Privacy | RecruitBPM Applicant Tracking System

Because customers entrust Recruit BPM with important information/data, we have recognized this Policy as a means to connect our information gathering and dissemination practices. We reserve the right to change this Statement and will provide notification of the change at least thirty (30) business days prior to the change taking effect.

Recruit BPM can amass Personal Information, such as your name and other personal and non-personal information. If you procure goods and services through www.recruitbpm.com, we may demand billing and credit card information. This information is not stored.

Information about your computer hardware and software may be automatically collected by Recruit BPM. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain and the improve quality of the service, and to provide general statistics regarding use of www.recruitbpm.com.

We require customers who register to use the services (“Services”) to give us contact information, such as their name, company name, address, phone number, and e-mail address, and financial qualification and billing information, such as billing name and address, and the number of users within the organization that will be using the Services. Bullhorn uses the information that we collect to set up Services for individuals and their organizations. We may also use the information to contact customers to further discuss customer interest in our company, the Services that we provide, and to send information regarding our company or partners, such as promotions and events.

Customer email addresses and any personal customer information will not be distributed or shared with any third parties. We may also email information regarding updates to the Service. Except as we explicitly state at the time we request information, or as provided for in the Recruit BPM Terms of Use, we do not disclose to any third-party the information provided. All financial and billing information that we collect through the Site is used solely to check the qualifications of prospective customers and to bill for Services. Billing information is not used by Recruit BPM for marketing or promotional purposes. Recruit BPM uses a third-party intermediary to manage the credit card processing. This intermediary is solely a link in the distribution chain, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing. Other third parties, such as content providers, may provide content on the Web Site but they are not permitted to collect any information nor does Recruit BPM share any user information with these parties. Customers will be using the service to host data and information (“Data”). Individual records may at times be viewed or accessed only for the purpose of resolving a problem, support issue, or suspected violation of the Terms of Use, or as may be required by law.

Recruit BPM will not disclose the collected information to third parties without the permission of the visitor. We may also track and analyze non-identifying and aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Recruit BPM contains links to other web sites. Recruit BPM is not responsible for the privacy practices or the content of these other web sites. Customers and visitors will need to check the policy statement of these others web sites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the user to keep such information private and confidential.

Risk Management Policy

This policy ensures that all types of security and data risks are detected, investigated, controlled and eliminated. It also emphasizes that actions should be taken to prevent any further hazards.  And where appropriate, that notice is provided to concerning Personnel, and/or effected parties.

Security Policy

RecruitBPM is dedicated to protect the privacy of our users and their personal data from breaching. We implement the best practices and technologies to accommodate customer data security to achieve customer success. RecruitBPM applicant tracking system have been developed based on this core value. To protect data and user details, RecruitBPM applies following precautions.

Internal Administrative Precautions

Technical Safeguards

Acceptable Use Policy

According to RecruitBPM Acceptable Use Policy, users can not upload or submit any content or data which:

Organizational Security

RecruitBPM designated Data Security Officers are responsible to for security initiatives and critical matters concerning data privacy and protection. The Data Protection Officers addresses all the client’s complaints and issues to keep the data save from malicious access or in case of any discrepancies. The team of security personals can be contacted by email at: aahmad@recruitbpm.com, or by mail at: 6216 Baker Road, Ste 150, Eden Prairie MN 55346, Attn: Data Protection Officer.

Any questions or complaints concerning RecruitBPM’s Privacy Policy or handling of personal data can be directed to: support@recruitbpm.com

Physical Access and Security

Purpose

RecruitBPM Physical Security policy is established to control and prevent unauthorized physical access to company’s information and IT assets to protect them from intrusion, alteration, mishandled, distorted and/ or theft.

Policy

RecruitBPM Physical and Environmental Security Policy and Procedures

The company intend to apply formal, documented measures to support the implementation of the physical and environmental security policy and associated security controls.

RecruitBPM also determined to implement procedures to review and maintain existing physical and environmental security policy and related procedures.

The company shall approve, develop and maintain a list of personnel with authorized access to the facility where information systems are physically located.

A process will be established to review, approve, and issue credentials for authorized access.

Authority will remove the names of personnel from the access list when access is no longer required.

RecruitBPM controls entry to / exit from the data center(s) using physical access control devices and/ or security guard(s). We also maintain physical access audit logs for sensitive data facility access points.

The company shall perform annual security assessments to check illegal extrusion of data. And will also establish a process to monitor activities performed within the data facilities. The authorized staff will change passwords at defined intervals.

Only authorized access to output devices under supervision of authorized personnel, and allow access to authorized individuals only.

Only authorized access to information system output devices (e.g., printers, copiers, scanners) to block unauthorized individuals from obtaining sensitive data.

Regular review of access logs at a distinct frequency or upon security incidents.

Defined processes to authorize, monitor, and control any delivery or removal of data or physical devices.

Environmental Security

Purpose

The purpose of the Environmental Security section is to define controls to protect information assets from damage, destruction and/ or interruption due to environmental factors such as fire, humidity, water, power outage, etc.

Policy

The company places power equipment and cabling at safe places to avoid any environmental hazard or destruction.

RecruitBPM provides the capability of shutting down the power to data facility during an incident.

Emergency shutoff switches are placed within the work environment that can be safely and easily accessed by personnel during any mishap.

Physical and logical controls are installed to protect emergency shutdown capability from unauthorized access.

Uninterruptible power supply is implemented to enable shift to long-standing alternate power if primary power source is lost.

Fire detection and suppression devices are installed and maintained that are supported by a separate power source.

Fire detection system is installed that automatically notifies emergency personnel and initiates emergency responder(s) in case of fire incident.

Automatic fire suppression system will stay employed even in case of unstaffed work environment.

Automatic temperature and humidity controls are installed to prevent fluctuations which can be damaging for processing equipment.

Temperature and humidity monitoring system is employed to provides notification of temperature changes that may be harmful to employees or equipment.

Necessary measures being made to protect IT equipment from damage from water leakage.

Human resource security

Prior to employment

RecruitBPM ensures that employees and vendors recognize their responsibilities and roles for which they are being designated.

Background verification checks are performed on all candidates for employment to follow all the relevant laws, regulations and corporate ethics based on business requirements, the organizational criteria and the supposed risks.

Background verification involves all relevant privacy, security, protection of personally identifiable details and employment-based regulation, including:

Terms and conditions of employment

According to RecruitBPM HR policy, all the contractual agreements between organization and employees or vendors should state information security responsibilities for all including members.

The contractual agreements should suggest manifest the organization’s policies for information security in addition to following:

During employment

To validate that employees and vendors are informed of and meet their information security responsibilities.

Management should obligate all employees and vendors to apply information security in accordance with the established policies and procedures of the organization.

Management responsibilities include ensuring that employees and vendors are:

  1.      Accurately informed about their information security roles and responsibilities in advance of accessing confidential information.
  2.      Provided with rules and regulations of information security  and expectations of their role within the organization.
  3.      Should be aware of the information security standards and tasks relevant to their roles within the organization.
  4.      Conform to the terms and conditions of employment, including organization’s appropriate work processes and information security policy.
  5.      Must have appropriate skills and qualifications/education to fulfill tasks on a regular basis.
  6.      Provided with an anonymous reporting platform to report violations of information security.

Information security awareness, education and training

All RecruitBPM employees should get relevant awareness education and training as well as regular updates in organizational policies and procedures related to their job.

Disciplinary process

To handle any information security breach done by an employee, a formal and publicized disciplinary process is defined to take action. This disciplinary process should be carried out considering following prospects:

Termination and change of employment

Process of changing or terminating employee, for the prosperity of organization’s interests.  

Termination or change of employment responsibilities

Asset Management Policy

The policy is defined to establish a process for classifying and handling RecruitBPM’s information and data assets based on the level of sensitivity and value. These procedures entail specific activities and methods that will support information asset manager to implement the management and security policy requirements in relation to asset management.

The procedure applies to all organization’s employees who access, process, or store sensitive Information or process data for any assigned task. It also enlists the Information Asset and Security classification process to be adopted and the processes involved in implementation.

Policy is established to protect the confidentiality, integrity and availability of organizational sensitive and critical assets and Information Systems. Asset classification indicates the impact on organization’s business and prestige if confidentiality or integrity is compromised.

RecruitBPM complies with information privacy and security regulations under standard privacy policy and legislation. Consequently, the conduct and handling of personal Information and confidential data will be considered restricted information pending completion of a privacy assessment.

Identification of assets and security classification is approved and authorized by the Information System Owner. And it should be done at the earliest possible occasion according to the data sensitivity.

On termination of a contract, RecruitBPM keep the sensitive and essential data saved for up to 90 days for any reconsideration. After the set period, all the sensitive data, accounts information or relevant are being eliminated from the system.  

Business Continuity/Disaster Recovery (BC/DR) program

RecruitBPM has established Business Continuity/Disaster Recovery (BC/DR) policy to handle any incident of mishap or disaster such as power failure, hardware malfunction or any other tragedy.

To avoid any discontinuity in business processes, activities or deliveries, backup hardware and asset management system is maintained. In case of incident, the backup plan is initiated and the business resumes the activities in short period of time with limited performance. Meanwhile, incident related information and recovery time is conveyed to the stakeholders.

For disaster recovery, RecruitBPM’s defined plan assists to regulate, assess and recover the devices and system on emergency basis. As soon as the damage is recovered and systems are back on track, all the business activities and processes are resumed as usual.

For further inquiries, important information and upcoming updates, contact us at sales@recruitbpm.com