Indeed’s approach to privacy and the General Data Protection Regulation (GDPR)
- How does Indeed view privacy?
- How does Indeed process user data?
- What is the GDPR?
- What is Indeed doing to comply with GDPR?
- How does Indeed manage EU personal data transfers?
- How do individuals make a personal data access request and what information will be provided in response to a valid request?
- How do individuals make a personal data deletion request and what information will be deleted in response to a valid request?
- How can individuals avail of the other rights provided under GDPR?
- How long does Indeed retain personal data?
- What security measures are adopted by Indeed?
- Does the GDPR impact my current use of Indeed Resume?
- Does Indeed comply with international privacy rules?
How does Indeed view privacy?
How does Indeed process user data?
What is the GDPR?
The GDPR is a regulation passed by the European Union (EU) that was introduced on 25 May 2018. It relates to the protection of the personal data of individuals, such as their names, email addresses, phone numbers, identification numbers etc. This regulation provides more rights and protections to individuals. It also places more obligations on businesses when it comes to transparency, security and accountability in processing personal data.
What is Indeed doing to comply with GDPR?
The GDPR has introduced stronger rights and protections for individuals as well as creating new obligations for businesses in terms of how they process individuals’ personal data. We are excited about doing what is best for our users have introduced any necessary changes to ensure full adherence to the GDPR.
Indeed also employs applicable privacy principles, and has introduced certain changes to support additional user rights and satisfy all of our obligations. Some example of those changes are set out below.
- We will continue to increase transparency and communication with our users to provide you with as clear an understanding as possible about how your personal data is processed.
- We will facilitate the right of individuals introduced by GDPR, including the rights of individuals to access and/or delete their personal data upon request.
- We will remain dedicated to the approach of “privacy by design and default” through the consistent application of the privacy principles in the GDPR, and the adoption of a privacy-friendly approach in how we build and operate our products and services.
How does Indeed manage EU personal data transfers?
Indeed helps people get jobs using a system designed and developed in the United States. So helping people get the jobs they want inevitably involves the transfer of our users’ personal data from the EU and Switzerland to the US and to other countries. Indeed uses various mandated legal mechanisms to ensure that adequate protections are applied to such personal data when it is transferred outside the EU.
Furthermore, Indeed Ireland’s transfers made according to the Privacy Shield Framework are performed based on agreements that also incorporate the protections provided for under Chapter V (and Article 28, where appropriate) of the GDPR. This incorporates EU data protection requirements to ensure adequate protection of such personal data transfers.
How do individuals make a personal data access request and what information will be provided in response to a valid request?
How do individuals make a personal data deletion request and what information will be deleted in response to a valid request?
How can individuals avail of the other rights provided under GDPR?
How long does Indeed retain personal data?
What security measures are adopted by Indeed?
Indeed takes security of user data very seriously and has devoted significant resources to that end. Indeed employs various practices with the goal of preventing unauthorized access, disclosure, destruction or accidental loss. These practices will vary depending on the nature of the data, the context of the processing, the risks involved and the technology available. Please see the following page for more information.
Indeed uses a range of security measures aimed at complying with the requirements of the GDPR (Art. 32). These include:
- adopting a risk-based approach to securing the personal data of our users;
- using selective pseudonymisation and encryption of personal data kept by Indeed;
- designing systems with the goal of enabling Indeed to protect the (i) confidentiality, (ii) integrity, (iii) availability and (iv) resilience of Indeed's processing systems and services;
- using systems and processes designed to give Indeed the ability to restore the availability and access to personal data kept by indeed in a timely manner in the event of a physical or technical incident;
- regularly testing, assessing and evaluating the effectiveness of Indeed's security measures.
Does the GDPR impact my current use of Indeed Resume?
Resumes set to ‘public’ will continue to be available in their current capacity as outlined in our terms. Indeed have made any necessary changes, as detailed above, to ensure lawful processing in compliance with GDPR and the rights of our users.
Does Indeed comply with international privacy rules?