GDPR Compliance

• Data Controller: The entity that determines the purposes and means of processing personal data (typically Jobin.cloud users/customers).
• Data Processor: The entity that processes personal data on behalf of the data controller (Jobin.cloud).
• Data Subject: An individual whose personal data is being processed (the contact/candidate).
• Processing: Any operation performed on personal data (e.g., collection, storage, use, sharing).

Jobin allows the fulfillment of the GDPR general data protection principles and helps you to fully comply with EU regulations:

• Purpose limitation
• Data minimisation
• Limited storage periods
• Data quality
• Data protection by design and by default
• Legal basis for processing
• Processing of special categories of personal data
• Measures to ensure data security
• Requirements in respect of onward transfers to bodies not bound by the binding corporate rules
• Appropriate data protection training to data protection officer and personnel having permanent or regular access to personal data

Jobin.cloud acts as a data processor by providing software tools and services that allow data controllers to collect, manage, enrich, and communicate with data subjects. All data processing is conducted solely on the instructions of the data controller.

Jobin.cloud processes personal data solely under the direction and legal basis defined by the data controller. It is the responsibility of the data controller to ensure that they have a valid legal basis for processing data, including:

• Consent from the data subject
• Legitimate interest
• Performance of a contract
• Compliance with a legal obligation

Jobin.cloud facilitates GDPR compliance through the following features:

• Unsubscribe Mechanism: All emails include an unsubscribe link for data subjects to opt out of communications.
• Access & Erasure: Upon request, Jobin.cloud enables access, rectification, and deletion of data as directed by the controller.
• Data Portability: Export tools are available to fulfill data portability requests.

Jobin.cloud offers an enrichment feature that sources additional publicly available and licensed data to support recruitment and outreach purposes. Data is sourced from:

• Public Sources: Government records, open datasets, and data made manifestly public or distributed through public media.
• Proprietary Sources: Third-party partners who warrant GDPR-compliant data sharing rights.

Through the course of our ongoing operations and providing our service to customers, we may enlist third-party web services, software, SaaS, PaaS or IaaS suppliers (i.e video conferencing, issue tracking, accounting or other line-of-business applications) in order to meet our business obligations.

Some of these suppliers may be located outside of the EU and as such are outside the direct jurisdiction of the GDPR. Where this is the case, we both adopt our own standard internal data protection measures and ensure that an equivalent level of Data Protection to GDPR (or potentially better) is in place for the providers we use and that they explicitly comply with GDPR regulatory requirements, either directly in their contractual agreements or by adopting data protection standards such as the EU-U.S. Privacy Shield Framework (See here for details)

Jobin.cloud ensures appropriate technical and organizational measures, including:

• Encryption at rest and in transit
• Access controls and user authentication
• Logging, monitoring, and vulnerability testing
• Confidentiality agreements and staff training

All personal data processed by Jobin.cloud is stored exclusively on servers located within the European Union (EU). This ensures compliance with GDPR and avoids cross-border data transfers.

Data is retained only as long as necessary to provide services or as instructed by the data controller. Upon request, data is deleted or returned.

Jobin offers many automated features but the data controller always has the full control of any process, any configuration and settings of the automatic systems and in particular full control on the final decision made evaluating a data subject. These automated features exclusively serve the purpose of enhancing the productivity and the informed decisions taken by the data controller.