Because customers entrust RecruitBPM with important information/data, we have recognized this Policy as a means to connect our information gathering and dissemination practices. We reserve the right to change this Statement and will provide notification of the change at least thirty (30) business days prior to the change taking effect.
RecruitBPM can amass Personal Information, such as your name and other personal and non-personal information. If you procure goods and services through www.recruitbpm.com, we may demand billing and credit card information. This information is not stored.
Information about your computer hardware and software may be automatically collected by RecruitBPM. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain and the improve quality of the service, and to provide general statistics regarding use of www.recruitbpm.com.
We require customers who register to use the services (“Services”) to give us contact information, such as their name, company name, address, phone number, and e-mail address, and financial qualification and billing information, such as billing name and address, and the number of users within the organization that will be using the Services. RecruitBPM uses the information that we collect to set up Services for individuals and their organizations. Personal data is collected for legitimate business purpose and may be used for following purposes:
RecruitBPM will not disclose the collected information to third parties without the permission of the visitor.
RecruitBPM contains links to other web sites. RecruitBPM is not responsible for the privacy practices or the content of these other web sites. Customers and visitors will need to check the policy statement of these others web sites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the user to keep such information private and confidential.
This policy ensures that all types of security and data risks are detected, investigated, controlled and eliminated. It also emphasizes that actions should be taken to prevent any further hazards. And where appropriate, that notice is provided to concerning Personnel, and/or effected parties.
RecruitBPM is dedicated to protect the privacy of our users and their personal data from breaching. We implement the best practices and technologies to accommodate customer data security to achieve customer success. RecruitBPM applicant tracking system have been developed based on this core value. To protect data and user details, RecruitBPM applies following precautions.
Internal Administrative Precautions
According to RecruitBPM Acceptable Use Policy, users can not upload or submit any content or data which:
RecruitBPM designated Data Security Officers are responsible to for security initiatives and critical matters concerning data privacy and protection. The Data Protection Officers addresses all the client’s complaints and issues to keep the data save from malicious access or in case of any discrepancies. The team of security personals can be contacted by email at: firstname.lastname@example.org, or by mail at: 6216 Baker Road, Ste 150, Eden Prairie MN 55346, Attn: Data Protection Officer.
RecruitBPM Physical Security policy is established to control and prevent unauthorized physical access to company’s information and IT assets to protect them from intrusion, alteration, mishandled, distorted and/ or theft.
RecruitBPM Physical and Environmental Security Policy and Procedures
The company intend to apply formal, documented measures to support the implementation of the physical and environmental security policy and associated security controls.
RecruitBPM also determined to implement procedures to review and maintain existing physical and environmental security policy and related procedures.
The company shall approve, develop and maintain a list of personnel with authorized access to the facility where information systems are physically located.
A process will be established to review, approve, and issue credentials for authorized access.
Authority will remove the names of personnel from the access list when access is no longer required.
RecruitBPM controls entry to / exit from the data center(s) using physical access control devices and/ or security guard(s). We also maintain physical access audit logs for sensitive data facility access points.
The company shall perform annual security assessments to check illegal extrusion of data. And will also establish a process to monitor activities performed within the data facilities. The authorized staff will change passwords at defined intervals.
Only authorized access to output devices under supervision of authorized personnel, and allow access to authorized individuals only.
Only authorized access to information system output devices (e.g., printers, copiers, scanners) to block unauthorized individuals from obtaining sensitive data.
Regular review of access logs at a distinct frequency or upon security incidents.
Defined processes to authorize, monitor, and control any delivery or removal of data or physical devices.
The purpose of the Environmental Security section is to define controls to protect information assets from damage, destruction and/ or interruption due to environmental factors such as fire, humidity, water, power outage, etc.
The company places power equipment and cabling at safe places to avoid any environmental hazard or destruction.
RecruitBPM provides the capability of shutting down the power to data facility during an incident.
Emergency shutoff switches are placed within the work environment that can be safely and easily accessed by personnel during any mishap.
Physical and logical controls are installed to protect emergency shutdown capability from unauthorized access.
Uninterruptible power supply is implemented to enable shift to long-standing alternate power if primary power source is lost.
Fire detection and suppression devices are installed and maintained that are supported by a separate power source.
Fire detection system is installed that automatically notifies emergency personnel and initiates emergency responder(s) in case of fire incident.
Automatic fire suppression system will stay employed even in case of unstaffed work environment.
Automatic temperature and humidity controls are installed to prevent fluctuations which can be damaging for processing equipment.
Temperature and humidity monitoring system is employed to provides notification of temperature changes that may be harmful to employees or equipment.
Necessary measures being made to protect IT equipment from damage from water leakage.
Prior to employment
RecruitBPM ensures that employees and vendors recognize their responsibilities and roles for which they are being designated.
Background verification checks are performed on all candidates for employment to follow all the relevant laws, regulations and corporate ethics based on business requirements, the organizational criteria and the supposed risks.
Background verification involves all relevant privacy, security, protection of personally identifiable details and employment-based regulation, including:
Terms and conditions of employment
According to RecruitBPM HR policy, all the contractual agreements between organization and employees or vendors should state information security responsibilities for all including members.
The contractual agreements should suggest manifest the organization’s policies for information security in addition to following:
To validate that employees and vendors are informed of and meet their information security responsibilities.
Management should obligate all employees and vendors to apply information security in accordance with the established policies and procedures of the organization.
Management responsibilities include ensuring that employees and vendors are:
All RecruitBPM employees should get relevant awareness education and training as well as regular updates in organizational policies and procedures related to their job.
To handle any information security breach done by an employee, a formal and publicized disciplinary process is defined to take action. This disciplinary process should be carried out considering following prospects:
Process of changing or terminating employee, for the prosperity of organization’s interests.
The policy is defined to establish a process for classifying and handling RecruitBPM’s information and data assets based on the level of sensitivity and value. These procedures entail specific activities and methods that will support information asset manager to implement the management and security policy requirements in relation to asset management.
The procedure applies to all organization’s employees who access, process, or store sensitive Information or process data for any assigned task. It also enlists the Information Asset and Security classification process to be adopted and the processes involved in implementation.
Policy is established to protect the confidentiality, integrity and availability of organizational sensitive and critical assets and Information Systems. Asset classification indicates the impact on organization’s business and prestige if confidentiality or integrity is compromised.
Identification of assets and security classification is approved and authorized by the Information System Owner. And it should be done at the earliest possible occasion according to the data sensitivity.
On termination of a contract, RecruitBPM keep the sensitive and essential data saved for up to 90 days for any reconsideration. After the set period, all the sensitive data, accounts information or relevant are being eliminated from the system.
RecruitBPM has established Business Continuity/Disaster Recovery (BC/DR) policy to handle any incident of mishap or disaster such as power failure, hardware malfunction or any other tragedy.
To avoid any discontinuity in business processes, activities or deliveries, backup hardware and asset management system is maintained. In case of incident, the backup plan is initiated and the business resumes the activities in short period of time with limited performance. Meanwhile, incident related information and recovery time is conveyed to the stakeholders.
For disaster recovery, RecruitBPM’s defined plan assists to regulate, assess and recover the devices and system on emergency basis. As soon as the damage is recovered and systems are back on track, all the business activities and processes are resumed as usual.