GDPR Compliance with Inclusive
Effective September 2024
This in an informational page for Inclusive’s customers. If you are an EU resident looking for information about your privacy rights, see our Privacy Policy.
The GDPR is a law that gives people in the European Union control of their own personal data. Data privacy can be intimidating, but Inclusive offers our customers the tools to be confidently GDPR compliant.
Common Terms
Your candidates are data subjects. They have the right to decide how their personal data is used.
Your business is the controller of your candidates’ data. You have the obligation to handle their data responsibly, and to allow them to exercise their rights over it.
Inclusive is a data processor. We process personal information on your behalf as directed by your Data Processing Agreement with us.
Data Subject Rights
The GDPR grants a number of specific rights to data subjects. As a data controller, you’re responsible for ensuring your candidates can exercise their rights over their personal information. Here’s how Inclusive helps:
Candidates have the right to be notified of data collection, and to object to how their data is used.
Our data privacy tools provide custom data retention periods using activity or consent-based rules. Our customizable consent forms let you easily notify candidates of their rights and record their consent at the time of application, renew their consent, or anonymize their data when their consent lapses.
You can also easily mark a candidate as “do not contact” to prevent any future sourcing outreach across your organization.
Candidates have the right to request a copy of their information, or request that it be deleted.
We support exporting or deleting any candidate's personal information. We also allow you to anonymize data, which strips it of identifiable information without affecting the accuracy of your aggregate reporting.
Candidates have the right to special handling of sensitive demographic information.
Our diversity survey tools prevent sensitive demographic data from being combined with any other identifying information, helping you make sure it isn’t used as a part of your hiring decision.
You can find more information about these and other data subject rights under the GDPR on the European Commission’s official website.
One of your responsibilities as a data controller is to make sure your sub-processors handle your data appropriately. We offer a Data Processing Agreement on request, which includes the “standard contractual clauses” typically recommended for sub-processor agreements.
Data Transfer and Storage
Inclusive stores and processes data in the EU. To help you document that your GDPR requirements are met, we can provide a Transfer Impact Assessment on request.