Data security

at Moyyn

Data protection is a key element of Moyyn. Protecting customers and clients data and earning their trust is pivotal to us. We have implemented and strive to develop technical and organizational measures to ensure secure processing of information at all stages.

Data Protection by design

Data protection is an integral element of our product and strategy. We keep data privacy and security as one of the core elements of our product design. We also defined a process for feeding legal requirements into the product development process on an ongoing basis and reviewing the application accordingly.

How do we ensure that employees and team members are familiar with data protection guidelines?

Our employees are bound to data secrecy and data protection in general and are made aware of the consequences of any breach. We also provide awareness regarding the handling of personal details, as well as data protection, on a regular basis. These awareness includes new legislation such as the European General Data Protection Regulation (EU GDPR).

What are our organizational level initiatives to protect data and secure our infrastructure?

We strive for continued improvement of the processes and structures ensuring data protection and information security like appointing a data protection officer and training staff on a regular basis.

What happens if there is a data breach?

In the unlikely event of a data breach, if personal data of a customer is affected and the breach is likely to entail a risk to the rights and the freedom of the customer’s staff, we will immediately notify the customer concerned, so as to enable them to fulfill their legal obligation to inform the regulatory authority and the individuals concerned.

Has Moyyn appointed DPO?

We have appointed an internal team member, Aravinth Palaniswamy as Data Protection Officer. For further ifnormation on data privacy, please contact talent@moyyn.com

GDPR

We generally assume that we are compliant with the essential requirements of the EU GDPR already today. This includes, in addition to the stipulations of art. 25 of EU GDPR re data protection by design and by default, supporting the customer in respecting the rights of data subjects such as the right to obtain erasure of personal details as well as the rights of access and data portability (chapter 3 of EU GDPR). Users can send a request to talent@moyyn.com to delete or modiufy their data and also stop processing their data further.

Encryption

Any personal data that the application transmits to a client or other platforms are encrypted using Transport Layer Security (TLS), specifically HTTPS. This requires for a secure connection to be established between the two communicating partners (client and server) before any data can be transmitted.

Data storage

We use Digital Ocean – Frankfurt data centre for hosting our services. DigitalOcean is certified in the international standard ISO/IEC 27001:2013. More info: https://www.digitalocean.com/legal/gdpr/

Who at Moyyn has access to user data?

At Moyyn, only relevant teams have access to user data, for example, Product, Customer success and sales, Technology teams. This will be necessary to assist with the initial creation of an account as well as the processing of service enquiries. Access rights are granted on a need-to-know basis and documented. In addition, access to customers’ systems is logged. As a general rule, neither staff at the data centers nor at Digital Ocean employees have access to your data.

What do we do to prevent unauthorized access?

We run security and vulnerability checks regularly to check for unauthorized access. Also, in the client side, we log their activities to verify unauthorized access.

User authentication

Access is granted purely via personalized user accounts, each of which is clearly assigned to an individual.

Who has access to which data on candidates side?

Access rights are generally designed to fulfill the requirements of art. 24 of EU GDPR regarding data protection by default. This means that all candidates with newly created user accounts have by default no rights beyond editing their own profile. The clients can view candidates profile in order to select them for interviews, but they have no access to edit any canddiates data.

Ensuring availability

We ensure continous availability of the system by enabling backups at regular intervals. In the unlikely event of a total failure of the system, the redundant structure of the data centers (productive and backup data) ensures that your data is not lost. In this case, we will ensure fastest-possible recovery in accordance with our disaster recovery concept.

Who owns the data?

Moyyn collects the candidates data in order to create a job seeker profile and then matches them with client jobs. Applications are responsibilities of the candidates and companies. Moyyn does not use user data in any other way other than those mentioned in the privacy policy in order to provide our services. Moyyn does not share user data to any third party for other purposes.

What happens if user terminates the agreement or Moyyn goes out of business?

Upon termination of the business relationship, individuals authorized accordingly by the customer can request delivery of the data in a machine-readable format. 30 days after termination of the agreement, the data shall then be irrecoverably deleted. In the unlikely event of Moyyn going out of business, this procedure remains on principle unchanged, as the customer is the owner of the data and Moyyn is merely an order processor and can/ will thus not dispose of the personal data in any other way.