Schedule a Call

GDPR Compliance

GDPR Compliance with Pinpoint

How Pinpoint helps our customers comply with the GDPR

Our CEO was previously Chief Digital Officer at a cloud computing company that focussed on serving customers with stringent security needs, and complex data protection and data residency requirements. So it’s not surprising that we take privacy and security incredibly seriously at Pinpoint.

We have years of experience helping customers navigate the changes to data protection laws in the UK and Europe. Customers that choose Pinpoint as their ATS get access to enterprise-grade security and privacy features for their recruitment teams.

How Pinpoint helps our customers comply with GDPR requirements

The right to be informed
Consent
  • Ensure candidates provide consent to join your talent pool
  • Collect explicit candidate consent on application forms
  • Allow candidates to see the types of nonessential cookies used on Pinpoint careers sites and opt out of any of them
  • Allow candidates to manage their data though a dedicated portal (including revoking their application)
Access & portability
  • Export data from the system in CSV format using the custom report builder
  • Get an export of your data from Pinpoint at the end of your contract
Modification
  • Allow candidates to manage their data though a dedicated portal (including revoking their application)
Security measures
Limitation of purpose, data and storage
The right of access
  • Allow candidates to manage their data though a dedicated portal (including revoking their application)
  • Export the information you hold about a candidate in a CSV format that you can send to them
The right to erasure
  • Allow candidates to manage their data though a dedicated portal (including revoking their application)
  • Delete an application by clicking a button on a user profile

Does the GDPR apply to our organization?

The GDPR applies to all companies that process the personal data of European Union (EU) citizens or residents, even if the companies are based outside of the EU. If you have any applicants, candidates, or employees located in the EU, then the GDPR will apply to you.

Is Pinpoint a data controller, or a data processor?

Pinpoint is a data processor, and our Customers are data controllers. This means we are responsible for complying with the GDPR and helping our customers comply as well.

What is the geographical location of the site where data is stored?

Data is stored exclusively in our production infrastructure, split across our two hyperscale cloud service partners (AWS and Digital Ocean) across three data centre locations (Amsterdam, Dublin and London).

All data centres have been accredited under at least ISO/IEC 27001:2023 or ISO/IEC 27001:2013 and SOC 1,2.

Does Pinpoint transfer any data to sub-processors?

Pinpoint uses sub-processors, a list of which can be found here.

We have terms in place with all sub-processors and adequate provisions to keep data protected when it is processed outside of the EEA.

What does Pinpoint do to ensure lawful data transfers outside of the EU/EEA?

We complete transfer impact assessments, and have terms in place with all sub-processors and adequate provisions that are up-to-date with the latest requirements for data transfer outside the EEA.

Security & Privacy at Pinpoint

See our full list of related resources about how we keep your data secure.