Privacy and GDPR

CV Partner processes personal data on behalf of our clients. Keeping this data safe while staying compliant with EU and other privacy regulations is our top priority. 

What we do:

  • We have a standard Data Processing Agreement which we offer to all clients. This regulates the relationship between you (our client) as a Data Controller and we (CV Partner) as a Data Processor.
  • We have thorough internal audit procedures, including exception handling, which we review regularly.
  • We have an ISO 27001 certification.Read: Security and ISO 27001
  • We have an information security policy that includes a strict access policy and a data classification policy.
  • We train and ensure awareness of the above to all our employees.
  • We only store personal data within the EU (Ireland and Germany) and we strictly limit the number of subprocessors (Amazon Web Services).
  • We only process personal data within the EU/EEA.
  • All personal data, including backups, will be deleted within 3 months after a user is deleted.
  • We have conducted a Data Privacy Impact Assessment and a Risk Assessment.
  • Your employees can access, rectify and delete their personal information by accessing the CV Partner tool.
  • Your administrators can download personal data via built-in functionality and provide this to any of your employees who might request this (Data Portability).

What we recommend our clients to do:

  • Ensure legitimate legal basis for the data you process (usually “Contract”, such as employment agreements with your employees).
  • Sign the data processing agreement with CV Partner.
  • Inform your employees of the processing.
  • Provide a dedicated contact person for privacy issues.
  • Implement routines (manual or automatic) for deleting users (and their personal data) if/when they leave.

General enquiries

Contact - DPO

Nicolai Nielsen
Data Protection Officer