In this article, you can read about some of the measures taken by RecMan to ensure compliance with the General Data Protection Regulation, GDPR.
Customizable policy for personal protection, terms and conditions and cookies
You, as a client, have the possibility to define policies (texts) regarding personal protection, terms and conditions and the use of cookies. RecMan offers standard texts for this, but it is the client’s responsibility to see that the texts correspond to the actual usage of the data and to make relevant adjustments to them. You can read more about how to change the texts here.
Two-factor authentication
A simple add-on for two-factor authentication is activated per user (co-worker). More information about this is available in this article. It is also possible to turn on two-factor authentication to open candidate presentations, forms, and other objects that are sent digitally. As an administrator, you may also activate authentication policies for users and standard requirements for authentication from main settings.
Electronic presentations of candidates
You can send candidate presentations electronically with an expiration date set to be in control of the information that is distributed. RecMan also offers two-factor authentication related to this, where a default may be set in the main settings. You can get more information about the candidates' presentations in this article.
reCAPTCHA
A reCAPTCHA is used to verify that it is an actual person trying to open a document, register a profile, or the like. RecMan uses the Google reCAPTCHA system, which is an industry standard. In RecMan, electronic documents (agreements, order confirmations, candidate presentations, etc.), as well as for candidate registration, will have a captcha to avoid robots indexing the documents. Read more about reCAPTCHA in this article.
Data portability
Users (co-workers) can easily export data electronically to JSON or PDF formats if the candidate wishes to view the information you have stored on their profile. You can read more about it in this article. If activated from Corporation settings, the candidate may also download some of their profile from the candidate page.
Delete candidates
A system user (co-worker) has the possibility to delete candidates if they have permission to do so. As the candidate card itself includes all information stored about the candidate, deletion of the candidate profile will result in all information related to the candidate will be removed. Economical data will, of course, remain, but it may be difficult to locate who specifically this data is related to as the candidate card is removed. If activated from Corporation settings, the candidate may also delete their profile or request deletion from the candidate page. It should be noted that a candidate may always add, edit, and delete their own information from the candidate page.
Automatic deletion and follow-up of candidates
As an administrator, you may, from the Corporation settings, activate features that assist you in terms of deletion routines, follow-up, and compliance. These features are highly customizable, and they focus on the following:
- Automatic deletion of candidates
- Automatic deletion of candidates that have not accepted terms
- Automatic email notifications sent to the candidate before deletion
- Automatic extension of deletion period for active candidate profiles
- Automatic email notifications sent to candidates that have not accepted the terms
- Automatic and recurring email notifications sent to candidates based on several options and criteria
Remember to update your privacy policy and terms based on your settings. For example, it is good practice to let a candidate know that their profile will, according to your settings, be deleted after X years when they register a profile in your candidate database.
Compliance module
As a user (co-worker), you may also jump into the so-called Compliance module if you have permission to access it. This database contains the same candidates as the regular candidate database but has other filters and features. The idea of the Compliance module is to provide you with the overview and features to follow up on your policies, routines, terms, and compliance with ease. Some do not utilize the features for automatic deletion and rather perform manual routines to make sure they are compliant. This module enables you to do so.
Individual access control
Access rights and permissions to various information and functionality RecMan can be defined per user (co-worker). Learn more about access control in this article.
More about GDPR and templates
To read more about GDPR, please see this article. And if you seek inspiration for texts and emails, please visit the article for GDPR-related templates.