TechFetch RPO Services is a company that provides services of online Pre Employment Tests to the employers of various organizations and companies to help them choose the right candidates for the job roles they are hiring for. The company helps employers in choosing the right skill analysis tests suitable for the specific job roles for which the candidates are interviewed for.
In order to conduct these tests, TechFetch RPO Services needs to have access to the personal details of the candidate so that the test to be conducted without any hindrance. Therefore the company is obliged to follow Data Protection and Privacy guidelines set forth by the EU in General Data Protection and Regulation or GDPR.
The primary aim of GDPR is to ensure that the organization processes the candidates' data safely and transparently and use it exactly for the purpose for which the data was procured in the first place. Techfetch RPO Services follows the rules and regulations as per GDPR so that the collected data is used only for the purpose of smooth functioning of the tests and to make sure that the data is not leaked or breached in any case.
The Company’s approach in regard to the GDPR compliance is explained and outlined in the coming sections .
Recruitment is the first process of Techfetch RPO Services in which employers are assisted in conducting the skills tests and thereby shortlisting candidates for the final interview. This includes all the personal details of the job applicants to be fed into our websites for registration. Therefore, as per GDPR guidelines, Techfetch RPO Services acts a Data Processor whereas our clients who are the employers or management of the organization acts as the Data Controller.
The Data Processor has the authority to handle the data received from the Data Controller with precision and supreme care. The safety and security of this collected data is taken into highest account and precautionary steps and care is taken as per GDPR guidelines. Also, in accordance with Article 32 of the GDPR guidelines , an incident response plan is pre planned to take control of the situation in case of any unpleasant incident that might put the personal data of the candidates at risk.
The Pre-Employment Skills tests are usually conducted using the personal mail id of the candidates. Also our clients or employers have access to additional information like the resumes of the applicants. The personal information that helps in candidate identification like the name of the candidate, gender, education details, residence, etc, requested by our clients will also be in regards to GDPR.
The Article 5 of GDPR mentions that the data can be collected only for explicit reasons and specified purposes which are legitimate enough and hence it should not be further utilized or processed in an unethical manner. This is in order to ensure that the data is processed in a transparent and fair manner.
According to Article 6 of GDPR , the data can be lawfully processed by TechFetch RPO Services because of the following reasons :-
TechFetch RPO Services ensures that the company receives the consent of the candidates before proceeding with the analysis tests. The terms and conditions will be updated to the candidates in a message prior to participation to let them know about the transparency of the process of data collection. Even Though the candidates can cancel their consent at any time as per GDPR guidelines, this request can be denied if data processing is highly necessary for legitimate reasons set forth by the controller. Hence Techfetch RPO Services will proceed based on the direction from our customer.
The data collected from the data controller is handled by using the following steps or processes :-
The candidates are entitled to know the details regarding the security aspects involved during data handling while collecting data from our clients.
According to Article 46, it is possible to transfer data across EU borders if the data controller or the customer and the Data Processor or the Interview Mocha have made an agreement which includes clauses specified by the EU. Also the later should have taken the necessary security measures required for the transfer. The transfer is to be completely in compliance with the GDPR. Article 49 also provides confirmation regarding this by stating it can be done for the necessity of carrying out a contract between the data controller and the data subject.
Techfetch RPO Services gives full guarantee on the secure keeping of your data. The private information is not supposed to be stored for longer periods as per GDPR. Hence Techfetch RPO Services provides a flexible system for our clients or data controllers. As per their need, we maintain or delete the database for a specific period of time.
The processing of data is done by taking the necessary security measures as prescribed in Article Number 25. The data which can be accessed only using the candidate’s mail id and password is secure and encrypted. At TechFetch RPO Services, data security is taken very seriously and is made in compliance to EU standards as well.
There are certain rights pertaining to the users of our services. Our service team is responsible for providing users with assistance regarding the usage of these services. All users are subjected to enjoy the following rights while using our services and tests :-
All the activities and tasks related to the individual data of a candidate needs to be maintained by the representative of each data controller within a well maintained record as per the Article 30. Our company maintains a detailed log of all the processes involved and any additional tasks will be recorded as per customer needs in compliance with the policies.
The Article 33 of the GDPR specifies that the authority who is in the superior position needs to be made aware of any kind of breach in data within 72 hours of the happening of data breach. Our company has the necessary facilities and mechanisms for monitoring data to be notified of any such violations. Within less than 24 hours of the incident, we will notify our customers or data controllers about the situation in case a breach is discovered. Article 33 has guidelines on the measures needed to be taken for communication between the processor and the controller. In this way, we ensure that our customers have required time needed for contacting the authority on data breach.
Techfetch RPO Services gives importance in protecting and managing the database received from our clients in the utmost secure way with regards to the guidelines put forth in the GDPR regulations and laws. We ensure compliance in both ways which includes our company M/s Techfetch RPO Services as the data processor as well as our clients, the employers or the data controllers. Both parties are expected to be in accordance with the rules and regulations of GDPR. And hence we assure that our company and its processes are GDPR compliant in every aspect involving data handling of the profiles of candidates or the data subjects.