Objective
This policy ensures that RedJade responds to GDPR-related requests in a timely manner to ensure GDPR compliance at all times.
RedJade implemented consent obtainment procedures in response to GDPR. Using RedJade features to obtain consent is the responsibility of the Data Controller.
RedJade Client Recruiting Managers are able to gather subject information directly from the recruiting channel within RedJade and are the first responders to data requests.
Policy
Right of Access by the Data Subject
- RedJade Client contacts RedJade at privacy@redjade.net, if needed.
- RedJade ascertains the subject request (contact information, PII, all data collected)
- RedJade exports the subject data requested using the subjects master database ID and supplies it to RedJade Client.
Right to Rectification
- RedJade Client contacts RedJade at privacy@redjade.net, if needed.
- RedJade ascertains the subject request (what needs rectified).
- RedJade works with RedJade Client to update subject information using the master database ID.
Right to Erasure
- RedJade has step-by-step instructions for removing a subject from the database.
- RedJade can perform this function, if requested.
Data Portability
- RedJade Client contacts RedJade at privacy@redjade.net, if needed.
- RedJade collects all subject data using the master database ID.
- Data is exported and provided to RedJade Client.
Change to Subprocessors
- Vet subprocessor to determine risk
- Determine if new subprocessor will have access to PII
- Contact and obtain consent from RedJade Clients regarding new subprocessors and ensure new subprocessors have DPAs included in contracts
Breach Notification
- Ascertain what data was possibly affected (is PII included)
- Identify affected RedJade Clients
- Identify affected subjects
- Contact affected RedJade Clients and Subjects via email and phone, if necessary
- Contact authorities as needed.