GDPR


The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018, and Restless Bandit is proud that we are 100% compliant. While GDPR is focused on Europe, we believe all Restless Bandit data subjects have the same rights and deserve these top-level protection standards. We respect your privacy and consider your personal information sacred.

The GDPR extends the reach of the European Union's data protection laws and establishes many new requirements for organizations that fall under its governing umbrella.  And we are happy to report that, while the regulation is focused on the European Union, many companies, including Restless Bandit, have updated systems and processes globally to ensure compliance and to ensure that all of our users receive the same protections.

In compliance with the Privacy Shield Principles, Restless Bandit commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Restless Bandit at: gdpr@restlessbandit.com

Restless Bandit has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

FAQ For Candidates

Why did I receive a Restless Bandit email? Companies around the world use Restless Bandit to reconnect with former applicants about current job openings. In addition, Restless Bandit partners with many job boards, staffing firms, and individual headhunters to seek out top talent for open roles.

How do I request a copy of my data? Please forward the Restless Bandit email you received to GDPR@restlessbandit.com to request a copy of your information.

How do I delete my information from your system? Please forward the Restless Bandit email you received to GDPR@restlessbandit.com to request that your information be deleted.

How do I update my data? If the email you received did not include a link to update your information, please forward the Restless Bandit email you received to GDPR@restlessbandit.com to inquire about the process for updating your information.

FAQ For Employers

What if a candidate has requested a copy of their data? Please email GDPR@restlessbandit.com for a copy of all data on file for that candidate. Be sure to include the candidate’s email address.

What if a candidate has requested that their information be updated? Please invite the candidate to update their profile directly in your ATS. (These updates will then be synced to Restless Bandit.)

What if a candidate has requested that their information be deleted? Please email GDPR@restlessbandit.com to inform us of requests for data deletions. Be sure to include the candidate’s email address.

Data Security Standards

Restless Bandit falls into the GDPR category of data processor. Our customers and partners are the controllers with respect to the data collected and stored on Restless Bandit. Restless Bandit mirrors the data stored in our customers' applicant tracking systems ("ATS"), Human Capital Management ("HCM") systems, and Candidate Relationship Management ("CRM") systems, and our customers and partners ultimately determine the purposes and means of the processing of personal data. Data subjects (job seekers) who submit their resume and/or job application own their data. Our customers and partners work with data subjects to determine when to process personal data, how to process personal data, and when to delete personal data - all of which is mirrored in Restless Bandit.

As of April, 2018, each of our ATS, HCM, and CRM partners have stated that they are GDPR compliant. This list includes, but is not limited to, Taleo, Workday, iCIMS, Jobvite, Bullhorn, IBM Kenexa, Avature, and Smashfly. Please refer to their websites for their positions and statements on GDPR.

Processors must comply with the measures outlined in Article 32, which require controllers and processors to implement "appropriate technical and organizational measures to ensure a level of security appropriate to the risk," including:

  1. encryption of personal data;‍
  2. ‍ensuring the continuous confidentiality, integrity, and availability of processing services;
  3. restoring data in a timely manner;‍
  4. ‍regularly testing, assessing and evaluating the effectiveness of technical measures to ensure data and data transmission security.


Restless Bandit meets all four requirements. Further, Restless Bandit maintains an independent SOC II, type II certification and has been in good standing since receiving our first certificate in mid 2017. Within this certificate Restless Bandit ensures that:

  1. Each customer's data is stored in its own dedicated database, and encrypted with a key unique to that customer.
  2. We connect with our customers' HR systems using Transport Layer Security 1.2 for HTTPS encryption, which is authenticated by AES-256 bit encryption.
  3. We implement industry best-practice standards (such as TLS 1.2 and AES-256) to encrypt and protect all interactions with our web applications.
  4. All data at rest, from databases to file systems to caches, is encrypted using AES-256, managed through Amazon Web Services Key Management Service.
  5. All passwords are hashed and salted using industry-standard techniques, such as bcrypt.

Restless Bandit runs on Amazon Web Services (AWS) cloud infrastructure, which meets rigorous international security standards: https://aws.amazon.com/compliance. On March 26th, 2018, Amazon stated that all AWS services are GDPR ready: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready

We are also proud to announce that Restless Bandit is EU-U.S. Privacy Shield certified. Under the EU-U.S. Privacy Shield Framework, Restless Bandit will continue our long-standing commitment to maintaining adequate safeguards and controls around personal data so that corporations large and small know that they are doing business with a trusted organization.

Administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, the Framework requires compliance around matters such as informing individuals of their rights to their personal data, outlining our own liability and having further transparency in our privacy notice. Joining the Privacy Shield Framework is a voluntary action, but it is an important one because it is a legal commitment, enforceable under U.S. law.

The Right of Erasure and to Object

GDPR confers a right to consumers (data subjects) to be forgotten, which is discussed in Article 17 as the right of erasure. Controllers must erase personal data upon the request of the data subject to which it pertains or when "the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed." As the data controller, our ATS / HCM / CRM partners' customers decide the point in the application/hiring process at which they no longer have a legitimate interest in retaining a candidate's personal data. As mentioned above, Restless Bandit simply mirrors the data in our partners' databases. However, upon request from either a data subject or controller, Restless Bandit will delete any data in our systems within 72 hours.

Data Subject Consent / Right to Object

Article 21 of GDPR grants data subjects a right to object to their personal data being processed for direct marketing purposes and/or profiling. If a candidate makes this objection, they may unsubscribe from Restless Bandit communications, and we will not send further messages. Restless Bandit also adheres to the United States CAN-SPAM laws which require that each email include a clear unsubscribe method, a physical address (in our case 33 New Montgomery, Street, 15th FL, San Francisco, CA USA 94105), a phone number, and other corporate information.

Our Mission

FIND THE BEST-MATCHED LATENT CANDIDATES IN YOUR TALENT UNIVERSE

How we work

our work process

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

The team

Best crew ever

Geovanny DuBuque

Creative Director

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.

Raven Durgan

Chief Exectutive

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.

Erwin Schultz

Web Designer

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.