Candidate personal data is never exposed within the Convert and Connect platforms.
β
All candidate data is stored in an encrypted-at-rest database. Transfers to and from the database are encrypted and use the TLS 1.3 standard. Secret keys are rotated automatically every 90 days using a Key Management System.
Files are encrypted before being uploaded to a cloud-based object storage service (client-side encryption). Server-side encryption is also implemented to enforce an end-to-end encryption.
βCandidate data and files are stored in servers within the EU (Sweden and Ireland).
Notifications are sent using the GDPR-compliant services Twilio and Sendgrid which run their servers on the US.
The retention time of candidate data and files should be clearly defined and configured during the setup of Convert. This allows Convert to comply with different requirements regarding data retention policies. Once the retention time has passed, all data and files are removed from Convert's encrypted database and object storage service.
Candidates are only allowed to create a job application when they accept both the Privacy Policy and the Terms of Service referenced and accessible in the registration form. They should be defined during the setup of Convert.