Crelate’s Commitment to the GDPR

Crelate is committed to complying with the requirements of a Data Processor under the GDPR.  We are committed to providing our customers with tools and features that they can use to help achieve their own compliance as Data Controllers.

Helping our customers comply with the GDPR

Crelate already provides many features that customers can use to help them comply with the GDPR. Our existing customizable application forms, portal disclaimer, email templates, delete and reporting capabilities already support these efforts. However, we plan to provide the following additional features to help make complying with the regulations even easier:

Candidate Portal: We will expand our custom form capabilities to improve the consent gathering process. We will also make it easier to include links to your Recruitment Privacy Policy and customizable consent disclaimers of your choice.

Request Tracking: We will provide new capabilities to help you gather and manage requests from candidates (Data Subjects) to withdraw consent, make corrections, delete and provide data. This should make it easier to comply with the “Right to be forgotten” provisions of the GDPR.

Consent and Contacted Tracking: We will provide new visualizers and reports to make it easier to see who has provided consent and who has been contacted within a specific period of time.

Delete Changes: Crelate already makes it easy to delete data in bulk. We will look to enhance our delete feature to allow the deletion of personal data, while maintaining the accuracy of your reports such as time in stage.

Email Templates: We will review and enable the sending of templated emails throughout the product to better help you send necessary templates at the necessary time.

IMPORTANT NOTE: The above list is subject to change with or without notice. The features and capabilities Crelate provides to help customers be compliant will change over time as best practices and market feedback dictate. Crelate does not claim to ensure our customer’s compliance with the GDRP. It is up to each customer to determine if the tools and capabilities we provide will meet their specific compliance requirements.

What is a Data Subject?

A “data subject” is an identified or identifiable natural person.

What is a Data Collector?

A data “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

What is a Data Subject?

A “data subject” is an identified or identifiable natural person.

What is a Data Processor?

A data “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Am I a Data Controller or a Data Processor?

As an employer or agency that collects candidate information, you are a Data Controller. Crelate is a Data Processor, as we provide software that processes the data you collect on behalf of our customers. The Data Controller determines that purpose and method of processing personal data, while the Data Processor processes that data on behalf of the Data Controller.

What are my responsibilities as a Data Controller?

You should refer to your own legal professional for the specific GDPR requirements that will apply to you organization.

What data is protected under the GDPR?

As an employer or agency that collects candidate information, you are a Data Controller. Crelate is a Data Processor, as we provide software that processes the data you collect on behalf of our customers. The Data Controller determines that purpose and method of processing personal data, while the Data Processor processes that data on behalf of the Data Controller.

When does the GDPR go into effect?

The European Union (EU) GDRP goes into effect throughout the EU Member States on May 25, 2018. The United Kingdom is also committed to staying compliant with the GDPR.

Is data stored outside of the EU GDPR compliant?

GDPR requires that data must be hosted in a country with a GDPR compatible framework that the EU recognizes as having “adequate” data protection laws. “The European Commission has so far recognized Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.” 

Does Crelate participate in Privacy Shield?

Yes, Crelate has enrolled, developed compliant policies, paid the necessary fees and self-certified as committed to the US Privacy Shield Framework. Click here to view our Privacy Shield status.