Trakstar Hire and GDPR + Data Privacy - FAQ
Is Trakstar Hire compliant with GDPR?
Yes! Our team has been working hard to align with the principles of GDPR. You can read more about our full setup in this document here.
What actions should teams using Trakstar Hire take?
As a Trakstar Hire user, you are the data controller regarding GDPR. Your team should spend time researching and determining what this means for your setup. We recommend seeking your legal counsel to determine your team's rules and actions regarding GDPR.
Below is information, recommendations, and setups we've seen teams use, and ways Trakstar Hire can help you meet your own GDPR goals.
Where is Trakstar Hire data stored?
Trakstar Hire data is stored on Amazon AWS servers. These are located in the United States.
Application Consent
Your team should determine if you'd like to collect consent from candidates as a part of the application process. If so, you can add this question directly to your application forms.
You can edit your application form within each opening under the "Job Settings" tab.
We recommend using the question type of "Applicants can choose multiple options" and only leaving one option of "Yes." Make sure you also check that this is a required field:
This requires them to check "Yes" to this consent if they wish to submit their application.
If you'd like the applicants to agree to external terms of service or conditions, you can include a link in the text of the question by starting with either www. or http://www.
This URL will display as a clickable hyperlink in the application, as seen in the blue text in the screenshot below:
Your team can determine the wording of the consent to your specifications.
Deletion of candidate data
Trakstar Hire does not delete candidate data on your behalf.
We maintain all data in your account unless you request its deletion upon the termination of your account or through the deletion options inside your account.
Your team should determine your policy for the deletion of candidate data. Inside Trakstar Hire, you have options to delete candidate data:
In bulk from the candidate dashboard:
- Individually from the candidate's profile:
- You can also utilize the advanced search to find candidates by their application date, should your team want to purge candidates after a certain period:
All deletion of data is entirely permanent. Keep in mind that deleted data can not be recovered.
When you delete data from within Trakstar Hire, we only delete information available within the application.
All candidate emails received by users directly into their inbox, interview evaluation summaries, calendar invites, etc., which reside in applications outside of Trakstar Hire, will need to be manually deleted from each user who potentially interacted with the candidate.
EEOC Data Collection Considerations
Trakstar Hire has a feature for EEOC collection and management. This feature is set up to request EEOC data from candidates voluntarily. Each team can determine if they'd like to turn on this collection on an opening-by-opening basis.
Our EEOC feature is designed with United States regulations and hiring in mind. However, this feature is an option for customers regardless of location.
Should your team decide to collect this data, below is some information on how GDPR views this:
- EEOC data include race and ethnic origin information, which falls into GDPR's standards for "Sensitive Personal Data."
- GDPR provides several cases where this is allowed, specifically around employment, especially if the company also requires it to fulfill EEOC guidelines.
- The collection is allowed where "processing is necessary for carrying out the obligations and exercising specific rights of the controller or the data subject in the field of employment."
We encourage your team to review your collection practices around this data, the EEOC and GDPR guidelines precisely, and determine your policies for using this information.