GDPR

GDPR SUMMARY

 

 

What is GDPR?

 

 

General Data Protection Regulation (GDPR) is a regulation on European Union (EU) law on data security and privacy for all individuals residing in an EU member state. The regulation primarily is in place to provide more control to an individual over the use of their personal identifiable data. GDPR will go into effect on May 25th, 2018.

 

 

What is personal identifiable information?

 

 

In relation to GDPR Personal Identifiable Information (PII) refers to any data that can be used to identify an individual. A few obvious examples would be and individuals passport number, mailing address, email address, or phone numbers.  However, with updates to technology information such as IP address, social media posts, and behavioral data can also be considered PII.

 

 

Who should care about GDPR?

 

 

Companies based or have a large presence within the EU are most affected. However, any organization that requests or uses Personal Identifiable information from an individual within the EU should be interested in how that data is process and stored.

 

 

Does the GDPR require EU personal data to stay within the EU?

 

 

No, the GDPR does not require data to remain in the EU. However, it does required that an organization have valid transfer mechanism in place before it leaves the EU. One of these mechanisms is having a Privacy Shield Certification.

 

 

RIVS AND GDPR COMPLIANCE

 

 

RIVS, Inc. and all of its subsidiary products (Thrive, Prep, and Interview Guide Builder) is taking the appropriate steps to be GDPR compliant by May 25th, 2018.

 

 

RIVS principles of Security and Privacy.

 

 

At RIVS we value the individual rights to privacy and security around personal identifiable information. Because of that we have implemented a set of Privacy Principles and Security Principles. These principles are what we use to make product and business decisions within our organization.

 

 

What steps is RIVS taking to ensure GDPR compliance?

 

 

  • Reviewing vendor agreements – We are reviewing all of our agreements with any vendor we use to enhance the experience of our products for our customers. If adjustments are needed we are proactively making those adjustments and signing any data protection addendums that are relevant.

 

 

  • Ability to process outside of the EU – In order to properly process data outside of the EU, RIVS has gone through the Privacy Shield Certification which can be found here – RIVS Privacy Shield Certification.

 

 

  • Making available a RIVS Data Processing Agreement – If your use of RIVS (or its subsidiary products) require the processing of personal identifiable information within the scope of GDPR you can request our DPA by contacting privacy@rivs.com.

 

 

  • Behind the scenes changes to ensure RIVS products and services are GDPR compliant – This includes updates to RIVS products and policies. We are also working with our engineering and technical support teams to ensure fast responses when our customers receive requests from data subjects for access, erasure, or rectification to their personal identifiable information. We also are implementing various policies to ensure any future product enhancements remain GDPR compliant.

 

 

What will RIVS do if a data subject (candidate or user) has a request related to their data?

 

 

All requests can be submitted to privacy@rivs.com. However, the procedure is slightly different depending on if the data subject is a user (administrator, recruiter, manager, etc. with a RIVS log in) or a candidate / student (or any individual submitting their data for the benefit of the RIVS client).

 

 

If the requestor is a user of the platform we follow our internal procedures in handling the request. We will provide updates as to the erasure, access, or rectification of the data in question.

All data requests can be emailed to privacy@rivs.com with the following information:

 

 

  1. Users First and Last Name
  2. Users Email Address
  3. Account / Company of User
  4. Summary of data request (including details on whether the user needs access or if the data needs rectification or erasure)

 

 

All requests will be responded to within a timely manner.

 

 

If the requestor is a candidate / student a RIVS support team member will reach out to the administrator of the account that is processing the data of the individual. It is up to the client to decide what steps they would like to take with the request.

 

 

What do I do if a data subject (candidate / student) has a request related to their data?

 

 

As the client you are the data controller. Meaning, it is your choice how you want to honor the request. If you would like to honor the request of the candidate / student please email privacy@rivs.com with the following information:

 

 

  1. Your First and Last Name
  2. Your Email Address
  3. Your Company Name
  4. Candidates First and Last Name
  5. Candidates Email Address
  6. Summary of data request (including details on whether the user needs access or if the data needs rectification or erasure)

 

 

Will RIVS make adjustments to the Data Processing Agreement?

 

 

Our data processing agreement has been put into place to ensure GDPR compliance for both RIVS and the signing parties of the agreement. However, if you have a concern with the agreement please email privacy@rivs.com and we will do what we can to rectify your concern.

 

 

Additional information can be found in our Privacy Policy and Terms of Service. If you have any other questions or concerns related to GDPR, data security, or data privacy please email privacy@rivs.com.