GDPR Compliance
GDPR Compliance with Pinpoint
How Pinpoint helps our customers comply with the GDPR
Our CEO was previously Chief Digital Officer at a cloud computing company that focussed on serving customers with stringent security needs, and complex data protection and data residency requirements. So it’s not surprising that we take privacy and security incredibly seriously at Pinpoint.
We have years of experience helping customers navigate the changes to data protection laws in the UK and Europe. Customers that choose Pinpoint as their ATS get access to enterprise-grade security and privacy features for their recruitment teams.
How Pinpoint helps our customers comply with GDPR requirements
The right to be informed
- Create and customize a privacy policy you can add to your careers site
- Ensure candidates provide consent to join your talent pool
Consent
- Ensure candidates provide consent to join your talent pool
- Collect explicit candidate consent on application forms
- Allow candidates to see the types of nonessential cookies used on Pinpoint careers sites and opt out of any of them
- Allow candidates to manage their data though a dedicated portal (including revoking their application)
Access & portability
- Export data from the system in CSV format using the custom report builder
- Get an export of your data from Pinpoint at the end of your contract
Modification
- Allow candidates to manage their data though a dedicated portal (including revoking their application)
Security measures
- Your data is protected by our security, privacy, and business continuity practices
Limitation of purpose, data and storage
- Automatically set data retention periods and remove candidates’ personal data after a set period of time
- Data retention periods can be configured differently for each region you recruit in
The right of access
- Allow candidates to manage their data though a dedicated portal (including revoking their application)
- Export the information you hold about a candidate in a CSV format that you can send to them
The right to erasure
- Allow candidates to manage their data though a dedicated portal (including revoking their application)
- Delete an application by clicking a button on a user profile
Does the GDPR apply to our organization?
The GDPR applies to all companies that process the personal data of European Union (EU) citizens or residents, even if the companies are based outside of the EU. If you have any applicants, candidates, or employees located in the EU, then the GDPR will apply to you.
Is Pinpoint a data controller, or a data processor?
Pinpoint is a data processor, and our Customers are data controllers. This means we are responsible for complying with the GDPR and helping our customers comply as well.
What is the geographical location of the site where data is stored?
Data is stored exclusively in our production infrastructure, split across our two hyperscale cloud service partners (AWS and Digital Ocean) across three data centre locations (Amsterdam, Dublin and London).
All data centres have been accredited under at least ISO/IEC 27001:2023 or ISO/IEC 27001:2013 and SOC 1,2.
Does the GDPR require personal data to be stored in the EU/EEA?
Does Pinpoint transfer any data to sub-processors?
Pinpoint uses sub-processors, a list of which can be found here.
We have terms in place with all sub-processors and adequate provisions to keep data protected when it is processed outside of the EEA.
What does Pinpoint do to ensure lawful data transfers outside of the EU/EEA?
We complete transfer impact assessments, and have terms in place with all sub-processors and adequate provisions that are up-to-date with the latest requirements for data transfer outside the EEA.
Security & Privacy at Pinpoint
See our full list of related resources about how we keep your data secure.