GDPR Compliance

The right to be informed

• Create and customize a privacy policy you can add to your careers site
• Ensure candidates provide consent to join your talent pool

Consent

• Ensure candidates provide consent to join your talent pool
• Collect explicit candidate consent on application forms
• Allow candidates to see the types of nonessential cookies used on Pinpoint careers sites and opt out of any of them
• Allow candidates to manage their data though a dedicated portal (including revoking their application)

Access & portability

• Export data from the system in CSV format using the custom report builder
• Get an export of your data from Pinpoint at the end of your contract

Modification

• Allow candidates to manage their data though a dedicated portal (including revoking their application)

Security measures

• Your data is protected by our security, privacy, and business continuity practices

Limitation of purpose, data and storage

• Automatically set data retention periods and remove candidates’ personal data after a set period of time

The right of access

• Allow candidates to manage their data though a dedicated portal (including revoking their application)
• Export the information you hold about a candidate in a CSV format that you can send to them

The right to erasure

• Allow candidates to manage their data though a dedicated portal (including revoking their application)
• Delete an application by clicking a button on a user profile

The GDPR applies to all companies that process the personal data of European Union (EU) citizens or residents, even if the companies are based outside of the EU. If you have any applicants, candidates, or employees located in the EU, then the GDPR will apply to you.

Pinpoint is a data processor, and our Customers are data controllers. This means we are responsible for complying with the GDPR and helping our customers comply as well.

No. The GDPR allows personal data to be transferred outside the EEA, as long as the data maintains the protections it has under the GDPR.

Pinpoint uses sub-processors, a list of which can be found here: https://www.pinpointhq.com/security-privacy/sub-processors/

We have terms in place with all sub-processors and adequate provisions (such as Standard Contractual Clauses) to keep data protected when it is processed outside of the EEA.

We have terms in place with all sub-processors and adequate provisions (such as Standard Contractual Clauses) that are up-to-date with the latest requirements for data transfer outside the EEA.

The July 2020 European Union Court of Justice ruling put new requirements in place for transferring data outside the EEA.

Currently, the European Commission maintains a list of countries outside the EU that meet their requirements for importing data safely with no additional security measures needed. The United States is not on the European Commission’s list as of April 2022, however, data can still be transferred to the US as long as additional privacy measures are in place.

Pinpoint does put additional privacy measures in place to meet the GDPR’s requirements for data transfer outside the EU. For example, these include Standard Contractual Clauses with all our sub-processors.