Last updated: August 31, 2021
The General Data Protection Regulation (GDPR), which came into effect from May 25, 2018, empowers European Union (EU) residents by placing them in control of their personal information and upholding strict protocols for organizations that collect and process this information.
The GDPR lays down seven core principles. They are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. Data Controllers decide ‘why’; and ‘how’; the personal data should be processed. The data processor processes personal data only on behalf of the Controller. Resuminator acts as a Data controller or Data processor depending on the origin of the transaction.
For the transactions that originate on the Resuminator platform (Website), Resuminator is the Data controller. Resuminator is a Data processor where it processes data for its partners who are Data Controllers. The data controllers specify the kind of data required from the data subject, i.e. the customer. As the data processor, we process data based on the requirements stated by the Data controller.
This data can be of three types:
A. Personal Information (PI): That can identify a person. For instance, email id, mobile number, and photo, etc.
B. Non-Personal Information (non PI): Such as the first name, last name, etc.
C. Sensitive Personal Information (SPI): Such as biometrics, genetic data, sexual orientation, race, and ethnicity, etc. Explicit Consent from Data Subjects
Resuminator has implemented processes to acknowledge and respect Data Subject Rights. A data subject can email us at “email@example.com” and request to exercise Data Subject Rights. Since Resuminator is both Data controller and Data Processor (processing data at the behest of Data Controllers), the verification authority to validate the Customers Data Subject Right request is decided basis the origin of transaction.
Data Subject Rights consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights related to automated decision-making and profiling
A. Data Storage and Security: Resuminator is hosted on Heroku, Vercel & AWS and has put in place industry-standard practices for managing the data in transit and data at rest
B. Data retention: Resuminator maintains data from the transactions enabled on its own platform and the ones enabled on Widgets/Apps enabled for partners. The retention period is defined in accordance with the business and legal needs. We however understand and appreciate the need to provide flexibility to Data controllers to define the data retention periods for their own customers. Such provisions are agreed upon and defined in the contract between the Partners (Data Controller) and Resuminator (Data Processor).
The time-frames can be specified in the contract based on the partner’s specific requirements. The partner can choose to have the data deleted from our cloud-based servers as desired. After the termination or expiry of the contract, the partner can place a request to remove all data by writing to us at “firstname.lastname@example.org”. We validate the request and, if needed, seek confirmation from the partner before processing the request. Resuminator Customers can also request for deletion of their credentials by placing a request from the Account Settings Page, they can also request a copy of data via the same menu.
C. Data Breach Management: We continually monitor and upgrade our systems and processes to maintain the highest standards of data management and privacy practices. In an unlikely event of a data breach, we intend to notify our partner (Data Controllers) and Data subject (where Resuminator is Data controller) immediately and no later than 24 hours after becoming aware of such a breach.
Our commitment to world-class standards, In order to meet the world-class standards for Data Privacy and Data Security, Resuminator has taken steps to be General Data Protection Regulation (GDPR) compliant.