CV Partner processes personal data on behalf of our clients. Keeping this data safe while staying compliant with EU and other privacy regulations is our top priority.
What we do:
- We have a standard Data Processing Agreement which we offer to all clients. This regulates the relationship between you (our client) as a Data Controller and we (CV Partner) as a Data Processor.
- We have thorough internal audit procedures, including exception handling, which we review regularly.
- We have an ISO 27001 certification.Read: Security and ISO 27001
- We have an information security policy that includes a strict access policy and a data classification policy.
- We train and ensure awareness of the above to all our employees.
- We only store personal data within the EU (Ireland and Germany) and we strictly limit the number of subprocessors (Amazon Web Services).
- We only process personal data within the EU/EEA.
- All personal data, including backups, will be deleted within 3 months after a user is deleted.
- We have conducted a Data Privacy Impact Assessment and a Risk Assessment.
- Your employees can access, rectify and delete their personal information by accessing the CV Partner tool.
- Your administrators can download personal data via built-in functionality and provide this to any of your employees who might request this (Data Portability).
What we recommend our clients to do:
- Ensure legitimate legal basis for the data you process (usually “Contract”, such as employment agreements with your employees).
- Sign the data processing agreement with CV Partner.
- Inform your employees of the processing.
- Provide a dedicated contact person for privacy issues.
- Implement routines (manual or automatic) for deleting users (and their personal data) if/when they leave.
