GDPR Compliance

1. Introduction

At Verda, we are committed to protecting the data privacy rights of individuals in the European Economic Area (EEA) in compliance with the General Data Protection Regulation (GDPR). This policy explains how we adhere to GDPR requirements when processing personal data of individuals in the EEA.

2. Data Controller & Data Processor Roles

Data Controller: When you use our services to manage your own account, Verda acts as a Data Controller for your account information.

Data Processor: When employers upload candidate information or when references are processed, Verda acts as a Data Processor. Employers are the Data Controllers for candidate data they submit to our platform.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: Where you have given explicit consent to process your data for specific purposes
• Contractual Necessity: When processing is necessary to fulfill our contractual obligations to you
• Legitimate Interests: When we have a legitimate business interest in processing your data
• Legal Obligation: When we need to comply with a legal requirement

4. Your GDPR Rights

Under the GDPR, individuals in the EEA have the following rights:

• Right to Access: You can request copies of your personal data
• Right to Rectification: You can request that we correct inaccurate information
• Right to Erasure: You can request that we delete your personal data
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request a copy of your data in a machine-readable format
• Right to Object: You can object to our processing of your personal data
• Right Not to Be Subject to Automated Decision-making: You can request human intervention for decisions based solely on automated processing

To exercise these rights, please contact our Data Protection Officer at info@verda.work.

5. Data Protection Impact Assessments

For processing activities that may result in high risk to individuals' rights and freedoms, Verda conducts Data Protection Impact Assessments (DPIAs). Our AI-powered candidate analysis and reference verification systems have undergone DPIAs to identify and minimize data protection risks.

6. Data Transfers

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for transfers within a corporate group
• Adequacy decisions for countries recognized by the European Commission as providing adequate protection

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing of security measures
• Access controls and authentication
• Data backup and disaster recovery procedures
• Regular security awareness training for staff

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal obligations. Our retention periods are documented in our internal data retention policy.

10. Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing our GDPR compliance. You can contact our DPO at info@verda.work.

11. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EEA member state of your residence, place of work, or the place of the alleged infringement.

12. Changes to This Policy

We may update this GDPR Compliance statement from time to time. We will notify you of any significant changes by posting the new statement on our website and updating the "Last Updated" date.

13. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at info@verda.work.