Our commitment to protecting your data rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This GDPR Compliance page was last updated on March 15, 2024
Path2Hire is committed to compliance with GDPR and other data protection regulations.
Understanding the General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in the European Union on May 25, 2018. It strengthens the rights of individuals regarding their personal data and imposes strict obligations on organizations that process this data.
Although Path2Hire is based in India, we recognize the importance of data protection and extend GDPR principles to all our users worldwide. We are committed to protecting your personal data and ensuring your privacy rights are respected.
Our commitment to GDPR's core principles
We process personal data lawfully, fairly, and transparently. You'll always know what data we collect and why.
We collect data for specified, explicit, and legitimate purposes and don't process it incompatibly with those purposes.
We only collect data that is adequate, relevant, and limited to what's necessary for our purposes.
We keep personal data accurate and up to date. You can request corrections at any time.
We keep personal data only as long as necessary for the purposes for which it was collected.
We process personal data securely, protecting against unauthorized or unlawful processing, loss, destruction, or damage.
We take responsibility for complying with GDPR principles and can demonstrate our compliance through appropriate records and measures.
The rights you have over your personal data
Request confirmation and access to your personal data
Request correction of inaccurate personal data
Request deletion of your personal data ("right to be forgotten")
Request restriction of processing under certain conditions
Receive your data in a structured, commonly used format
Object to processing based on legitimate interests or direct marketing
To exercise any of these rights, please contact our Data Protection Officer using the information provided in the "Contact DPO" section below. We will respond to your request within 30 days, though this may be extended by two months for complex requests.
How we legally process your personal data
You've given clear consent for specific purposes
Processing is necessary for a contract with you
Processing is necessary for legal compliance
Consent is obtained through clear affirmative action. You have genuine choice and control.
We specify why we need the data and what we'll do with it. No pre-ticked boxes or implied consent.
You can withdraw consent at any time, as easily as you gave it. Withdrawal doesn't affect lawfulness of prior processing.
How we protect your data across borders
India-based servers
Our primary data storage and processing occurs on servers located in India. We choose service providers with strong data protection commitments.
For international transfers
When data must be transferred internationally, we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
We use carefully selected third-party service providers (data processors) who may process your data on our behalf. All such processors are bound by strict data processing agreements that require them to:
How we protect your personal data
Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Role-based access, multi-factor authentication, and audit logs
Firewalls, intrusion detection, and DDoS protection
Regular GDPR and data protection training for all employees
Comprehensive data protection policies and incident response plans
Regular security assessments and vulnerability testing
We regularly review and update our security measures to address evolving threats and maintain compliance with changing regulations.
Our response to personal data breaches
Immediate investigation and containment measures to prevent further unauthorized access or data loss.
Assessment of the breach's nature, scope, affected individuals, and potential risks.
Where required by law, notification to supervisory authorities within 72 hours and affected individuals without undue delay.
Implementation of corrective measures and review of security practices to prevent recurrence.
In the event of a data breach affecting your personal data, we will notify you (where required by law) and provide information about:
Additional resources for your reference
Path2Hire is committed to maintaining the highest standards of data protection and privacy. We regularly review and update our practices to ensure ongoing compliance with GDPR and other applicable data protection laws.
Last Updated: March 15, 2024 | Version: 1.0 | Next Review: September 15, 2024