We worked with our engineering, product, technology, privacy and legal teams so our product complies with the GDPR and CCPA and will continue to do so on an ongoing basis:
- Our security measures have been reviewed and strengthened.
- Our physical infrastructure is hosted on Amazon’s secure data centers that have been accredited under: SOX, ISO 27001and SOC 1/SSAE 16/ISAE 3402. Detailed information is available at https://aws.amazon.com/security, including information on Physical Security, Power and Climate/Temperature Control.
- Our application is protected from external attacks by Firewalls that are configured for minimal privileges. The servers behind the Firewall are placed within Security Groups that have been also been configured with minimal privileges and for only the necessary ports.
- All information passed between a user’s web browser and our servers is encrypted using strong SSL security.
- All data backups are encrypted and stored and replicated securely within the AWS ecosystem.
- TalentQuest conducts an annual Penetration Test on the application using a 3rd party vendor who tests the application for any security vulnerabilities. The Application Penetration Test includes all the items in the OWASP Top 10 and more.
- A data inventory process was conducted to identify data that should be processed per GDPR and CCPA requirements.
- TalentQuest has self-certified under the EU-Privacy Shield frameworks to comply with data protection requirements when transferring personal data to the US. Since Privacy Shield is no longer considered to be a valid data transfer mechanism by the EU courts, we will be processing data under standard contractual clauses.
- Contractual terms are in place where TalentQuest acts as a data processor for our customers while complying with GDPR and as a service provider for CCPA.
- Processes and procedures have been implemented, including training, to ensure our on-going compliance with GDPR and CCPA.
- Our list of sub-processors has been made available on our website at https://www.talentquest.com/sub-processors.
We will continue to monitor the guidance around GDPR, CCPA and other privacy laws to align our product and processes to the requirements.