Data & Privacy

Candidate data handling

Overview: In Stafio.ai, the ethical and secure handling of candidate data is a top priority. This article outlines how candidate data is collected, stored, and managed within the platform. The system is designed to provide you with tools to handle this data responsibly, from initial collection to secure deletion. While the platform automates many processes related to data organization, the ultimate responsibility for data integrity, privacy, and compliance rests with the user, making your manual oversight a critical component of the data handling process. 1. Data Collection and Storage - Multiple Sources: Candidate data is collected from various sources, including direct applications through your job portal, manual uploads of resumes by recruiters, and through third-party integrations. - Centralized Profiles: Once collected, all data for a single candidate is aggregated into a centralized profile. This profile serves as a single source of truth, consolidating information such as resumes, cover letters, application forms, and interview notes into a secure location. - Encryption and Security: All candidate data is stored on secure servers with robust encryption protocols to protect sensitive information from unauthorized access. 2. Manual Management of Candidate Data - Stafio.ai provides you with the manual controls necessary to ensure the accuracy and privacy of your candidate data. - Data Editing: You can manually edit any field within a candidate's profile to correct inaccuracies, add new information, or remove irrelevant details. This ensures the data remains accurate and up-to-date. - Note-Taking and Tagging: Recruiters and hiring managers can manually add private notes, tags, and ratings to candidate profiles. This allows for collaborative insights while keeping sensitive, non-application data organized. - Data Visibility: Visibility settings can be manually configured to control who on your team can view or edit certain parts of a candidate's profile, aligning with the principles of your organization's data privacy policies. 3. Data Privacy and Compliance - User Responsibility: While Stafio.ai provides the tools for compliance, you are responsible for ensuring that your data handling practices adhere to local and international regulations, such as GDPR. This includes obtaining proper candidate consent, providing access to their data upon request, and fulfilling data deletion requests. - Manual Intervention Point: The manual actions of obtaining consent (e.g., through a checkbox on an application form), providing data upon request, and securely deleting a profile are all critical steps that fall under the recruiter's responsibility to maintain compliance. 4. Troubleshooting & Tips: Issue: A candidate asks for a copy of their data. Suggested Fix: Navigate to the candidate's profile, click on the export option (usually a download or export icon), and manually send them the file. A candidate's data is inaccurate. Suggested Fix: Go to the candidate's profile and manually edit the incorrect information. If the inaccuracy is due to a parsing error, you can also re-upload the original document. Issue: You need to delete a candidate's data. Suggested Fix: Go to the candidate's profile and look for the "Delete" or "Archive" option. This manual action ensures the data is removed securely and permanently from the system, in line with privacy regulations. Issue: You are unsure about a specific data privacy regulation. Suggested Fix: Stafio.ai provides resources and FAQs to assist with compliance (see the next article). For specific legal advice, you should consult with your legal counsel.

GDPR and compliance FAQs

Overview:  Stafio.ai is built with data privacy in mind, providing the necessary tools to help you comply with regulations like the General Data Protection Regulation (GDPR). However, compliance is a shared responsibility. This article answers some of the most frequently asked questions about GDPR and provides guidance on how your manual actions within Stafio.ai can help you meet your legal obligations. Please note that this article is for informational purposes only and is not a substitute for legal advice. For specific compliance questions, you should consult with legal counsel.  1. What is GDPR? - The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that gives individuals in the European Union (EU) and European Economic Area (EEA) more control over their personal data. It sets strict guidelines for how personal data is collected, processed, and stored by organizations.  2. Does Stafio.ai help me comply with GDPR? - Yes, the platform provides the tools to enable your compliance. Stafio.ai offers features such as:  - Secure Data Storage: All candidate data is stored securely using encryption.  - Manual Deletion and Export: You have the ability to manually delete a candidate's profile or export their data upon request, fulfilling key "Right to Erasure" and "Right to Access" requirements.  - Consent Management: The platform provides fields and functionalities to track and manage a candidate's explicit consent for data processing.  - Your Manual Responsibility: While the tools are in place, it is your responsibility to use them correctly. You must ensure you have a legal basis (e.g., consent) to process data, and you must act on a candidate's rights requests in a timely manner.  3. What is "Explicit Consent" and how do I manage it? - Definition: Explicit consent means that a candidate has given you a clear, affirmative, and unambiguous indication of their agreement to their data being processed. For example, a candidate checking a box that states, "I consent to the storage of my data for future job opportunities," is considered explicit consent.  - Manual Management in Stafio.ai: You can manually track consent on a candidate's profile. The platform provides a field or a checkbox specifically for this purpose. It is a best practice to document when and how consent was obtained.  4. What is a "Data Subject Access Request" (DSAR)? - Definition: A DSAR is a request from a candidate to know what personal data you hold about them, why you are holding it, and who it has been disclosed to.  - Your Action: If a candidate makes a DSAR, you can fulfill this request by navigating to their profile and using the manual "Export" or "Download Data" feature. This generates a file containing all the data associated with their profile that you can provide to them.  **5. What is the "Right to Erasure" (or "Right to be Forgotten")? ** - Definition: The Right to Erasure gives a candidate the right to have their personal data erased from your system without undue delay, under certain circumstances.  - Your Action: If a candidate invokes their Right to Erasure, you must manually delete their profile from the Stafio.ai system. The platform's deletion functionality is designed to permanently remove their data in a secure and compliant manner. You should also ensure that you have no other legal basis for retaining their data.  6. Troubleshooting & Tips: Issue: I'm unsure if I have the right to hold a candidate's data.  Suggested Fix: Review the original source of the candidate's application to confirm that you have documented consent. If you can't find it, consider manually reaching out to the candidate to obtain their consent.  Issue: I can't find a way to manually delete a candidate's profile.  Suggested Fix: The delete function may be restricted to users with Admin permissions. If you are not an administrator, you must manually forward the request to an admin in your organization.  Issue: A candidate is asking for data in a specific format.  Suggested Fix: The manual export feature typically generates a standard file format (e.g., CSV, JSON). If the candidate requires a different format, you may need to manually reformat the data after exporting it. 

Deleting or exporting recruiter data

Overview: As a Stafio.ai user, you have the ability to manage your own personal data as a recruiter, including the information you've added to the platform. This article explains how you can manually delete your personal information or export your own data, such as notes, comments, or other contributions, in the event of a team change or account deactivation. Your ability to manually control this data ensures compliance with internal policies and personal privacy preferences. 1. Understanding Recruiter Data - "Recruiter data" refers to the personal information you, as a user, have stored in the Stafio.ai system. This is separate from the candidate data you manage. This includes: - Your user profile information (name, email, role, etc.). - Any private notes, comments, or tags you have added to candidate profiles. - Your saved filters, custom dashboards, and other preference settings. - Your activity log within the system. 2. Exporting Your Recruiter Data - In many cases, before leaving a company or deactivating your account, you may need to export a record of your contributions to the platform. Steps to Manually Export Your Data: - Navigate to your User Profile Settings (usually found by clicking your profile picture or a gear icon). - Look for a section titled "Data Management" or "Data Export." - Click on the "Export My Data" or a similar button. - The system will generate a file (e.g., CSV, JSON) containing your personal notes, comments, and other contributions, and it will be sent to your registered email address or downloaded directly. - Manual Intervention Point: The initiation of this export process is a manual action you perform to securely obtain a copy of your data. 3. Deleting Your Recruiter Data - When your account is deactivated or deleted, your personal data and contributions will be handled according to your organization's policies and legal requirements. Steps to Initiate Deletion: - The deletion process is typically initiated by an Administrator when they deactivate your account. - In some cases, you may have the option to manually request deletion of your own data from your profile settings. - Once the deletion is initiated, your personal notes and other contributions will be anonymized or permanently removed from the system. Your user account will be deactivated, and your login credentials will no longer be valid. - Manual Intervention Point: The decision to delete a user's data and the execution of this process are manual actions, often requiring an administrator's approval to maintain data integrity and compliance. 4. Troubleshooting & Tips: Issue: I can't find the "Export My Data" button. Suggested Fix: This functionality may be restricted by your organization's settings. Contact your workspace administrator to request a data export. Issue: After my account was deactivated, I found my notes were still visible to other team members. Suggested Fix: This may be due to how your organization configured the data handling policy. Some platforms anonymize a user's notes rather than deleting them to maintain a record of historical context. Contact your administrator to clarify the policy. Issue: My data export file seems incomplete. Suggested Fix: The export process may only include specific types of data, such as your notes and comments. If you are looking for a specific type of data that is missing, contact Stafio.ai support for assistance.

Managing consent for assessments

Overview: When using Stafio.ai to send assessments to candidates, it is crucial to manage their consent to collect and process their data, especially their responses and results. This article explains how the platform facilitates this process, highlighting the importance of your manual actions in ensuring that you have clear and explicit consent before a candidate begins an assessment. 1. The Importance of Candidate Consent - Legal and Ethical Requirement: Obtaining consent for assessments is a fundamental part of data privacy compliance. It ensures that candidates are aware of what data is being collected (e.g., test scores, video responses, behavioral insights) and agree to its use for the purpose of their application. - Building Candidate Trust: Clearly communicating your intent and obtaining consent builds trust with candidates, fostering a positive and transparent hiring experience. 2. The Consent Process for Assessments - Automated & Manual Integration: Stafio.ai's assessment feature integrates the consent process directly into the candidate experience. - Pre-Assessment Consent: Before a candidate can begin an assessment, the system will present a consent form or a button. This is typically a pre-written statement that explains what data will be collected, how it will be used, and the candidate's right to withdraw their consent. - Manual Intervention Point: The candidate must manually and explicitly agree to the terms by clicking the "I Agree" button. If they do not provide consent, they will not be able to proceed with the assessment, and this action will be logged in their profile. 3. Troubleshooting & Tips: Issue: A candidate claims they never consented to an assessment. Suggested Fix: Go to the candidate's profile and check the consent log. If it shows they provided consent, you can share a screenshot or the documented consent with them. If the log shows they did not consent, you must not use any data from their assessment. Issue: I need to customize the consent language for our assessments. Suggested Fix: This may require administrator access. Go to the "Settings" menu and look for a section on "Assessments" or "Data Privacy" to manually edit the consent form template that candidates see before starting an assessment.

Account deactivation or deletion

Overview: As an administrator, you have the ability to manually deactivate or permanently delete user accounts within your Stafio.ai workspace. This is a critical administrative function for maintaining data security and managing your team as individuals join or leave the organization. This article outlines the difference between these two actions and provides a step-by-step guide on how to perform them. 1. Understanding Deactivation vs. Deletion Deactivation (Soft Deletion): - Action: This action disables a user's access to the Stafio.ai account. The user can no longer log in or access any data. - Outcome: The user's profile and their associated data (notes, comments, etc.) are retained in the system. The user's name may be marked as "inactive" or "deactivated." - Purpose: This is often used for temporary leave or for employees who might return. It allows an administrator to easily reactivate the account later without losing any historical data. Deletion (Permanent Deletion): - Action: This action permanently removes a user's account and all associated data from the Stafio.ai system. This process is irreversible. - Outcome: The user's personal data (name, email, etc.) is permanently erased. Their contributions, such as notes and comments, may be either anonymized or permanently deleted, depending on your organization's settings. - Purpose: This is used when an employee has permanently left the organization and you need to comply with data privacy regulations by permanently removing their information. Manual Intervention Point: The decision to deactivate or permanently delete an account is a manual, administrative decision with significant consequences for data retention. 2. How to Manually Deactivate an Account Steps to Deactivate: - As an administrator, navigate to Settings > User Management. - Locate the user you wish to deactivate. - Click the three-dot menu (⋮) or an "Actions" button next to their name and select "Deactivate User" or a similar option. - Confirm the action. The user will immediately lose access, but their profile will remain visible to administrators with a "Deactivated" status. 3. How to Manually Delete an Account Steps to Delete: - As an administrator, navigate to Settings > User Management. - Locate the user you wish to permanently delete. - Click the three-dot menu (⋮) or an "Actions" button next to their name and select "Delete User" or a similar option. - Important: A confirmation prompt will appear, warning you that this action is irreversible and that associated data may be permanently lost. This is a final manual checkpoint. - The system may also prompt you to manually transfer ownership of any active jobs, candidates, or tasks to another team member to ensure continuity. This is a crucial manual step to prevent data loss. - Confirm the permanent deletion. 4. Best Practices for Account Management - Use Deactivation First: For most cases, deactivation is the safest first step. This allows you to retain historical data and easily restore access if needed. - Understand Data Retention Policies: Be familiar with your organization's data retention and privacy policies before performing a permanent deletion. - Assign Ownership: Always transfer ownership of active tasks and data before deactivating or deleting a user to ensure business continuity. 5. Troubleshooting & Tips: Issue: I can't find the "Deactivate" or "Delete" option. Suggested Fix: These are administrative functions. Ensure you are logged in as a user with Admin permissions or have the delegated permission to manage users. Issue: I accidentally deleted an account. Suggested Fix: Contact Stafio.ai support immediately. Because deletion is permanent, there is no guarantee of data recovery, but support may be able to assist if the action was very recent. Issue: The system won't let me delete an account until I transfer their tasks. Suggested Fix: This is a safety feature. You must manually reassign all open jobs, candidates, and tasks to another active user before you can proceed with the deletion. Issue: I want to delete a user's data but keep the account active. Suggested Fix: This may not be possible. Deletion typically applies to the entire account. You may need to manually go into their user profile and delete their specific notes or comments if that functionality is available.