What is GDPR?
The General Data Protection Regulation (GDPR) is a EU Regulation, related to protection of personal data that took effect on the 25th of May 2018. The goal of GDPR is to protect the rights of EU citizens within data privacy and to ensure transparency, security, and accountability by data controllers and data processors. Simply speaking, it will give EU citizens the right to know what, why, where, and when their data is being processed. GDPR has expanded on the eight principles of the already existing EU Data Protection Directive:
- Obtain and process information fairly.
- The data must be kept for a specified, lawful purpose.
- The data should be used and disclosed only for the specified purpose.
- The data must be kept safe and secure.
- The data must be up to date, accurate and complete.
- The data must be relevant, adequate but not excessive.
- The date must be retained for no longer than is necessary.
- A copy of the data must be made available to the data subject, on request.
How Alva Labs protects and processes our users’ data:
At Alva Labs, we take data privacy very seriously. Below you will find a brief summary of how we process and protect your data as an Alva Labs user and how you can control it at all times.
- Alva Labs assess your abilities and suitabilities for a specific position within an organization you are applying for
- Candidates and/or employees submit data to the Alva platform, usually in the form of contact information, ability and suitability information, device information, information about job position and demographic information.
- The user can at any time restrict the data processing and revoke access to their data
- To be able to give both the user and the companies that use Alva as much value as possible from our services, Alva conducts analyses of aggregated segments of our data set in order to find valuable insights. These analyses are all done on anonymized data, not on personal identifiable information, as we are interested in finding broad and statistical trends and not detailed tendencies on an individual level. One finding from such analyses could, for example, be; “In fast-growing companies in industry X, we see that candidates with personality traits Y are more likely to be happy and stay longer in role Z.”
- Alva will never keep any personal data longer than necessary. The retention period will never extend 24 months
- Our application data is hosted and protected by Google Cloud Platform, and is stored on their servers in Belgium. Alva has a data processor agreement with Google Cloud Platform and it contains the european standard contract clauses.
Security measures to keep our platform safe
Our customers’ security and integrity is very important to us and something we take seriously. Our systems are designed with Privacy by design and Privacy by default in mind. Access to sensitive data is restricted by strong authentication both internally at Alva Labs and externally. When transferring and storing data we always use recommended end-to-end encryption protocols and algorithms. We continuously run tests to ensure that unauthorized access to sensitive data cannot occur.
If you have any further questions regarding how we process personal data, please contact our Data Protection Officer Daniel Sällberg at firstname.lastname@example.org.