PII Policy

Updated - 22 January 2025

Personal Identifiable Information (PII) Policy for CVR

Effective Date: 1 January 2025

1. Introduction

At Uptomic SRL, we recognize the importance of safeguarding the Personal Identifiable Information (PII) contained in resumes or CVs processed through the CVReformatter tool. In alignment with GDPR and industry best practices, we have adopted a stringent approach to ensure the confidentiality and security of all data handled within our platform. This policy outlines our practices regarding the collection, processing, and protection of PII.

2. Scope

This policy applies to all documents processed through the CVReformatter tool, including but not limited to:

  • Resumes or CVs submitted by users.
  • CV formatting templates provided by customers.
  • Job advertisements.

For the purposes of this policy, the Data Owner is defined in accordance with GDPR as the individual who owns or has control over the data.

3. Core Principles

3.1 Resumes or CVs

  • Assumption of PII: Uptomic treats every CV as though it contains sensitive PII.
  • Data Retention for User Management: CVReformatter retains resumes or CVs for the exclusive use and management of the Data Owner. These documents are accessible only to the organization or individual via their secure account.
  • Encryption and Security: All CVs are encrypted both in transit and at rest. Access to data is governed by the principle of least access, ensuring only authorized personnel or systems can access it.
  • Non-Disclosure: Resumes or CVs processed through the CVReformatter tool are never shared with third parties unless explicitly requested by the Data Owner.

3.2 CV Formatting Templates

  • CV templates provided by customers for formatting purposes are securely stored.
  • Templates that may contain PII (e.g., a contact person's name or email) are stored in secure accounts with two-factor authentication and encryption.

4. QA/Development Processes

  • Documents submitted by customers for QA or development purposes are handled with the utmost care and stored securely.
  • Files are encrypted and stored in designated secure folders and may be used to identify patterns in the application and to further improve the application based on the identified trends and patterns.

5. Security Practices

  • All data processed by Uptomic is secured using industry-standard encryption protocols during transit and storage.
  • Access to sensitive data is limited to authorized personnel who are bound by strict confidentiality agreements.
  • Our systems and practices are regularly audited to ensure compliance with data protection regulations and to maintain high standards of security.

6. Data Owner Rights

In compliance with GDPR, the Data Owner retains full control over their data and has the following rights:

  • Access: Request access to their data processed by Uptomic.
  • Rectification: Request corrections to their data.
  • Deletion: Request the deletion of their data from Uptomic systems.

For more information on how to exercise these rights, please contact us.

7. Policy Updates

This policy may be updated periodically to reflect changes in our practices, legal requirements, or other considerations. Any updates will be communicated clearly and take effect immediately upon publication.

If you have any questions about this policy or how your data is handled, please contact us at.

Uptomic SRL is committed to ensuring your data is processed securely and in full compliance with GDPR and other relevant regulations.