- Introduction
This Data Access Policy outlines the principles, procedures, and guidelines governing access to client data collected through website forms, including job application data, resume upload data, contact form inquiries, and job alert data. It is designed to ensure that client data is accessed, processed, and stored in a manner that maintains confidentiality, integrity, and availability.
- Scope
This policy applies to all employees, contractors, vendors, and third-party entities with access to or are responsible for handling client data stored in website forms. These include:
- Job Application forms
- Resume Upload Forms
- Contact Inquiry Forms
- Any custom form for data collection
- Jobs by Email Notifications.
- Definitions
Client Data: Personal and non-personal information submitted by users through website forms and other data capture points.
Data Controller: The entity decides how client data is processed and used.
Data Processor: The entity processing data on behalf of the data controller.
Authorized Personnel: Individuals with explicit permission to access specific client data.
- Principles
4.1. Legitimate Purpose
Access to client data must be strictly limited to authorized personnel and used only for legitimate business purposes. These purposes must align with the consent provided by the client, legal obligations, or a legitimate interest as defined by applicable law.
4.2. Least Privilege
Access rights will be granted on a need-to-know basis, consistent with the least privilege principle. Only those individuals whose job responsibilities require access to specific client data will be given such access.
4.3. Transparency and Consent
Clients will be informed of the data collection, processing, and storage practices. Clear and accessible privacy notices are provided, and explicit consent must be obtained where required.
- Access Controls and Procedures
5.1. User Authentication
All users with access to client data must undergo strong authentication processes, including multi-factor authentication, where appropriate.
5.2. Role-Based Access Control (RBAC)
Access to client data will be controlled through RBAC, ensuring that employees have access only to the information necessary for their roles.
5.3. Audit and Monitoring
Regular audits and continuous monitoring have been implemented to detect unauthorized access or anomalous activity.
5.4. Third-Party Access
Any third party accessing client data must adhere to this policy and enter into binding agreements outlining their responsibilities for protecting client data. Client consent is sought before any third-party access is granted.
5.5. Data Encryption
Client data is encrypted during transmission and at rest, utilizing industry-standard encryption methods.
5.6. Data Retention
Data is retained only for as long as necessary (currently 60 days according to our Data Retention Policy) for the defined purpose and in compliance with applicable legal requirements. Jobs by email opt-in data is excluded from this policy as it is self-managed by the user and is required to power the job alert functionality for as long as the user wishes to receive alerts. Data is removed on request for these user types.
- Breach Notification
In case of a breach or unauthorized access to client data, immediate action will be taken to contain the breach, and legal obligations must be made to make appropriate notifications following our data breach policy.
- Training and Awareness
All personnel with access to client data undergo regular training on this policy and related data protection practices.
- Compliance and Penalties
Failure to comply with this policy may result in disciplinary action, including termination of employment or contractual relationships.
- Review and Updates
This policy is reviewed every six months and updated to reflect legal requirements, technology, and business operations changes.