GDPR Compliance
Our commitment to data protection and privacy under EU regulations
Last updated: April 12, 2025
This page outlines how we comply with the General Data Protection Regulation (GDPR) and protect your personal data when using our services.
Data Protection Principles
We adhere to the core GDPR principles of lawfulness, fairness, and transparency. Personal data is collected only for specified, explicit, and legitimate purposes, and we ensure data minimization, accuracy, storage limitation, and integrity and confidentiality.
Under GDPR, 'personal data' means any information relating to an identified or identifiable natural person. We act as both a data controller and data processor depending on the context, and we implement appropriate measures for each role.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including pseudonymization and encryption of personal data, and regular testing of security measures.
Our Approach
We have integrated data protection into our business practices through data protection by design and by default, ensuring that privacy considerations are built into all our products and services from the ground up.
Data Subject Rights
You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, where that is the case, access to the personal data and information about how it is being processed.
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.
Also known as the 'right to be forgotten', you have the right to request the deletion of your personal data without undue delay, and we have the obligation to erase such data under certain circumstances.
You also have rights to restrict processing, data portability, object to processing, and not be subject to automated decision-making, including profiling, which produces legal or similarly significant effects.
Exercising Your Rights
To exercise any of these rights, please contact our Data Protection Officer at privacy@hirefy.ai. We will respond to your request within one month, as required by GDPR.
Compliance Measures
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to identify and minimize data protection risks before implementing new systems or processes.
We have established data retention policies that limit the storage of personal data to what is necessary for the purposes for which it is processed, in accordance with GDPR requirements.
We regularly monitor our compliance with GDPR through internal audits, staff training, and staying up-to-date with regulatory guidance and industry best practices.
We have established procedures to detect, report, and investigate personal data breaches, including notification to authorities and affected individuals when required by law.
Continuous Improvement
We are committed to continuously improving our data protection practices and will regularly review and update our policies and procedures to ensure ongoing compliance with GDPR.
International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to provide an adequate level of data protection.
We use EU-approved mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or other legally valid transfer mechanisms to ensure compliant international data transfers.
We ensure that all third-party data processors we engage with who may process data outside the EEA comply with GDPR requirements through appropriate contractual provisions and data processing agreements.
Data Transfer Impact Assessments
We conduct regular assessments of our international data transfer activities to ensure they meet the requirements set forth by European data protection authorities.
Questions About Our GDPR Compliance?
If you have any questions about how we handle your data or our GDPR compliance measures, we're here to help.