Skip to main content

Recent Notifications


You have no new notifications

Terms and conditions

Welcome to the NIJobs.com website, being the website “www.NIJobs.com” and any other web page containing that domain name (the “Website“), which is operated by NIJobs.com Limited (a company incorporated in Northern Ireland with company registration number NI38474 and a registered office at Suite 2A, Cadogan House, 322 Lisburn Road, Belfast, BT9 6GH) (the “Company”, “we”, “us” or “our”).

 

1 USERS, YOUR AGREEMENT AND PRIORITY

1.1 These terms of use together with our Privacy Policy comprise the “Terms of Use“. In the event of a conflict between these terms of use and the terms of the Privacy Policy, the terms of the Privacy Policy will prevail. The Terms of Use shall apply to the use of the Website by any visitor, jobseeker, recruiter, registered user or unregistered user of the Website (each a “user”, “you” or “your”) as follows:

1.1.1 If you are a visitor, jobseeker, recruiter, registered user or unregistered user of the Website other than a Contract User or an Ecommerce User, these Terms of Use and any other terms and conditions referred to in them comprises your Agreement with us and the term Agreement shall be construed accordingly throughout these Terms of Use.

1.1.2 If you are a Contract User these Terms of Use form part of your agreement with us, which comprises, in the following order of priority in the event of a conflict:

  1. the Contract Form;
  2. the Terms and Conditions; and
  3. these Terms of Use and any other terms and conditions referred to in these Terms of Use, and the term Agreement shall be construed accordingly in these Terms of Use.

1.1.3 If you are an Ecommerce User, the Ecommerce Terms (as defined and set out in Section 11 of this Agreement) form part of your agreement with us which comprises, in the following order of priority in the event of a conflict:

  1. the Ecommerce Terms; and
  2. these Terms of Use, and the term Agreement shall be construed accordingly in these Terms of Use
  3. these Terms of Use and any other terms and conditions referred to in these Terms of Use, and the term Agreement shall be construed accordingly in these Terms of Use.

1.2 Use of or access to the Website is subject to and constitutes your acceptance of the Agreement which take effect on the earlier of: (a) the date which you first access the Website, or, (b) if you are a Contract User or an Ecommerce User, when you sign a Contract Form or when you submit payment of a Fee on the Website in respect of a request for Ecommerce Services, respectively.

1.3 When you access or use our Website you conclude a legally binding agreement, comprising the Agreement, based on these Terms of Use and any other terms and conditions referred to in the Terms of Use, with the Company.

1.4 The website makes use of Google Places API in the provision of its Services. By using our Website, you are also bound by Google’s Terms of Services, available here: www.google.com/intl/en/policies/terms

1.5 We reserve the right to update these Terms of Use (including any Website Services or Products) at any time with or without notice to you. Users are responsible for regularly reviewing the Website to receive such changes. Your continued use of the Website, and the Website Services after changes are posted constitutes your acceptance of the Agreement, including the updated Terms of Use.

1.6 Other than the Terms of Use, if we wish to change any terms and conditions in your Agreement with us, we will provide you with 30 days’ notice of the change(s) we intend to make. If upon the expiry of 30 days following our provision of this notice we do not receive a written response from you indicating that you do not agree to the proposed change(s), the change will have effect from the date notified by us.

1.7 We may terminate your registration and/or deny you access to the Website or any part of it (including any services, products or information available on or through the Website) at any time in our absolute discretion.

1.8 This Agreement constitutes the whole agreement between us and you and supersedes and terminates any previous arrangement, understanding or agreement between us and you relating to the Website and any of our Website Services including our Products. You acknowledge that you do not rely on any statement, representation, assurance or warranty of any person (whether a party to this agreement or not) other than as expressly set out in your Agreement with us.

2 CHANGES TO THE WEBSITE AND WEBSITE CONTENT

2.1 We may update our Website from time to time, and may change any information or material (including designs, text, graphics, logos, images and related content), presentation, layout or functionality of the Website whether written, published, shared or otherwise appearing on the Website in respect of any of the Website Services, and for the avoidance of doubt this shall include any and all information or material contained in any advertisements, CVs or User Content appearing on the Website, (the “Content“) at any time. However, please note that any of the Content on our Website may be out of date at any given time, and we are under no obligation to update it. We do not guarantee that our Website, or any Content on it, will be free from errors or omissions.

2.2 We make services available to users on the Website from time to time, including the ability to create, publish and manage written advertisements for jobs, register CVs with us to appear on the Website, contact other users of the Website in response to advertisements published on the Website, search the Website for advertisements, and create and/or respond to profiles of employers (both user and non-user employers) (each an “Employer”), feedback, reviews, ratings or other information relating to any Employer (including an Employer’s recruitment process, salaries, organisation, business, performance, competitiveness, and employee satisfaction) whether created by a user who is not an Employer, or created by an Employer in connection with such content (“User Content”), including the collation of User Content for data analysis, quality control, and to provide better search results for both jobseekers and Employers (the “Website Services“). For the purpose of performing the Website Services, the Company may cooperate with media partners and host the Website, or parts thereof, at further websites and/or on third party hardware.

2.3 The names, images and logos identifying the Company or third parties and their products and services are proprietary marks of the Company and/or third parties, and may only be used by users when using the Website in the ordinary course. We may use Employer-user names, logos and marks for the purpose of the provision of the Website Services to you and in connection with the management, use and provision of the Content, including the User Content.

2.4 We have no obligation to monitor or moderate any user’s activity or use of our Website and/or the Website Services, however we retain the right at all times to monitor, retain and disclose any information as necessary to satisfy any Applicable Laws.

2.5 Without any admission of liability, we may from time to time assess any possible risks for users from third parties when they use the Website and/or Website Services and we will decide in each case whether it is appropriate to use moderation (including what kind of moderation to use) in the light of those risks. We may appoint certain users of the Website or third parties to act as moderators.

2.6 For the purpose of performing the Website Services, the Company may cooperate with media partners and host the Website, data relating to the users and Website Services or parts thereof, at further websites and/or on third party hardware.

3 OTHER WEBSITES AND RESOURCES

We may provide links and pointers to websites or other resources maintained by third parties from our Website. Such websites are not under our control and we are not responsible for the contents (including the accuracy, legality or decency) of any such website or any link contained in such a website. We are providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us of the linked website. We are not responsible for the copyright compliance of any linked website. We will not be liable for any damages or loss arising in any way out of or in connection with or incidental to any information or third party service provided by any third party and you acknowledge that the use of any third party website or resource is governed by the terms and conditions of use applicable to such website or resource.

4 YOUR USE OF THE WEBSITE AND YOUR LIABILITY

4.1 YOUR ACCOUNT AND PASSWORD

4.1.1 If any of the Website Services require you to register with us, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. You are entirely responsible for maintaining the confidentiality of your password and account and you are entirely responsible for any and all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account or any other breach of security. You can delete your account and all data contained in it at any time. As this account is a group-wide account as explained in 4.2.2., your access as well as your data will be deleted for all job boards of the The Stepstone Group UK Limited and for IrishJobs.ie as part of The Stepstone Group Ireland Recruit Limited.

4.1.2 You may not use anyone else’s account at any time, without the permission of the account holder. Any links provided on the Website are provided for your interest or convenience only and do not represent or imply any endorsement by us of such linked websites and we cannot be held liable for any loss or damage which may arise from use of such third party websites or contracts entered into resulting from the use of such third party websites. You acknowledge that the use of such third-party websites is governed by the terms and conditions of use applicable to such websites.

4.2 PRIVACY AND INFORMATION PROVIDED BY YOU INCLUDING USER CONTENT

4.2.1. We are committed to safeguarding your privacy online. Please refer to our Privacy Policy for full details of our firm commitment to privacy.

4.2.2. With the selected login data (username and password), you can also log in to the job platform of The Stepstone UK Group Limited and to our subsidiary job board platforms.

4.3 CREATING AND POSTING USER CONTENT

You may only create and publish User Content for purposes that are consistent with the Agreement and that are not illegal or otherwise breach Applicable Laws. You may not create any User Content that contains confidential or proprietary information, intellectual property, personal data relating to third parties (including an individual’s name or other information which identifies a living individual) or trade secrets, or which breaches your employment agreement.

4.4 LICENSE OF USER CONTENT

4.4.1 By submitting User Content you hereby grant to us and our licensees a worldwide, unrestricted, irrevocable, perpetual, non-exclusive, transferable and royalty-free licence to use, copy, make, reproduce, display, perform, distribute, sub-licence, sell, delete, edit, prepare derivative works from, analyse and otherwise exploit the User Content for the purposes of managing our Website, providing the Website Services and operation of our businesses (including by compiling it together with other User Content and anonymising it to perform statistical analysis for comparison or benchmarking purposes) to the extent permitted by applicable laws.

4.4.2 You acknowledge that we are owner of the intellectual property rights in the Content (whether jointly or solely) and that our prior written permission is required for any such use or removal of the Content. Your use of the Content does not give you any proprietary rights in the Content.

4.5 LIABILITY FOR USER CONTENT

4.5.1 By submitting User Content to this Website you acknowledge that any use, display, copying or reproduction that you make of a company trade mark or logo or inclusion of Employer or third party text or other content (including by hyperlink text) constitutes use of third party intellectual property rights and you agree that you are wholly responsible for ensuring that your User Content is permitted.

4.5.2 If you have a clarification, feedback or a complaint regarding the accuracy of specific User Content, you may tell us about it by contacting our Customer Service team at customerservice@nijobs.com.

4.6 LIABILITY FOR EMPLOYER REVIEWS

4.6.1 The results of your Employer reviews created by your User Content may, for example, be shown as star ratings for that Employer as part of all Website Services. You acknowledge that your ratings created from User Content are generated as an automated processing of User Content that represents users’ purported experiences, and do not represent our endorsement or view of the Employer.

4.7 UNLAWFUL & PROHIBITED USE

4.7.1 You may only use the Website and/or the Website Services for lawful purposes when seeking employment or help with your career or when recruiting staff. You must not under any circumstances seek to undermine the security of the Website or any information submitted to or available through it. In particular, but without limitation, you must not seek to access, alter or delete any information on the Website to which you do not have authorised access, seek to overload the Website system via spamming or flooding, take any action or use any device, routine or software to crash, delay, damage or otherwise interfere with the operation of the Website or attempt to decipher, disassemble or modify any of the software, coding or information comprised in the Website. You are also responsible for ensuring that all information, data and files are free of viruses or other routines or engines that may damage or interfere with any system or data prior to being submitted to the Website.

4.7.2 You are prohibited from using the Website and/or Website Services in any manner deemed to be in competition with our business activities (as determined by us at our sole discretion).

4.7.3 You are prohibited from using or removing any Content from the Website by any means for any purposes deemed to be in competition with our business activities (as determined by us at our sole discretion).

4.7.4 We reserve the right to remove any information including any Content supplied by you from the Website at our sole discretion, at any time and for any reason without notice or any explanation.

5 OUR LIABILITY

5.1 We do not warrant that the Website will be available on an uninterrupted basis, and we accept no liability in respect of losses or damages arising out of any unavailability of the Website.

5.2 We will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by us or another party due to someone else using your account or password as a result of your negligence or breach of this Agreement.

5.3 In no event will the Company be liable for any losses or damages including indirect or consequential damages, or any damages whatsoever arising from use or loss of use, data, or profits, whether in action of contract or negligence, arising out of or in connection with the use of the Website, including arising out of changes made to the Content of the Website by any third party. Your access to and use of the Website and Content is at your own risk.

5.4 You acknowledge that by accessing the Website, you may come into contact with Content that you find harmful, offensive, threatening, indecent or objectionable and you acknowledge that the Company shall have no liability to you for any User Content including explicit language and other potentially offensive material.

5.5 The Company does not endorse and is not responsible for any opinion, advice, information, or statement contained in the User Content. To the fullest extent permitted by law, the Company shall under no circumstances be liable for any use, misuse of or reliance upon, any User Content, for any claim made in relation to these Terms of Use, or for any damages, whether direct, indirect, incidental, consequential, special or punitive, and whether arising from use, misuse or reliance upon the User Content, from damage caused by information contained in the User Content or to damages incurred by reason of use of any links provided within the User Content. We expressly exclude our liability for any loss or damage arising from the use of the Website and/or Website Services by a user in contravention of our Agreement, whether the Website and/or Website Services are moderated or not. Any action that we might take in respect of a user or regarding Content, for example, deletion, editing or declining to publish, is neither an admission of liability on our part nor an indication of the breach or otherwise of any standard, Legal Provision or term by a user. Where we do moderate the Website and/or Website Services, we will normally provide you with a means of contacting the moderator or an administrator, should a concern or difficulty arise.

5.6 In accessing this Website you acknowledge that the Company is not liable for the misuse, alleged or otherwise, of third-party intellectual property rights by users of this Website who create User Content.

6 JURISDICTION AND INVALIDITY

6.1 This Agreement, and any issue connected with it, are governed by and construed in accordance with Northern Ireland law. The courts of Northern Ireland have exclusive jurisdiction to settle any dispute arising out of or in connection with the use of the Website or this Agreement.

6.2 If any provision of the Agreement is held to be invalid by a court of competent jurisdiction, such invalidity shall not affect the validity of the remaining provisions, which shall remain in full force and effect.

7 ENSURING QUALITY OF CONTENT

7.1 The following rules are in place to protect the quality of the Content on the Website. The maintenance of quality Content seeks to ensure that jobseekers can find the positions most relevant to their requirements quickly and easily and that Contract Users and Ecommerce Users receive relevant job applications.

7.2 These rules are intended to make the Website easier to use, thus attracting more jobseekers to apply for your jobs.

7.3 By enforcing these rules, we provide a level playing field for all Contract Users and Ecommerce Users using the Website Services while at the same time increasing the long term benefits you will reap from your subscription with us. Failure to adhere to these rules may result in action being taken by the Company, up to and including termination of our Agreement with you.

7.3.1 JOB ADVERTISEMENT: TITLE AND DESCRIPTION

  1. The title of a job advertisement must accurately reflect the job’s description. It is to no-one’s advantage if a jobseeker has to click on the title of a job advertisement unnecessarily, only to find that the job description does not match.
  2. Job advertisements should not use excessive CAPITAL LETTERS or **** Punctuation!!!!
  3. Avoid generic job advertisement titles such as “TEMPS, TEMPS, TEMPS” or “Legal, Legal, Legal”.
  4. Job advertisement titles and descriptions should not contain excessive use of search keywords which would disproportionately affect the position of your job advertisement in the search rankings.
  5. Hidden or “white text” included in job advertisements or otherwise on the Website is prohibited.

7.3.2 JOB ADVERTISEMENT USAGE

  1. Job advertisements perform best if they are allowed to remain on the Website for 30 days from the date they are first uploaded, ensuring the best possible response. Job advertisements will automatically expire after 30 days.
  2. Job advertisements must stay live on the Website for such minimum period of time as may be determined by the Company at our discretion. This is to ensure that jobseekers who receive your job advertisements by email will not find a job to have expired during that timeframe. The Company retains the right to amend the minimum live duration required in respect of jobs advertised on the Website.
  3. Each job may be advertised once only. Posting duplicate or similar job advertisements that relate to the same job provides unrealistic search results and is deeply frustrating for jobseekers. Advertisement of the same job twice, at the same time, is prohibited, including where the description of the job is changed or rephrased.

7.3.3 FILLED ROLES & CV COLLECTION

  1. If the job being advertised has been filled, the job advertisement must be removed as soon as possible.
  2. If you are recruiting in order to build a panel of CVs for a job that is available from a certain date in the future but that is not vacant on the date the job advertisement is posted, this must be made clear to the jobseeker in the job description.

 

7.3.4 COST TO JOBSEEKER

  1. If there is a cost involved to the jobseeker at any stage in the process of applying for or accepting a job advertised, this must be explained in the job advertisement.
  2. If the job advertised offers no basic salary (e.g. if the job operates on the basis of commission only, or is a position registered under or otherwise forming part of a state-sponsored “back-to-work” scheme or similar), this must be clearly stated in the job advertisement. Unpaid internships may not be advertised on the Website.

7.3.5 CONTACT DETAILS IN JOB ADVERTISEMENTS

  1. You may not include an email address in the job title, job description or anywhere in a job advertisement.
  2. You may not include a phone number in the job advertisement, nor include any information which is intended to, or which results in, a jobseeker being led away from the Website as part of their search for a job.
  3. You may not include third party URL links outside of the Company profile page or applicant tracking system (“ATS”) application links.

7.3.6 SPECIFICS TO WEBSITES

  1. All positions advertised in the graduate category featured in the job listings on the Website must display a maximum requirement of “0-1 years” in the section of the job description entitled “maximum experience required”.
  2. All positions advertised in the executive category featured in the job listings on the Website must display a minimum requirement of “6 years” and/or at a minimum a salary of €60,000 in the section of the job description entitled “Minimum Experience Required”. However, we recognise the need for flexibility at the Executive Room level and that you may not always wish to disclose the salary. In the event that this is the case, the following alternative options to describe the applicable salary level are available: “negotiable”, “not disclosed” and “see description”.
  3. You may not include third party URL links outside of the Company profile page or applicant tracking system (“ATS”) application links.

8 OUR PRODUCTS

8.1 PRODUCT DEFINITIONS

8.1.1 Job Ad

A “Job Ad” is a job advertisement in respect of a single job vacancy.

8.1.2 Slot

A “Slot” is the advertising space on the Website to which a direct employer Job Ad may be uploaded. Slots are available to direct corporate employers. A subscription for a Slot may be purchased for a defined period of time, for example twelve months. The period of time which will apply to a particular Slot is set out in your Contract Form. One Job Ad may be uploaded to a Slot for a 30 day period, which commences on the date the Job Ad is uploaded to the Slot. If a Job Ad is removed from a Slot before the 30 day period applicable to that Job Ad has expired, a new or replacement Job Ad cannot be uploaded to that Slot until the 30 day period applicable to the original Job Ad has expired.

8.1.3 Job Credit

A Job Credit is the single use advertising space on the Website to which a Job Ad may be uploaded. Job Credits are available to recruitment agency customers. Each job credit allows you to post one job for 30 days. Credits can be used at any point within the subscription start date and end date, and can be used to post a new job or renew an existing job fo an additional 30 days.

8.1.4 Refresh/Update

The “Refresh/Update” function is designed to boost a Job Ad which is already live on the Website. A Refresh/Update may be applied to a Job Ad at a maximum frequency of once in its 30 day life cycle. The frequency with which a Refresh/Update is available to users is at the discretion of the Company.

8.1.5 Featured Job

 

  1. The “Featured Job” function refers to a functionality of the Website whereby a Job Ad is made more prominent than other Job Ads appearing in a given search result listing, for a set period of time.
  2. The period of time during which the Featured Job function is applied to a Job Ad is at the sole discretion of the Company and can be changed at any time without notice.

8.1.6 Premium Job

A “Premium Job” is a boosted job in the search results based on the jobseeker’s search criteria, for a set period of time. The Premium Job functionality is not exclusive to any user and a Premium Job will be shown in rotation with other Premium Jobs during the applicable set period of time, if more than one user is availing of the Premium Job functionality on the same search criteria at the same time. The duration of the set period of time applicable to any Premium Job is at the sole discretion of the Company.

8.1.7 Job Alert

A “Job Alert” refers to an email communication that may be sent to recipients who have opted to receive it. A Job Alert comprises a list of Job Ads which relate to the type of vacancies specified as being of interest to the recipient. The “Job Alert” function is made available to you on an automated basis at the sole discretion of the Company, during the period of time immediately after Job Ads are first uploaded to the Website.

8.1.8 HTML Mailer

A “HTML Mailer” refers to a one-page email document which can be sent to a targeted group of recipients, only where criteria on which the demographic of that group is based have first been agreed with the Company. All content within a HTML Mailer is subject to prior approval by the Company and is subject to availability of this product, to be determined by the Company.

8.1.9 Hiring Companies

The “Hiring Companies” product offers additional advertising space on the Website homepage. Features of the Hiring Companies product include the following:

  1. “Hiring Companies” spaces are not exclusive to you. Your “Hiring Companies” advertisement may be displayed in rotation where more than one user is availing of this product in relation to a specific category of Job Ads at the same time; and
  2. the link embedded behind a “Hiring Companies” section must link to a page on the Website.

8.1.10 Display Advertising

The “Display Advertising” product comprises banner advertising which may be displayed across certain sections of the Website. This product is displayed on the Website in the form of leaderboard or MPU (“Mid Page Unit“) advertising formats. Links from Display Advertising must always link to a page on the Website.

8.1.11 The Stepstone Group Ireland Recruit Limited Database (Group made up of IrishJobs.ie. Jobs.ie and NIJobs.com)

The “CV database” product allows The Stepstone Group Ireland Recruit Limited Ireland Customer to access and use any information submitted by jobseekers agreeing to make their profile visible on the CV Database, subject to the terms of the Privacy Policy.

 

 

8.1.12 Video Interview Service

 

  1. The video job interview service (“VIDEO INTERVIEW SERVICE”) allows customers to create a) customized automated and/or b) live job interviews for any time zone, level of seniority and interview stage (the “VIDEO INTERVIEW“). An automated job interview is a structured way of interviewing where the customers’ candidate (“CANDIDATE”) answers a pre-recorded set of questions with a video recording at their convenience. The live job interview is a real-time interactive online conversation between a CANDIDATE and one, or multiple, interviewer(s).
  2. The web-based software system on which the VIDEO INTERVIEWS are generated (the “SYSTEM”), stored in a database specific to the customer and are made available to the customer. This SYSTEM can be accessed by the customer through an internet connection, using a username and password.
  3. NIJobs shall offer the customer access to the SYSTEM through an internet connection, making use of a username and password, and the customer will be able to make use of the SYSTEM as described in the user documentation (which can be found in the tutorial area within the SYSTEM) and create a database with the recorded videos. The database means the collection of VIDEO INTERVIEWs put in the SYSTEM for the customer.
  4. The SYSTEM may also be used by NIJobs to put the CANDIDATE and the customer in contact with each other using a webcam connection over the internet. NIJobs shall make an effort to support as effectively as possible the technology for the VIDEO INTERVIEW recorded in this way, but cannot be held liable if a video interview is not realised completely or at all.
  5. The customer is not permitted to give third parties access to the SYSTEM e.g. by letting them perform VIDEO INTERVIEWs with its CANDIDATEs, unless expressly agreed otherwise in the agreement.
  6. To make use of the VIDEO INTERVIEW SERVICE, the purchase of credits is necessary. One credit represents one VIDEO INTERVIEW. Every time a VIDEO INTERVIEW has been conducted, the relevant amount of credits are depleted from customers’ account within the SYSTEM. A VIDEO INTERVIEW has been conducted if a) the CANDIDATE provided its recorded video or b) the customer has carried out the live job interview with the CANDIDATE. All credits which have purchased are valid for twelve (12) months from date of purchase. The payment is made in advance after the issue of the invoice.
  7. (Personal) Data of the CANDIDATE must be treated confidentially by both, NIJobs and the customer. Personal Data of the CANDIDATE which NIJobs shall not record videos of a CANDIDATE without the CANDIDATE’s advance permission. NIJobs has the right to delete the recorded VIDEO INTERVIEWs from the SYSTEM after 180 days, unless agreed otherwise with the customer. Personal Data provided by the CANDIDATE for the purpose of conducting the VIDEO INTERVIEW may include CANDIDATEs Name, email address and (recorded) video.
  8. NIJobs shall make every reasonable effort to secure the SYSTEM against loss and/or any form of improper use, and shall use the suitable technical and organisational measures for this purpose.
  9. If communication between NIJobs and the CUSTOMER takes place using electronic resources, such as email and other forms of data traffic, both of the parties shall bear responsibility for standard virus protection. NIJobs is not liable vis-à-vis the customer for any loss or damage that arises from transmitting viruses and/or other irregularities in the electronic communication, or for any messages not received or which were received in a damaged state.

9 DEFINITIONS AND INTERPRETATION OF TERMS OF USE

Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

Agreement has the meaning given in section 1.2;
Applicable Laws all applicable laws, statutes, regulations, codes and requirements from time to time in force;
Content has the meaning given in section 2.1;
Contract Form has the meaning given in section 2.1;
Contract User any person or entity who signs a Contract Form with the Company;
Ecommerce User has the meaning given in the Ecommerce Terms;
Employer has the meaning given in section 2.2;
Privacy Policy the Website privacy policy published on the Website from time to time;
Products the products listed under section 8 of these Terms of Use, as described in that section from time to time;
“user”, “you” and “your” any visitor, jobseeker, recruiter, registered user or unregistered user of the Website including a Contract User and an Ecommerce User, as applicable in accordance with these Terms of Use;
User Content has the meaning given in section 2.2.
Website Services has the meaning given in section 2.2; and
Terms and Conditions means the terms and conditions attached to the Contract Form, and which are defined therein as the Terms and Conditions.

10 ECOMMERCE TERMS AND CONDITIONS

10.1 The terms and conditions in this section (the “Ecommerce Terms“) form part of the Terms of Use and apply only in relation to the Ecommerce Services (as defined below) which are requested by an Ecommerce User. The Ecommerce Terms will apply for the duration of the Ecommerce Term, in addition to the remaining Terms of Use.

10.2 Ecommerce Users (as defined below) are business customers that purchase exclusively online from the Company, Ecommerce Services comprising Products that last for the Ecommerce Term.

10.3 Where there is a conflict between the Ecommerce Terms and the Terms of Use, the Ecommerce Terms will prevail, followed by the Terms of Use.

10.4 PAYMENT OF FEE

10.4.1 Where an Ecommerce User submits payment of a Fee on the Website in respect of a request for Ecommerce Services, that User enters a binding Agreement with the Company, for the duration of the Ecommerce Term.

10.4.2 The Fee shall be paid by the Ecommerce User using an accepted payments card through the online portal for Ecommerce Services available on the Website. The Fee must be paid in full and in advance of the commencement of the Ecommerce Services.

10.5 ECOMMERCE SERVICES

10.5.1 The Ecommerce User undertakes to provide complete and accurate information in any request for Ecommerce Services, including in relation to any Ecommerce User requirements and any Job Specification. The Ecommerce User shall be responsible for any information placed on the Website pursuant to Ecommerce Services provided by the Company to that Ecommerce User. The Ecommerce User shall indemnify the Company during the Ecommerce Term and at any time thereafter for any loss, expense or damage incurred by the Company as a result of the Ecommerce User’s actions or omissions in connection with its use of the Website, information placed by the Ecommerce User on the Website, the use that it makes of Content provided through the Website or otherwise in connection with this Agreement.

10.5.2 The Ecommerce User shall supervise and control the use of the Website by the Ecommerce User’s employees and any authorised third parties in accordance with the terms of this Agreement.

10.5.3 Where the Ecommerce User deems a jobseeker to be suitable based on the Ecommerce User’s requirements, the Ecommerce User may contact that jobseeker to progress their application only where the jobseeker has provided consent to be contacted, using the method of contact to which the jobseeker has given consent.

10.5.4 The Ecommerce User will acknowledge all applications submitted to it on the Website by all jobseekers. The Company cannot guarantee that any Ecommerce User will recruit successfully using the Ecommerce Services.

10.5.5 The Company will be entitled to refuse delivery of the Ecommerce Services to an Ecommerce User at its discretion, notwithstanding its receipt of the Fee. In the event the Company elects not to deliver the Ecommerce Services to an Ecommerce User, then, subject to Applicable Law, the Company will refund the Fee made by that Ecommerce User in respect of those Ecommerce Services, within 28 working days. Payments made by Ecommerce User are otherwise non-refundable.

10.5.6 The Ecommerce User shall notify the Company promptly if the Ecommerce User becomes aware of any unauthorised access to, use of or copying of any part of the Website, including any Content.

10.5.7 The Company may review the information which the Ecommerce User intends to place or has placed on the Website and reserves the right to refuse to place or may remove, amend or discontinue displaying any information which is in breach of this Agreement, of any Applicable Laws or which it considers in its sole discretion to be contrary to the best interests of the Company. Any Fee paid for Ecommerce Services that relate to such information is non-refundable.

10.6 LIABILITY

10.6.1 The Ecommerce User will comply with all Applicable Laws, including without limitation the Employment Rights (Northern Ireland) Order 1996, all relevant equality legislation including without limitation, the Disability Discrimination Act 1995 (as amended), the Sex Discrimination (NI) Order 1976 (as amended), the Fair Employment and Treatment Order (Northern Ireland) Order 1996, the Race Relations (NI) Order 1997, the Employment Equality (Sexual Orientation) Regulations (Northern Ireland) 2003, the Employment Equality (Age) Regulations (Northern Ireland) 2006 and any applicable data protection laws, including

  1. The Data Protection Act 1998 and the Privacy & Electronic Communications (EC Directive) Regulations 2003 SI 2003/264 and any laws or Regulations implementing Directive 95/46/EC (Data Protection Directive) or Directive 2002/58/EC (ePrivacy Directive); and or;
  2. The General Data Protection Regulation (EU) 2016/679 (GDPR), and/or any corresponding and equivalent national laws or Regulations (Revised UK DP Law) The Ecommerce User shall indemnify the Company against any losses that arise in connection with any failure by the Ecommerce User, or any of its employees, contractors, agents or other authorised representatives, to comply with the obligations in this section 10.6.1.

10.6.2 If the Ecommerce User breaches any of its obligations in this Agreement, including if the Ecommerce User provides false or misleading information on the Website, or breaches any Applicable Laws, the Company may cease the Ecommerce Services immediately without prejudice to the Company’s right to claim damages and other relief. Without prejudice to the indemnity provided in section 10.6.1, the Ecommerce User shall take all reasonable steps to ensure the reliability and trustworthiness of any employees or other of its authorised representatives who have access to personal data of any person that submits information to the Ecommerce User via the Website, or any registered user of the Website.

10.6.3 The Company provides the Ecommerce Services to enable the Ecommerce User to search for suitable potential employee profiles. The Company does not guarantee suitability or availability of potential employees and hereby excludes to the greatest extent permitted by law, and except as expressly set forth in this Agreement, all warranties, conditions, representations, statements, terms and provisions express or implied by statute, common law or otherwise are excluded to the greatest extent permitted by law, in relation to the Ecommerce Services.

10.6.4 Nothing in this Contract will be construed as creating a partnership, joint venture or relationship of employment between the parties for any purpose whatsoever.

11 DATA PROTECTION OBLIGATIONS FOR ECOMMERCE CUSTOMERS

11.1 Database and Personal Data. In the use of the Products and Services, the Company provides and has access to, and the Customer will have access to the Recruitment Management System (also known as RMS) (the “Database”) which contains the following types of personal data relating to job applicants:- name; email address; CV information (such as applicant’s education, work experience, skills and interests); personal data contained in additional documents that an applicant attaches to a job applicant (“Personal Data”).

11.2 Purpose. The Personal Data is used by the Company to fulfil its obligations to data subjects who are job applicants and/or registered users of the Company and the Customer uses the Personal Data and Database to process the Personal Data for the purpose of hiring potential applicants and managing job applicants.

11.3 Joint Control. Each of the Company and the Customer jointly determine the purposes and means of processing of the Personal Data. Thus, the Parties are joint controllers with regard to such processing and the following clauses shall apply to their respective roles and responsibilities under Applicable Data Protection Law. To the extent either the Company or the Customer process personal data other than Personal Data via the Products and Services or otherwise, each of the Company and the Customer shall be separate data controllers in respect of such processing.

11.4 Joint Processing. The parties will handle all relevant processing of Personal Data jointly.

11.5 Responsibility. The parties will jointly be responsible for their processing of Personal Data in compliance with Applicable Data Protection Law. The Company and the Customer shall jointly ensure that the Personal Data is not otherwise processed without authorization and will restrict access to it on a need-to-know basis.

11.6 Data Protection Notices. The parties agree that it is each party’s responsibility under Applicable Data Protection Law to provide the information under Articles 13 and 14 GDPR regarding its data processing activities in an appropriate and legal manner. The parties shall mutually assist each other using reasonable means.

11.7 Essence of Joint Control Arrangement. The parties agree that it is each party’s responsibility to provide data subjects information on the essence of the parties’ data sharing agreement that is set forth within this Agreement.

11.8 Data Subject Rights. The parties acknowledge that relevant data subjects may have various rights with respect to their Personal Data (“Requests” or a “Request”). In particular, the relevant data subjects may have the right to Request access to and receive a copy of their Personal Data held by the Parties. Furthermore, the relevant data subjects may demand that the parties rectify, erase or restrict their Personal Data if these are incorrect or processed contrary to this Agreement or Applicable Data Protection Law. The relevant data subjects may potentially object, on grounds relating to their particular situation, at any time to processing of their Personal Data vis á vis the parties.

11.8.1 The parties agree that it is each party’s responsibility to answer a relevant data subject Request directed to it in an appropriate and legal manner. The parties shall mutually assist each other using reasonable means in case of relevant data subject Requests. As between the parties, the responsibilities are allocated as follows:

  1. Regarding the right of access (Art. 15 GDPR) and the right to data portability (Art. 20 GDPR) the Company is responsible regarding the data which the Company is able to access. The Customer is responsible regarding the Personal Data, which the Customer adds, which means the status of the relevant data subject’s application.
  2. The Company is responsible regarding the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing (Art. 18 GDPR) and the right to object to processing (Article 21 GDPR)

11.8.2 Measures to fulfil the rights of the data subjects
The parties acknowledge that data subjects may exercise their rights towards all parties

  • All applications older than 18 months will automatically be deleted from the Database.
  • Job applicants can request to have their Personal Data erased from the Database. Functionality is furnished to job applicants in their Jobseeker Account page to direct such requests to the Company. On receipt of such a request their jobseeker account and entire job application history will be deleted along with any applications stored in the Database. The Company will inform the Customer of the request for erasure in the event it relates to a job application that is less than 18 months old.
  • Job applicants can request access to all of their personal data stored by the Company and to have this data provided in a machine readable format. You can request your personal data by sending an email to gdpr@nijobs.com.

11.9 Appropriate Technical and Organisational Measures. The Company is responsible to implement appropriate technical and organisational measures to ensure appropriate security for the Personal Data when held on the Database.

11.10 Records of Processing. If applicable, each party shall maintain a record of processing activities under its responsibility and the parties shall mutually provide each other with information necessary for maintaining a record of processing activities.

11.11 Automated Processing. Neither the Company nor the Customer is going to make any decisions based solely on automated processing.

11.12 Personal Data breach. It is each party’s responsibility to provide notification to the relevant supervisory data protection authority and – where applicable – to the affected data subjects in cases of a breach of security leading to the accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed (“Personal Data Breach”) to the extent required by Art. 33 and 34 GDPR. The parties will collaborate in this regard as appropriate.

11.13 Data Protection Impact Assessment. The parties acknowledge that data protection impact assessments may be required in respect of their Joint Control of the Personal Data. Each party will carry out an assessment of potential high risks to the rights and freedoms of natural persons that may arise from the Party’s processing of Personal Data. If a data protection impact assessment becomes necessary, the parties shall collaborate in carrying out a data protection impact assessment regarding the joint data controlling processing of Personal Data. Each party remains responsible for the documentation of the data protection impact assessment and the consultation with its supervisory authority, as well as fulfilling potential further legal requirements.

11.14 Third Country Transfers When transferring Personal Data to third countries, the parties ensure that they will take appropriate measures to secure the Personal Data appropriately in accordance with Data Protection Laws.

11.15 Change Management. Both parties shall, on an ongoing basis, observe changes regarding technical, legal and other concerns, which could affect data protection and data security, and shall accordingly, amend and update their technical, legal and other security practices as appropriate.

11.16 Liability and Indemnity. Subject to Clauses 10.6.3 of the terms and conditions, each party shall remain liable for its processing of Personal Data and any breach by it or its agents or representatives of Applicable Data Protection Law in respect of Personal Data and shall indemnify, keep fully and effectively indemnified and hold harmless the other party for any such breach.

11.17 Costs. Each party shall bear its own costs regarding this Agreement and compliance with the obligations set out in it.

12 ECOMMERCE DEFINITIONS

In these Ecommerce Terms, the following terms have the following meaning:

Ecommerce User any person or entity who submits a request for any of the Ecommerce Services on the Website;
Fee the agreed once off payment made in advance by the Ecommerce User to the Company on the Website for the Ecommerce Services;
Ecommerce Term the period of time for which the Company provides the Ecommerce Services to the Ecommerce User, being 30 days;
Ecommerce Services in addition to the Website Services, the service provided by the Company to advertise the Ecommerce User’s contract details and recruitment requirement on the Website in accordance with the Content provided by the Ecommerce User, including the retention and storage of job applications received in respect of Ecommerce User vacancies in the Company’s database;
Job Specification means information posted to the Website by an Ecommerce User or a Contract User, about employment, consultant or contractor vacancies on the Website, whether on behalf of that user, or, if a recruitment or consultancy, on behalf of a third party.

13 COPYRIGHT STATEMENT

Copyright is implied irrespective of whether a copyright symbol or a copyright statement is displayed. Content on the NIJobs.com website can be downloaded for personal non-commercial use. Where use of other materials is desired the source must first approve and also be acknowledged. Permission to reproduce the NIJobs.com copyright does not extend to any material on this site which may be the property of a third party. Authorisation to reproduce such material must be obtained from the copyright holders concerned.

14 DATA PROCESSING ADDENDUM

14.1 Subject matter and duration of the Order or Contract
(1) By placing an order NIJobs (processor) and customer enter into a data processor agreement according to Art. 28 GDPR. NIJobs acts as processor for customer according to point 8.1.12 (VIDEO INTERVIEW SERVICE) of the terms of use. For the avoidance of doubt this data processor agreement shall only take effect if customer has ordered and used service defined in section 8.1.12 of the terms of use.

(2) Duration of this Order or Contract corresponds to the duration of the Service Agreement.

14.2 Specification of the Order or Contract Details
(1) Nature and Purpose of the intended Processing of Data
Detailed description of the Subject Matter with regard to the Nature and Purpose of the services provided by the Supplier: The purpose of the processing within the Video Job Interview Service is to transmit the Video Interview created by the applicant to the customer. The undertaking of the contractually agreed Processing of Data shall be carried out exclusively within a Member State of the European Union (EU) or within a Member State of the European Economic Area (EEA). Each and every Transfer of Data to a State which is not a Member State of either the EU or the EEA requires the prior agreement of the Client and shall only occur if the specific Conditions of Article 44 et seq. GDPR have been fulfilled

(2) The Subject Matter of the processing of personal data comprises the following data types/categories (List/Description of the Data Categories)

  1. Recordings of video interviews, video pitches and live interviews.
  2. Personal data of the candidates (candidate name and email address and video are stored). Depending on the interview set up by the Controller (pursuant section 8.1.12 lit.a in the terms of use).

(3) The category of Data Subjects whose Personal Data is processed in the context of performing the Agreement are applicants, who apply to the Controller as well as employees of the Controller who act as an interviewer. In addition, the communication data of Controller’s contacts will be processed.

14.3 Technical and Organisational Measures
(1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.

(2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Appendix technical and organizational measures]

(3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.

14.4 Rectification, restriction and erasure of data
(1) The Supplier may not on its own authority rectify, erase or restrict the processing of data that is being processed on behalf of the Client, but only on documented instructions from the Client. Insofar as a Data Subject contacts the Supplier directly concerning a rectification, erasure, or restriction of processing, the Supplier will immediately forward the Data Subject’s request to the Client.

(2) Insofar as it is included in the scope of services, the erasure policy, ‘right to be forgotten’, rectification, data portability and access shall be ensured by the Supplier in accordance with documented instructions from the Client without undue delay.

14.5 Quality assurance and other duties of the Supplier
In addition to complying with the rules set out in this Order or Contract, the Supplier shall comply with the statutory requirements referred to in Articles 28 to 33 GDPR; accordingly, the Supplier ensures, in particular, compliance with the following requirements: The Supplier has appointed a data protection officer who can be contacted under gdpr@NIJobs.com. The Client shall be informed immediately of any change of Data Protection Officer. Contact details are always available and easily accessible on the website of the Supplier. Confidentiality in accordance with Article 28 Paragraph 3 Sentence 2 Point b, Articles 29 and 32 Paragraph 4 GDPR. The Supplier entrusts only such employees with the data processing outlined in this contract who have been bound to confidentiality and have previously been familiarised with the data protection provisions relevant to their work. The Supplier and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from the Client, which includes the powers granted in this contract, unless required to do so by law.

  1. Implementation of and compliance with all Technical and Organisational Measures necessary for this Order or Contract in accordance with Article 28 Paragraph 3 Sentence 2 Point c, Article 32 GDPR [details in section technical and organizational measures].
  2. The Client and the Supplier shall cooperate, on request, with the supervisory authority in performance of its tasks.
  3. The Client shall be informed immediately of any inspections and measures conducted by the supervisory authority, insofar as they relate to this Order or Contract. This also applies insofar as the Supplier is under investigation or is party to an investigation by a competent authority in connection with infringements to any Civil or Criminal Law, or Administrative Rule or Regulation regarding the processing of personal data in connection with the processing of this Order or Contract.
  4. Insofar as the Client is subject to an inspection by the supervisory authority, an administrative or summary offence or criminal procedure, a liability claim by a Data Subject or by a third party or any other claim in connection with the Order or Contract data processing by the Supplier, the Supplier shall make every effort to support the Client.
  5. The Supplier shall periodically monitor the internal processes and the Technical and Organizational Measures to ensure that processing within his area of responsibility is in accordance with the requirements of applicable data protection law and the protection of the rights of the data subject.
  6. Verifiability of the Technical and Organisational Measures conducted by the Client as part of the Client’s supervisory powers referred to in item 7 of this contract.

14.6 Subcontracting
(1) Subcontracting for the purpose of this Agreement is to be understood as meaning services which relate directly to the provision of the principal service. This does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing equipment. The Supplier shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Client’s data, even in the case of outsourced ancillary services.

(2) The Supplier may commission subcontractors (additional contract processors) only after prior explicit written or documented consent from the Client.

  1. The Client agrees to the commissioning of the following subcontractors on the
    condition of a contractual agreement in accordance with Article 28 paragraphs 2-4 GDPR: StepStone GmbH, Axel- Springer-Str. 65, 10969 Berlin, Hosting and performance of the service.
  2. Outsourcing to subcontractors or changing the existing subcontractor are permissible when:
    1. The Supplier submits such an outsourcing to a subcontractor to the Client in writing or in text form with appropriate advance notice; and
    2. The Client has not objected to the planned outsourcing in writing or in text form by the date of handing over the data to the Supplier; and
    3. The subcontracting is based on a contractual agreement in accordance with Article 28 paragraphs 2-4 GDPR.

(3) The transfer of personal data from the Client to the subcontractor and the subcontractors commencement of the data processing shall only be undertaken after compliance with all requirements has been achieved.

(4) If the subcontractor provides the agreed service outside the EU/EEA, the Supplier shall ensure compliance with EU Data Protection Regulations by appropriate measures. The same applies if service providers are to be used within the meaning of Paragraph 1 Sentence 2.

(5) Further outsourcing by the subcontractor requires the express consent of the main Client (at the minimum in text form); All contractual provisions in the contract chain shall be communicated to and agreed with each and every additional subcontractor.
Customer explicitly agree to following further outsourcing by subcontractor: Amazon Web services, Frankfurt am Main – Germany, as further subcontractor for the purpose of platform hosting; Cammio GmbH, Philipp-Franck-Weg 19, 14109 Berlin, Germany, performance of video interview platform

14.7 Supervisory powers of the Client
(1) The Client has the right, after consultation with the Supplier, to carry out inspections or to have them carried out by an auditor to be designated in each individual case. It has the right to convince itself of the compliance with this agreement by the Supplier in his business operations by means of random checks, which are ordinarily to be announced in good time.

(2) The Supplier shall ensure that the Client is able to verify compliance with the obligations of the Supplier in accordance with Article 28 GDPR. The Supplier undertakes to give the Client the necessary information on request and, in particular, to demonstrate the execution of the Technical and Organizational Measures.

(3) Evidence of such measures, which concern not only the specific Order or Contract, may be provided by current auditor’s certificates, reports or excerpts from reports provided by independent bodies (e.g. auditor, Data Protection Officer, IT security department, data privacy auditor, quality auditor or a suitable certification by IT security or data protection auditing (e.g. according to BSI-Grundschutz (IT Baseline Protection certification developed by the German Federal Office for Security in Information Technology (BSI)) or ISO/IEC 27001).

(4) The Supplier may claim remuneration for enabling Client inspections.

14.8 Communication in the case of infringements by the Supplier
(1) The Supplier shall assist the Client in complying with the obligations concerning the security of personal data, reporting requirements for data breaches, data protection impact assessments and prior consultations, referred to in Articles 32 to 36 of the GDPR. These include:

  1. Ensuring an appropriate level of protection through Technical and Organizational Measures that take into account the circumstances and purposes of the processing as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities and that enable an immediate detection of relevant infringement events.
  2. The obligation to report a personal data breach immediately to the Client.
  3. The duty to assist the Client with regard to the Client’s obligation to provide information to the Data Subject concerned and to immediately provide the Client with all relevant information in this regard.
  4. Supporting the Client with its data protection impact assessment.
  5. Supporting the Client with regard to prior consultation of the supervisory authority.

(2) The Supplier may claim compensation for support services which are not included in the description of the services and which are not attributable to failures on the part of the Supplier.

14.9 Authority of the Client to issue instructions
(1) The Client shall immediately confirm oral instructions (at the minimum in text form).

(2) The Supplier shall inform the Client immediately if he considers that an instruction violates Data Protection Regulations. The Supplier shall then be entitled to suspend the execution of the relevant instructions until the Client confirms or changes them.

14.10 Deletion and return of personal data
(1) Copies or duplicates of the data shall never be created without the knowledge of the Client, with the exception of back-up copies as far as they are necessary to ensure orderly data processing, as well as data required to meet regulatory requirements to retain data.

(2) After conclusion of the contracted work, or earlier upon request by the Client, at the latest upon termination of the Service Agreement, the Supplier shall hand over to the Client or – subject to prior consent – destroy all documents, processing and utilization results, and data sets related to the contract that have come into its possession, in a data-protection compliant manner. The same applies to any and all connected test, waste, redundant and discarded material. The log of the destruction or deletion shall be provided on request.

(3) Documentation which is used to demonstrate orderly data processing in accordance with the Order or Contract shall be stored beyond the contract duration by the Su pplier in accordance with the respective retention periods. It may hand such documentation over to the Client at the end of the contract duration to relieve the Supplier of this contractual obligation.

Appendix – Technical and Organisational Measures Confidentiality

All data is hosted within AWS data center which is ISO 27001 certified and state of the art, utilizing innovative architectural and engineering approaches. Data centers are housed in nondescript facilities. Physical access is strictly controlled by professional security staff utilizing and video surveillance, intrusion detection systems, and other electronic means. Only authorized staff can enter buildings using MFA to enter data center floors. Authorized visitors are required to present identification and are signed in and continually escorted by authorized staff.
Secure VPN, MFA (multi-factor authentication), and role-based access is enforced for systems management by our DevOps team. User data is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. We set a session cookie only to record encrypted authentication information for the duration of a specific session. Passwords are individually salted and hashed. Brute Force protection: 3 incorrect attempts = 60 minutes lockout. API interfaces are only privately accessible and protected by security credentials. Additionally, MFA can also be used for recruiter users to add an extra layer of security. The end user can choose to receive the security code using text messages or use a standard One-Time-Password (OTP) app such as Google Authenticator.

Access control to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis. We use AWS Identity and Access Management (IAM) to manage access to all services and resources securely. AWS users and groups have been configured with dedicated permissions to allow or deny access to the resources. Central logging systems capture and archive all internal systems access, including any failed authentication attempts. Transmitted data is tracked and logged.

Candidate data is only stored for as long as is necessary for the purpose of video interviews. Automatic processes ensure that candidate subject data is deleted entirely from the system when a retention period is reached. This is an irreversible process. Database records are anonymised to allow for continuous statistics monitoring. No customer or candidate data is stored on portable media devices. Data of Client is logically separated; we use an internal multi-tenant architecture. File names used are fully obscured and anonymised and cannot be directly related to data subjects. All data storage is encrypted. The platform provides a separate development sandbox environment. All test data is fully separated from live data. Production data is not used during develop and test processes. Production data cannot be copied to other environments.

Integrity

Logging, Intrusion detection and IP Restrictions and VPN access
All user interactions, including logins, are stored in system-based logs. Logs are stored on AWS storage using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. Several techniques are in place to prevent unauthorised access. All resources require proper user authorisation to access data. All systems are protected by AWS firewalls and other best practices related to infrastructure security. Web Access Firewall (WAF) mitigates the risk of SQL injection threads. Administrative operational tasks can only performed from known IP addresses. VPN tunnels and MFA are used to gain access to the infrastructure configuration by the DevOps team. Data is encrypted at rest and in transit using server-Side Encryptions (SSE) using AES-256 encryption at rest and TLS 1.2 in transit.

Availability

Hosting within ISO 27001 certified data centers including support for repairing, replacing and refreshing the infrastructure. Contractual agreements with ISPs to provide Internet connectivity that can sustain bandwidth utilisation under full load Server capacity to run mission-critical services, including storage appliances and other services. Fire detection and suppression equipment installed to reduce the risk of fire. Highly durable storage redundantly stored on multiple devices across multiple facilities. Further protection for data retention and archiving through versioning in Amazon S3, AWS multi-factor authentication (AWS MFA), bucket policies, and AWS Identity Management (IAM). Scheduled snapshots of data volumes are created to protect the data from loss in case of a disaster. The snapshot off-instance storage persists independently from any instance and is replicated across multiple servers to prevent the loss of data from the failure of a single component. Rapid recovery through virtual machines.

Procedures for regular testing assessment and evaluation

All employees authorised to access personal data have received relevant technical and security trainings. We maintain internal information security policies including incident response plans and regularly review and update them. Our engineers use best practices and industry standard secure coding guidelines. Environments are scanned on a regular basis using breed security tools, vulnerability assessments and penetration test. Continuous monitoring of service system and capacity utilisation is deployed. Backup concepts, Recovery of IT systems. We periodically test our data.