Apart from this, we also do not save
- Any references mentioned in the resume/CV
- Any URLs and IP addresses
Another compliant issue is data traveling to non-EU servers. For this, we can host the cloud API for you on an EU node of AWS.
We keep user data with us only until the logs are analyzed. Once the analysis is done, we delete this data. You can also send a request to delete your account. It will change the username and other information to a non-recognizable number. We also assume that you are authorized to share candidates’ data with third-party (us) and have the right to get their information deleted if required.
According to this law, it is legal to collect and use data of candidates as long as they have shared it with you willingly. But if your company misrepresents it or shares the same with a third-party without candidates’ knowledge, you will be charged with a heavy fine. Candidates have the right to get their data deleted at any time, and you must accept their request. If there is a security breach, companies must inform the authorities within 72 hours. To adhere to the guidelines of GDPR, let your candidates know where you are using their data and oblige them when they would like to delete it.