RecruitiFi is committed to constantly maintaining knowledge of the evolving application security landscape and ensuring that security and privacy best practices are up-held across the whole organization.
COMPLIANCE & CERTIFICATIONS
GDPR - Privacy Shield Certified
PCI-DSS
SOC2*
ISO27001*
Protecting Your Data
The aim of RecruitiFi's security practice is to prevent any unauthorized access to customer data. We are always looking at ways in which we can improve the security of RecruitiFi taking exhaustive steps to find and mitigate risks and protect all user data.
Regular management security and privacy reviews are in place to address any areas that we believe can be improved upon and further secured. Implementation of this may be through new security certification, compliance or 3rd party testing to ensure best practices and improve security across the whole of RecruitiFi.
Privacy
We take privacy very seriously. We are committed to protecting all user information. We have used clear and simple language to illustrate our activities, processes and how we handle data in our corporate Privacy Policy.
This policy covers the following:
• Whose information we collect
• Information we collect
• Information we collect about you
• Why we collect your information
• How we share information we collect
• How we protect your information
• Other important privacy information
We ask that you read this Privacy Policy carefully as it contains important information about what to expect when we collect personal information and how we use personal data.
GDPR
RecruitiFi is fully GDPR compliant, and remains at the forefront of data privacy for all of our users. We meet or exceed the various requirements of global privacy regulations, including GDPR.
While legislation like GDPR only applies to citizens of EU member states, RecruitiFi extends the same level of data privacy and security to all of our users globally.
How does RecruitiFi maintain compliance?
Here are just a few of the ways that RecruitiFi maintains our high standards of privacy:
• Maintaining a thorough and transparent privacy policy that is compliant with GDPR and other global data protection acts
• Allowing preemptive opt-out of cookies
• Allowing easy request for deletion, correction, download, and transfer of personal data
• Appointing a data protection officer to handle any data related issues
Are candidate submissions GDPR compliant?
All candidates that are submitted through our platform are notified and must opt-in with active consent to have their information shared with an employer. RecruitiFi does not use their data for any marketing purposes or any purposes other than the one that they have consented to—being submitted for review at a specific employer.
What about EEOC, OFCCP, and other local employment laws that require record retention?
It should be noted that GDPR and other data protection acts only allow for the right to delete personal data when it’s not legally required for an organization to retain that data for other purposes. Many countries have anti-discrimination laws in place to create fair hiring practices. These laws require retention of resumes, hiring records, disposition records, etc. Because these laws legally require retention of candidate data, the local employment legislation overrules GDPR and requires RecruitiFi to retain data accordingly. However, these employment laws do not invalidate the rest of the GDPR, and RecruitiFi handles data in accordance with the remaining aspects of GDPR.
What if I want to learn more?
If you have further questions or concerns, please don't hesitate to reach out to our Data Protection Officer at dpo@recruitifi.com.
Endpoint Security
Before anyone joins RecruitiFi as an employee, their workstation is set-up and configured to comply with all of our security policies. These policies require that all workstations are configured to a high level and complying with security certification standards such as ISO27001.
Each workstation has data encrypted at rest, strong passwords (managed by a secure password management vault), location tracking enabled and screens automatically turning off when idle. Monitoring
SA central management system is used to monitor, track and report on malware, unauthorized software and removable storage devices. This is to ensure that all workstations are up to date with patches and security. We also have a strict no-removable storage device policy. Any mobile devices (phones or tablets) used for work purposes are part of a mobile device management system for location tracking, secure passwords and SSO.
Confidentiality
All new hires are screened during the hiring process. On commencement of employment at RecruitiFi, employees and contractors. This is also up-held post-employment contract.
Provisioning
Only certain people within the organization are given access to sensitive information. It is on a need-to-know basis with role based permissions, to enable employees to perform their job to the best of their ability.
Our access control policy is implemented internally and within RecruitiFi we have multiple levels of security clearance. Some access, such as extended support or screen-sharing scenarios is performed on a client-agreement basis.
Authentication
To increase the security even further, RecruitiFi uses Two Factor Authentication (2FA) for systems that contain sensitive or personal data.
The use of Single Sign On (SSO) for employee’s enables management to disable or change access to all applications instantly. This is used when an employee leaves RecruitiFi or their access needs to be removed.
Password Management
As part of our internal password policy, RecruitiFi requires all employees to use an approved password manager. This is to ensure passwords are strong, kept in a secure location, regularly changed and not re-used. Where necessary, the password manager alerts users to any potential password risks to maintain high-level security at all levels.
Vendor Management
When selecting a suitable vendor for a required service, we take the appropriate steps to ensure that the security and integrity of our platform is maintained. Every sub-service organization is heavily scrutinized, tested and security checked prior to being implemented into RecruitiFi.
Vendor Compliance
RecruitiFi monitors the effectiveness of these vendors and they are reviewed annually to confirm their continued security and safeguards are being upheld.
Sub-processors
In any situation where the use of one of these sub-service organizations could potentially impact the security of RecruitiFi, we take appropriate steps to mitigate the risk. This includes establishing agreements and ensuring that they are compliant with relevant certifications or regulations, such as GDPR.
* RecruitiFi's certification is currently in the approval process.