Our commitment to the EU Data Regulation
The EU General Data Protection Regulation (GDPR) set a new standard for how companies use and protect EU citizens' data. It took effect on May 25th, 2018.
At Screenloop, we have built a plan to comply with GDPR, ensuring that we fulfil its obligations and maintain compliance with its regulations. We strive to be completely transparent about how we use customer and candidate data.
We are completely GDPR compliant.
Here's an overview of GDPR, and how we specifically manage it at Screenloop.
What’s GDPR?
The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of "personal data" and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
Does it affect me?
Yes. You will hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How have we prepared for GDPR
Our teams across Screenloop have worked hard to build our GDPR roadmap. We have completely overhauled our processes across all of our products to ensure that they will always remain compliant whilst continuing to enhance and develop them in line with our customers needs.
We are a processor with respect to the end-users whose data Screenloop receives: our customers’ users. As a customer of Screenloop, you are a data controller and Screenloop is acting as your data processor for your users.
Here are the main things we've done to ensure we set ourselves and our customers up to meet GDPR obligations:
We built new features that support GDPR throughout the platform.
We allow our customers to be able to delete all data concerning a candidate. (Please speak to your CSM to action)
Our customers can request an export of all data linked to a candidate.
Improving auditing and traceability within Interview Intelligence and Pulse.
Easy to Opt out of Interview recording and Candidate Pulse. (Please reach out to your CSM for activation)
We codified the processing as part of our Data Processing Agreement (DPA).
The DPA ensures that adequate safeguards are in place with respect to the protection of Personal Data to be processed by Screenloop, as required by the Applicable Data Protection Laws. It covers regulatory and operational changes to GDPR. Customers can contact support@screenloop.com to view and sign a copy.
Vendor coordination
We reviewed all our vendors, ensuring compliance and arranged DPAs with all finding out about their GDPR plans and arranged similar GDPR-ready data processing agreements with them.
Questions?
Feel free to reach out to us at support@screenloop.com
Screenloop’s approach to DEI data processing
Under article 9 of GDPR, section 2 a) and b), it is allowed to process special categories of personal data such as gender, ethnicity and age, if:
the data subject (the candidate) has given explicit consent to the processing of those personal data;
if processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment
Screenloop Pulse’s approach to DEI data:
Firstly, Screenloop allows candidates to choose if they want to share DEI data, please see the screenshot below:
answers are completely anonymous - candidates are made aware of it;
the purpose of collecting this data is explained;
It is NOT a mandatory field, candidates will always have a choice to skip providing this information.
Above visual is a screenshot from Candidate Pulse journey
The data is then processed in line with GDPR guidance as described in:
Screenloop’s Privacy Policy
Screenloop’s Data Processing Addendum