DATA PROTECTION AND GDPR COMPLIANCE OF PITCHYOU

Applications must be well thought out in terms of data protection law. Especially if external messenger tools are to be used. The applicant's personal data enjoys a high level of protection. Your company can rely 100% on us as a service provider. Here we have summarised all the measures we take to handle personal data responsibly.

If you have any queries, please contact our external data protection officer Ms Joelle Hirsch of LGD Datenschutz GmbH, Rogätzer Straße 8, D-39106 Magdeburg, Tel.: +49 (0) 391 55686325, e-mail: j.hirsch@lgd-data.de.

Download the official statement on GDPR compliance.

1. Application Process

With PitchYou you offer your applicants the easy way to interview and apply via WhatsApp messenger.

The entry point for the applicant is always the same via a job ad. An interested person sees your job ad and clicks on the Apply button or scans the job QR code with their mobile phone to start the application.

Application via WhatsApp

Full control for the applicant

The applicant always remains in control of the dialogue with the PitchYou bot. After calling up the application interview on a mobile phone, the WhatsApp application starts automatically. Candidates start the WhatsApp dialogue by sending a start message, which is conveniently pre-filled after opening WhatsApp.

The opening of the dialogue by sending the message must be carried out by the candidate.

During the interview, the applicant has the option of cancelling the dialogue at any time. A simple /stop command is sufficient. All data collected so far will be deleted.

If the applicant does not continue the interview, we assume 24 hours after the last message that the interview has been stopped. Even then, the data will be deleted automatically.

How are applicants informed about data protection?

At the beginning of the interview, the applicant receives a message:

We process your personal data electronically to process the application. Our terms of use and our privacy policy apply to the use of our service. You can find the provider identification in our imprint.

As a data protection statement and imprint, we link to your existing pages or documents that you also use otherwise for applications (e.g. on your career page). This way, you do not have to reinvent the wheel and the texts approved by the legal department or a data protection lawyer are used.

If desired, explicit consent can also be obtained from the applicant:

Please consent to the privacy policy and the use of WhatsApp to conduct the application process (More information).

I consent (yes/no).

If this question is not confirmed with "yes", the interview will be terminated.

How is it prevented that persons younger than 16 years apply via WhatsApp?

After entering the applicant's date of birth, their age is calculated and checked. If the applicant is under 16, the interview will be cancelled and deleted.

2.Recruiting process

After completing an application, it lands in your company's PitchYou recruiting application. The application runs entirely in the web browser. No software needs to be installed. Access to the application is encrypted via https protocol and protected by login (user name and password). password). The applicants and their interviews can only be viewed by authorised users.

No profiling - full control for the recruiter

PitchYou qualifies each applicant based on the criteria you have previously set and makes a matching assessment (0% - 100%). Important: No profiling is carried out. This means that the matching percentage is an indication for the recruiter. No automated decisions (rejection or acceptance) are made on the basis of the matching. The decision as to whether an applicant is interesting or not remains with the recruiter.

Internal disclosure of data

Of course, you can share applicant data within your company. You can export your applicants' data via PDF or share it directly in the system.

We recommend you use the share functionality. This ensures that the data remains within the PitchYou system. The recipient receives an email with a link to the application in PitchYou. He will also receive a PIN. Only with this PIN can they view the application (and only this application).

This saves you from having to distribute applications by e-mail within your company, which is often impossible to get to grips with from a GDPR point of view.

Deleting data

The deletion of applications in PitchYou takes place in several stages.

Stage 1: Cancellation Area

An area for rejections is available to you. You can move applications for your own overview to this area by selecting "Rejections" in the applicant profile. The system won't send an automated message with a cancelation to the applicant.

Stage 2: Delete

From the Reject section you can delete applications permanently. 

What happens after final deletion?

The application is no longer visible to recruiters. But we do not delete you from the database yet. I.e. technically PitchYou can still access the data. It is recommended to keep applicant data for at least 6 months from the date of rejection in order to still have a possibility to recover data in case of complaints and lawsuits according to the General Equal Treatment Act.

Stage 3: Delete Database

6 months after the final deletion in the application, PitchYou irretrievably deletes the applicant data from the database. For this purpose, all personal data is irreversibly and non-resolvably masked: Name, address, contact details, date of birth, professional

Career, professional qualifications, temporal and local availability, personal history, profile picture, profile video, documents.

3. Order processing and external Service Providers

No employee of your company has to use WhatsApp

We handle the complete communication via WhatsApp as a service for you. You conclude a DSGVO-compliant order processing agreement with us for the storage and transfer of the personal data collected with it.

This also means that you have only one contractual partner, namely PitchYou.

WhatsApp Business API

The communication between the PitchYou bot and the applicant takes place via the WhatsApp Business API, which is intended precisely for communication between companies and consumers (in our case, applicants).

We adhere to all the regulations set by WhatsApp

Start of communication exclusively by the user
For the use of the WhatsApp Business API, we have concluded contracts with a WhatsApp-certified provider of the Business API located in Germany (360dialog GmbH, Berlin and MessengerPeople GmbH, Munich).

In the interests of data economy, all messages and media files with these providers are deleted immediately after they have been processed and stored in PitchYou.

Using a cell phone in your company to communicate via WhatsApp would not be DSGVO-compliant due to the blanket transfer of all phonebook entries. The WhatsApp Business API, on the other hand, does not run on a mobile device and therefore does not have a phonebook or contact book. A transfer is therefore technically impossible.

Data management and development in Germany

We only use servers that are operated in Germany. Our hosting partner is the company Hetzner AG.

The software was completely developed in Germany. All employees who may have access to personal data (e.g. through support tasks) are bound in

aben) are obligated in writing to maintain confidentiality.

WhatsApp uses servers outside the EU. Communication via WhatsApp is encrypted end-to-end. The contents of the communication are therefore protected. Only the information that a communication has taken place between the number of the applicant and the number of the PitchYou bot is transmitted to WhatsApp. The applicant has already agreed to this by accepting the WhatsApp terms and conditions when installing WhatsApp.

The storage of communication metadata in the USA was previously regulated by the Privacy Shield agreement between the USA and the EU. By a new EUCJ ruling, this agreement was declared insufficient. In order to be on the safe side in terms of data protection until a new political agreement is reached, you can obtain explicit consent for data storage in the USA and third countries by WhatsApp (Consent).

What other external services do we use?

We call the Google Maps API to determine the distance between the applicant and the possible job location. The zip code of the applicant is transferred, without any reference to personal data.

For the automatic translation of messages from other languages into German and vice versa, we use the Google Translate API. Only texts are transferred without reference to a person or a conversation thread.