How Clockwork Complies with the GDPR
[For a quick overview of GDPR and search, see our blog article How GDPR Will
the Executive Search.]
Does Clockwork's contract fulfill the requirements of the GDPR in relation to processors?
Yes, our standard contractual templates include new data processing provisions which include all of the things that you as a data controller require under GDPR.
Is Clockwork Recruiting a data processor?
Yes, in providing our services to clients, Clockwork Recruitment is acting as a data processor and you, as the client will be the data controller for the purposes of European data laws.
What personal data does Clockwork process as part of its service?
We process the personal data that you choose to collect and hold as part of the services.
Where is data held and access from? What protections are in place to ensure that transfers out of the EEA are adequate from an EU data protection perspective?
Data is hosted by us as part of the services in the US on Amazon Web Services (AWS) servers.
Our staff in the US may have access to data we hold in order to help administer the services and deal with requests and queries.
We are self-certified under Privacy Shield’s EU-US and Swiss-US Frameworks.
You can find Clockwork Recruiting’s registration under the Department of Commerce’s website here.
What security protections are in place over the data?
Security is at the heart of our solutions. You can view our Security Security Protocols here.
Does Clockwork use subcontractors who act as sub-processors of personal data?
Yes, we use subcontractors for assistance with engineering, data entry, research, and other functions. We assess all subcontractors we use to ensure that they commit to complying with applicable data protection laws including GDPR and have appropriate technical and organizational controls in place to protect personal data. All subcontractors are contracted with under contracts which contain the requirements of GDPR.
Does Clockwork help us fulfill our obligations in respect of data subject rights?
Yes, where Clockwork is holding personal data on your behalf, we will provide assistance in relation to any data subject rights requests in respect of that personal data under GDPR.
Our product allows the user to download contact records to comply with the portability terms as well as delete records to comply with the right to be forgotten.
Where are the physical locations where the data will be stored?
We use various AWS zones only use zones in the US, specifically us-west-*, us-east-*.
Will our data be Encrypted in Transit with TLS 1.2 or greater?
Will our data be Encrypted at Rest (storage) with AES-256, SHA-256 or greater?
Does Clockwork utilize access controls on its data centers, databases and systems?
What are the secure methods of transmission of data between Clockwork customers and Clockwork’s systems and/or personnel?
Regular user access is typically via SSL/TLS. Special cases, such as initial data migration, can use other methods, such as encrypted archives and file transfer/sharing services.
In what format or medium does Clockwork store confidential information?
Database storage is encrypted (AES-256). Password data is one-way encrypted (bcrypt).
Are backup systems storing sensitive data kept in encrypted format?
Is encryption used for all data in storage?
Yes, for most. Some items, such as profile images, are served from cloud storage without encryption.
HOW CAN I GET HELP OR MORE INFORMATION?
You can email us at GDPR@clockworkrecruiting.com for assistance or any additional information you may need.