RAMP & GDPR

Our non-legalease guide to what we're doing to protect your data and maintain your rights under GDPR.

RAMP & GDPR

As you probably know there is new EU legislation, called the General Data Protection Regulation, coming into place on May 25th 2018.

This new regulation has been designed to give people more control of their personal information. As such, we want to let you know exactly what information we store about you, what we do with it and crucially, how you can get access to it.

What is GDPR?

The EU General Data Protection Regulation (GDPR) replaces the existing privacy regulations and was designed to align data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.

What does that mean for RAMP – powered by TheJobPost?

The UK’s independent regulatory body for data protection and privacy, the Information Commissioner’s Office (ICO), outlines the main responsibilities for organisations, including RAMP, under GDPR – requiring that personal data must be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Is RAMP GDPR compliant?

Based on our self-assessment and that of external counsel, we are fully compliant as of the 25th May 2018.

What have you done specifically?

Setup internal privacy processes

Includes documenting our processing procedures and understanding what processes we need to implement at a company level to comply with GDPR – e.g. privacy by design, additional data handling training.

Conduct extensive GDPR research

Documented exactly what information we capture, assess what is essential for us deliver our service to users,  audit our vendors and understand what product updates were required to meet GDPR.

Update Terms of Service

They now include updated rules, inline with GDPR, which you must agree to follow in order to use RAMP.

Update Privacy Statement

They now include information, which outlines what exactly we do with your data and why we do it. Read them here.

Implement product updates to support GDPR

Includes minimising the amount of personal information we store, process and share with vendors to provide you with the service. We’ve also updated your account handling capabilities in order for you to exercise your subject access rights.

Communicate changes to users

That’s what this document and the emails we’ve sent you are all about.

Where can I get more information about GDPR?

If you’re in need of more information, we recommend to ICO’s guide on GDPR, which is a great resource designed to help you understand GDPR better – note clicking on them will take you to an external website:

What information are you storing?

We collect the following information about you:

  • Information that you provide to us when registering with us (Identity Data, Contact Data, Financial Dataand Profile Data).
  • Information that relates to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our products and services (Transaction Data).
  • Information about your device and your visits to, and use of this website. This includes: your location; IP address; browser; operating system; referral source; length of visit; individual page views; site navigation (Usage Data).
  • Information that you provide when subscribing to our email notifications/newsletters (Marketing and Communications Data).
  • Any additional information that you knowingly and freely send to us e.g. surveys for research purposes

We will inform you at the point of collecting information from you, whether you are required to provide the information to Us and why we are collecting this information.

We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Where is our data stored?

The personal data we collect from you and process as a result of you using our Services is not transferred or stored in any destination outside of the European Economic Area (“EEA”) except for Drift – used for Live Chat. It is also not processed by any staff outside of the EEA. If this should change, we will update this privacy policy at the earliest convenience.

Drift, has been selected based on the fact that they are self-certified under the EU-US Privacy Shield – one approach under which personal data of EU citizens is allowed to be transferred to the US as it guarantees the required standards for safe transfer and storage are met.

How are you storing it?

We encrypt all your data and our website and storage processes are all architected for security.

Can I access or delete all my data at any time?

Yes, we can provide you with all your data and delete everything if you request it. This also includes any data held by our 3rd party providers.

Who can I contact about my data at RAMP?

All team members are responsible for data protection here. You can reach us at admin@thejobpost.co.uk.

Where can I read your Privacy Policy?

You can read it here.

 

Get started

Book a demo with our team to learn more about RAMP