GDPR compliance

with all specific requirements needed by the Recruiting industry

GDPR | Security |

General notes

General Data Protection Regulation (GDPR) applies to organizations worldwide that make use of Personal Data of European citizens. This EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 entered into force on 25th of May 2018. Non-compliance could result in fines of up to € 20,000,000 or 4% of your annual turnover.


You, following the GDPR definition, are seen as "Data Controller". You have the responsibility for the protection of your contact persons', applicants' and candidates personal data, and you are fully responsible for whatever is done with that data. This means you'll need to have full control over how that Personal Data are kept and processed by your ATS to be GDPR compliant.

Being a User of Jobin system, you are fully equipped with all tools and functionality for that (see below for details).

Candidates are "Data Subjects", as they can be identified from the personal data they are giving to recruiters. They are the "owner" of their personal data and have rights on how their personal data are kept and used.

Jobin, is seen as "Data Processor" under the GDPR definition because it process the data on behalf of the Data Controllers. The responsibility of the Data Processor is to make sure that all technical aspects and the tools required to be compliant are in place and accessible to all the Users, both the "Data Controller" and the "Data Subjects".

GDPR general data protection principles

Jobin allows the fulfillment of the GDPR general data protection principles and helps you to fully comply with EU regulations:

  • Purpose limitation
  • Data minimisation
  • Limited storage periods
  • Data quality
  • Data protection by design and by default
  • Legal basis for processing
  • Processing of special categories of personal data
  • Measures to ensure data security
  • Requirements in respect of onward transfers to bodies not bound by the binding corporate rules
  • Appropriate data protection training to data protection officer and personnel having permanent or regular access to personal data

Service suppliers

Through the course of our ongoing operations and providing our service to customers, we may enlist third-party web services, software, SaaS, PaaS or IaaS suppliers (i.e video conferencing, issue tracking, accounting or other line-of-business applications) in order to meet our business obligations.

Some of these suppliers may be located outside of the EU and as such are outside the direct jurisdiction of the GDPR. Where this is the case, we both adopt our own standard internal data protection measures and ensure that an equivalent level of Data Protection to GDPR (or potentially better) is in place for the providers we use and that they explicitly comply with GDPR regulatory requirements, either directly in their contractual agreements or by adopting data protection standards such as the EU-U.S. Privacy Shield Framework (See here for details)

How Jobin assists you in becoming GDPR compliant

All GDPR requirements covered

Your EU citizen applicants and candidates have special rights on how their personal data is used. Jobin assists you to be fully GDPR compliant:

  • Consent: Jobin makes it easy for you to ask your contacts and candidates for consent to process their personal data and remain in your database for career advices and consideration in future job opportunities. Bulk operation for messaging, monitoring, and response collection make it all automatic and easy for you to stay compliant effortlessly. All profiles will be accordingly flagged having as primary aim the fairness and the respect of all the rights of the "Data Subjects" which are your Candidates and Contacts. At the same time you will have permanently a clean database of active and consentient job seekers.
  • Withdrawal of consent: Your contacts and candidates can withdraw their consent for processing their personal data at any time because in any email they receive there is a customized link to perform this operation in automatic.
  • Storage Period: GDPR allows you to store personal data only for the period needed by the service you provide. In Jobin you can set a data retention period and eventually ask to your ex candidates if they still are interested in be considered for future career opportunities. In this way you can easily delete expired profiles and continue keeping the active ones. You are in full control of this process and can customize all parameters. Expired profiles will be anonymized and retained to allow reports.
  • Accessibility: You, as "data controller" shall be able to provide a copy of the personal data undergoing processing to the "data subjects" your candidates. In the case of a recruiting process this probably consist in a CV/resume directly received from the candidate or maybe taken from a profile posted on internet again by the person him/herself. Anyway, Jobin give you the possibility to export data copy in common .csv format to the owner that make that request allowing you to be GDPR compliant.
  • Amendments and rectification: The "data subjects" your candidates, have the right to request rectification or erasure of their personal data and using the Jobin system they can request correction using a customized link received in any email.
  • Security of processing: Jobin implement state of the art technical and organisational measures to ensure a high level of security. This includes encryption, ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • Cookies: Jobin uses cookies to enable core functionality such as security, network management, and accessibility. However, any user is informed by a cookie consent dialog about this and may disable these at any time by changing the browser settings.
  • The right not to be subject to decisions based solely on automated processing: Jobin offers plenty of automatic features but you, as User and "Data Controller", always have the full control of any process, any configuration and settings of the automatic systems and in particular full control on the final decision made evaluating a candidate. These are fully transparent automatism with the purpose of enhancing the productivity and the informed decisions you need to take.