Candidate data is legally protected, and working with it requires appropriate safeguards from us. Protecting candidate data is our priority, and that’s why today we’ll explain how we ensure it.
Data Processing Agreements
The security of candidate data is a key priority in the development and operation of Hero Parser. For this reason, we work exclusively with partners that meet the requirements of European data protection regulations.
We have signed appropriate Data Processing Agreements (Data Processing Addendums) with all service providers involved in delivering Hero Parser, including infrastructure providers and AI solution providers. These agreements define how data is processed, establish responsibilities, and ensure compliance with GDPR.
This means that:
- candidate data is processed only for specific, defined purposes and within a limited scope
- our partners are not allowed to use this data for their own purposes, including training AI models
- every data processor operates in accordance with security requirements applicable within the European Union
As a result, Hero Parser users can be confident that candidate data is processed in a secure, controlled, and compliant manner.nd that your candidates’ data should not be transported outside the EU.
We delete data on request
Your company decides when it wants to delete a candidate’s data from our application. You can delete the data of selected candidates or close the recruitment process and remove all sensitive information from our servers, such as candidates’ CV files, their profile photos, and all data visible in their profiles. We only keep statistics so that you know how the recruitment process went.
Our servers are located in the EU
We are aware of EU regulations that are not favorable towards sending personal data of citizens outside the European Union. We don’t do this. Our servers are and will always be located within the EU. Currently, the only location is Germany, but as the application grows, we plan additional locations in France and Poland.
We care about internal security
The connection to our server is encrypted. Administrator passwords are changed every three months. User passwords are encrypted and salted. We implement anti-brute-force protections. We conduct security audits and make backups. The security of your data is our priority.
We comply with GDPR
By adding a CV to our application, you ensure that you have obtained the candidate’s consent to process and profile their personal data. If the candidate requests an update or deletion of their data, it is your responsibility to remove the candidate from our application. If a candidate contacts us directly with a request to delete their data, we will be forced to remove them from your recruitment process. We adhere to the regulations.
In summary
Data security is one of the pillars of our operations, and we approach it with the utmost care. We do everything required by law and everything within our power to ensure that your company’s and your candidates’ data remain secure.
