GDPR Questions Answered
This article will answer many questions that are asked about how General Data Protection Regulation (GDPR) will affect Clockwork Recruiting on our online Executive Recruiting platform. For more information on how GDPR will impact executive search generally, read this article.
Is Clockwork Recruiting a data processor?
Yes, in providing our services to clients, Clockwork Recruiting is acting as a data processor and you, as our customer, are the data controller for the purposes of European data laws.
What personal data does Clockwork process as part of its service?
We process the personal data that you choose to collect and hold as part of the services.
Where is data held and accessed from? What protections are in place to ensure that data transfers out of the EEA are adequate from an EU data protection perspective?
Data is hosted by us as part of the services in the US on Amazon Web Services (AWS) servers.
Our staff in the US may have access to data we hold in order to help administer the services and deal with requests and queries.
We are self-certified under Privacy Shield’s EU-US and Swiss-US Frameworks.
You can find Clockwork Recruiting’s registration under the Department of Commerce’s website here.
What security protections are in place over the data?
Security is at the heart of our solutions. You can view our Security Protocols here.
Does Clockwork use subcontractors who act as sub-processors of personal data?
Yes, we use subcontractors for assistance with engineering, data entry, research, and other functions. We assess all subcontractors to ensure that they commit to complying with applicable data protection laws including GDPR and have appropriate technical and organizational controls in place to protect personal data. All subcontractors are contracted with under contracts which contain the requirements of GDPR.
Does Clockwork help us fulfill our obligations in respect of data subject rights?
Yes, where Clockwork is holding personal data on your behalf, we will provide assistance in relation to any data subject rights requests in respect of that personal data under GDPR.
Our product allows the user to download contact records to comply with the portability terms as well as delete records to comply with the right to be forgotten.
Where are the physical locations where the data will be stored?
We use various AWS zones only use zones in the US, specifically us-west-*, us-east-*.
Will our data be Encrypted in Transit with TLS 1.2 or greater?
Will our data be Encrypted at Rest (storage) with AES-256, SHA-256 or greater?
Does Clockwork utilize access controls on its data centers, databases, and systems?
What are the secure methods of transmission of data between Clockwork customers and Clockwork’s systems and/or personnel?
Regular user access is typically via SSL/TLS. Special cases, such as initial data migration, can use other methods, such as encrypted archives and file transfer/sharing services.
In what format or medium does Clockwork store confidential information?
Database storage is encrypted (AES-256). Password data is one-way encrypted (bcrypt).
Are backup systems storing sensitive data kept in an encrypted format?
Is encryption used for all data in storage?
Yes, for most. Some items, such as profile images, are served from cloud storage without encryption.
How can I get help or more information?
You can email us at GDPR@clockworkrecruiting.com for assistance or for any additional information you may need.