GDPR FAQs
Frequently asked questions (FAQs)
When a candidate begins an assessment session initiated by an Testlify client, we store the following information of the candidate on behalf of our client:
- Email address
- Name
- Optional at the client’s discretion: Phone number, The last school attended, academic degree, major, programming experience, resume, and a link to social profiles (GitHub, LinkedIn, etc).
- Metadata collected for proctoring: IP Address, Webcam snapshots, Browser usage data and Session recording data. Some of these data points are optional and collected at client’s discretion.
If the recruiter uses an Testlify account for inviting candidates to assessments, we store the following information:
- Name
- Email address
- Phone number (Optional)
Any Testlify client that administers the assessment owns the data of all candidates that took the assessment. The responsibility of updating and deleting all candidate data when requested by a candidate lies with the client. Testlify provides our clients with necessary support (customer support/ product features) to carry out any such requests however the company wants to.
To comply with GDPR, companies using Testlify will need to state how long they will be keeping candidate data in their systems. By default, we retain candidate data until they deactivate their account, after which we promptly delete it. According to GDPR, data should only be kept for a ‘reasonable amount of time.’ Our best practice advice is to review your recruitment processes to determine an appropriate retention period. Many companies are opting for a 12 or 24-month time frame after reviewing their recruiting practices.
With Testlify, automating this data retention process is easy.
You can contact us at [email protected] to set your data retention time frame in months.
We will automatically delete candidate data that exceeds the retention period while preserving anonymous information for reporting.
PS: While we’ve consulted legal professionals on GDPR compliance, Testlify is not a legal firm; the information provided is only general advice. Companies should seek independent legal counsel for their specific data protection and security requirements.
- Clients that administer the assessment.
- Candidate through requests to Client.
- Testlify internal team only when a support request is raised by the Client and data access is necessary to support such request.
Yes, we are GDPR compliant and we host our data on AWS Ireland region in Europe.
All users of a client account with roles – Candidates Admin, Tests Admin, Super Admin have access to candidate reports.
For enterprise users with specific contracts, they can delete the candidate entry using ‘delete’ action in candidates’ view. Furthermore, you can email us at [email protected] with the list of candidates’ data to be deleted. You can also contact your Testlify Customer Success Manager for such requests.
Testlify maintains logs of all actions that are state changing as well as unpermissioned actions for troubleshooting and security. Super Admins of a client account can view the audit logs from their dashboard. Any further processing requests of audit logs should be routed through [email protected] or your Testlify Customer Success Manager.
No.
For editing a candidate’s data, please contact us at [email protected] with details about the request.
To comply with GDPR, companies using Testlify will need to state how long they will be keeping candidate data in their systems. By default, we retain candidate data until they deactivate their account, after which we promptly delete it. According to GDPR, data should only be kept for a ‘reasonable amount of time.’ Our best practice advice is to review your recruitment processes to determine an appropriate retention period. Many companies are opting for a 12 or 24-month time frame after reviewing their recruiting practices.
With Testlify, automating this data retention process is easy.
You can contact us at [email protected] to set your data retention time frame in months.
We will automatically delete candidate data that exceeds the retention period while preserving anonymous information for reporting.
PS: While we’ve consulted legal professionals on GDPR compliance, Testlify is not a legal firm; the information provided is only general advice. Companies should seek independent legal counsel for their specific data protection and security requirements.
