Privacy & Security | Data Protection & Compliance at RecruitiFi

Privacy & Protecting your data



RecruitiFi's security practice prevents any unauthorized access to customer data. We undergo regular security and privacy reviews internally and through 3rd party testing and certification bodies to ensure best practices are implemented across the whole of RecruitiFi.

To understand more about our activities, processes, and how we handle data, please see our corporate Privacy Policy. This policy covers the following:

Whose information we collect
Information we collect
Information we collect about you
Why we collect your information
How we share information we collect
How we protect your information
Other important privacy information

GDPR & CCPA



RecruitiFi is fully GDPR compliant, and remains at the forefront of data privacy for all of our users. We meet or exceed the various requirements of global privacy regulations, including GDPR.

While legislation like GDPR only applies to citizens of EU member states, RecruitiFi extends the same level of data privacy and security to all of our users globally.

RecruitiFi is fully GDPR & CCPA compliant, and remains at the forefront of data privacy for all of our users. While legislation like GDPR only applies to citizens of EU member states, and CCPA only applies to California residents, RecruitiFi extends the same level of data privacy and security to all of our users globally, meeting or exceeding all global requirements.

How does RecruitiFi maintain compliance?

- Maintaining a transparent privacy policy compliant with GDPR, CCPA and other global and domestic data protection acts
- Allowing preemptive opt-out of cookies
- Allowing easy request for deletion, correction, download, and transfer of personal data
- Maintaining a data protection officer to handle any data related issues

Are candidate submissions GDPR & CCPA compliant?

All candidates that are submitted through our platform are notified and must opt-in with active consent to have their information shared with an employer. RecruitiFi does not use their data for marketing or any purposes other than the one that they have consented to—being submitted for review at a specific employer.

What about EEOC, OFCCP, and other local employment laws that require record retention?

GDPR, CCPA, and other data protection acts only allow for the right to delete personal data when it's not legally required for an organization to retain that data for other purposes. Many countries, including the United States, have anti-discrimination laws in place to create fair hiring practices. These laws require retention of resumes, hiring records, disposition records, etc. Because these laws legally require retention of candidate data, the local employment legislation overrules GDPR and CCPA and requires RecruitiFi to retain data accordingly. However, these employment laws do not invalidate the rest of these data protection acts, and RecruitiFi handles data in accordance with the remaining aspects of the legislation.

What if I want to learn more?

If you have further questions, please contact our Data Protection Officer at [email protected].

Compliance & Certifications



GDPR
CCPA
PCI-DSS
SOC2

Endpoint Security



Before anyone joins RecruitiFi as an employee, their workstation is set-up and configured to comply with all of our security policies. These policies require that all workstations are configured to a high level and complying with security certification standards such as ISO27001.

Each workstation has data encrypted at rest, strong passwords (managed by a secure password management vault), location tracking enabled and screens automatically turning off when idle.

SA central management system is used to monitor, track and report on malware, unauthorized software and removable storage devices. This is to ensure that all workstations are up to date with patches and security. We also have a strict no-removable storage device policy. Any mobile devices (phones or tablets) used for work purposes are part of a mobile device management system for location tracking, secure passwords and SSO.

Confidentiality



All new hires are screened during the hiring process. On commencement of employment at RecruitiFi, employees and contractors. This is also up-held post-employment contract.

Provisioning



Only certain people within the organization are given access to sensitive information. It is on a need-to-know basis with role based permissions, to enable employees to perform their job to the best of their ability.

Our access control policy is implemented internally and within RecruitiFi we have multiple levels of security clearance. Some access, such as extended support or screen-sharing scenarios is performed on a client-agreement basis.

Authentication



To increase the security even further, RecruitiFi uses Two Factor Authentication (2FA) for all systems and tools.

Federated Identity Management / SSO is used to manage employee's access to services internally and externally and can be revoked instaneously. This is used when an employee leaves RecruitiFi or their access needs to be removed.

Password Management



As part of our internal password policy, RecruitiFi requires all employees to use an approved password manager. This is to ensure passwords are strong, kept in a secure location, regularly changed and not re-used. Where necessary, the password manager alerts users to any potential password risks to maintain high-level security at all levels.

Vendor Management & Compliance



When selecting vendors, we take the appropriate steps to ensure that the security and integrity of our platform is maintained. Every sub-service organization is heavily scrutinized, tested and security checked prior to being implemented. RecruitiFi monitors the effectiveness of these vendors and they are reviewed annually to confirm their continued security and safeguards are being upheld.

Sub-processors



In any situation where the use of one of these sub-service organizations could potentially impact the security of RecruitiFi, we take appropriate steps to mitigate the risk. This includes establishing agreements and ensuring that they are compliant with relevant certifications or regulations, such as GDPR.

Designed for trust. Secured for scale.

Permanent Placement

Contract Workforce

Contract Workforce Statement of Services

Privacy Policy

Permanent Placement

Contract Workforce

Contract Workforce Statement of Services

Privacy Policy

Your Guide to Smarter Hiring

Proven Results. Real Impact.

Solutions

Benefits

Partners

Resources

Company