Our Approach to Data Protection and Privacy

CV Partner processes personal data on behalf of our clients. Keeping this data safe while staying compliant with EU and other privacy regulations is our top priority.

Data processing agreement

Data Processing Agreement

This regulates the relationship between you (our client) as a Data Controller and us (CV Partner) as a Data Processor

Our culture

Our Culture and Employees

We have a dedicated Data Protection Officer, in addition to security training for employees to ensure awareness of everything you’ll find on this page

Internal audit procedures

Internal Audit Procedures

We have thorough internal audit procedures, including exception handling, which we review regularly

Information and security policy

Information Security Policy

Including strict access policy and a data classification policy. We boast ISO 27001 and SOC 2 Type II certifications

Data Privacy

We only process personal data within the EU/EEA
All personal data, including backups, will be deleted within 3 months after a user is deleted
We only store personal data within the EU (Ireland and Germany)
We strictly limit the number of subprocessors

Data Portability

Your employees can access, rectify and delete their personal information by accessing
the CV Partner tool
Your administrators can download personal data via built-in functionality and provide this to any of your employees who might request this

Data Protection Policy

Our Data Protection Policy details principles, organization and responsibility, management review, privacy by design, event handling, internal control and other relevant aspects that shall be applied to all processing of personal data in CV Partner.

View our Privacy and Cookie Policy

Some of our security controls:

  • Secure Development and Operations Policy
  • Access Control Policy
  • Information Classification Policy
  • Regular Penetration Testing
  • Internal Audits Automatic routines for applying Security Patches
  • Screening of new Employees
  • Incident Management and Reporting
  • Clear Desk and Clear Screen policy
  • Encryption in transit and at rest

What we recommend our clients do

Sign the data processing agreement with CV Partner
Inform your employees of the processing
Provide a dedicated contact person for privacy issues
Implement routines (manual or automatic) for deleting users (and their personal data) if/when they leave
Ensure legitimate legal basis for the data you process (usually “Contract”, such as employment agreements with your employees)

More questions?

More information on the controls as well as technical measures we have implemented
can be requested fromsecurity@cvpartner.com