GDPR

 

The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018, and Restless Bandit is proud that we are 100% compliant. While GDPR is focused on Europe, we believe all Restless Bandit data subjects have the same rights and deserve these top-level protection standards. We respect your privacy and consider your personal information sacred.

 

The GDPR extends the reach of the European Union's data protection laws and establishes many new requirements for organizations that fall under its governing umbrella.  And we are happy to report that, while the regulation is focused on the European Union, Restless Bandit has updated systems and processes to ensure compliance and to ensure that all of our users receive the same protections.

In compliance with the Privacy Shield Principles, Restless Bandit commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Restless Bandit at: gdpr@restlessbandit.com

Restless Bandit has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

FAQ For Candidates

Why did I receive a Restless Bandit email? Employers use Restless Bandit to connect with potential candidates about current job openings.

How do I request a copy of my data? Please forward the Restless Bandit email you received to gdpr@restlessbandit.com to request a copy of your information.

How do I delete my information from your system? Please forward the Restless Bandit email you received to gdpr@restlessbandit.com to request that your information be deleted.

How do I update my data? If the email you received did not include a link to update your information, please forward the Restless Bandit email you received to gdpr@restlessbandit.com to inquire about the process for updating your information.

FAQ For Employers

What if a candidate has requested a copy of their data? Please email gdpr@restlessbandit.com for a copy of all data on file for that candidate. Be sure to include the candidate’s email address and telephone number so we can confirm their wishes directly with them.

What if a candidate has requested that their information be updated? Please email GDPR@restlessbandit.com and include the candidate’s email address and telephone number.

What if a candidate has requested that their information be deleted? Please email gdpr@restlessbandit.com to inform us of requests for data deletions. Be sure to include the candidate’s email address and telephone number.

Data Security Standards

Restless Bandit falls into the GDPR categories of data processor and data controller.  Controllers and processors must comply with the measures outlined in Article 32, which require controllers and processors to implement "appropriate technical and organizational measures to ensure a level of security appropriate to the risk," including:

  1. encryption of personal data;‍
  2. ‍ensuring the continuous confidentiality, integrity, and availability of processing services;
  3. restoring data in a timely manner;‍
  4. ‍regularly testing, assessing and evaluating the effectiveness of technical measures to ensure data and data transmission security.

 

Restless Bandit meets all four requirements. Further, Restless Bandit maintains an independent SOC II, type II certification and has been in good standing since receiving our first certificate in mid 2017. Within this certificate Restless Bandit ensures that:

  1. Candidate data is encrypted with a key unique to that candidate.
  2. We implement industry best-practice standards (such as TLS 1.2 and AES-256) to encrypt and protect all interactions with our web applications.
  3. All data at rest, from databases to file systems to caches, is encrypted using AES-256, managed through Amazon Web Services Key Management Service.
  4. All passwords are hashed and salted using industry-standard techniques, such as bcrypt.

Restless Bandit runs on Amazon Web Services (AWS) cloud infrastructure, which meets rigorous international security standards: https://aws.amazon.com/compliance. On March 26th, 2018, Amazon stated that all AWS services are GDPR ready: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready

 

We are also proud that Restless Bandit is EU-U.S. Privacy Shield certified. Under the EU-U.S. Privacy Shield Framework, Restless Bandit will continue our long-standing commitment to maintaining adequate safeguards and controls around personal data so that corporations large and small know that they are doing business with a trusted organization.

 

Administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, the Framework requires compliance around matters such as informing individuals of their rights to their personal data, outlining our own liability and having further transparency in our privacy notice. Joining the Privacy Shield Framework is a voluntary action, but it is an important one because it is a legal commitment, enforceable under U.S. law.

 

The Right of Erasure and to Object

GDPR confers a right to consumers (data subjects) to be forgotten, which is discussed in Article 17 as the right of erasure. Controllers must erase personal data upon the request of the data subject to which it pertains or when "the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed."  Upon request from a data subject, Restless Bandit will delete all data subject data in our systems within 72 hours.

 

Data Subject Consent / Right to Object

Article 21 of GDPR grants data subjects a right to object to their personal data being processed for direct marketing purposes and/or profiling. If a candidate makes this objection, they may unsubscribe from Restless Bandit communications, and we will not send further messages. Restless Bandit also adheres to the United States CAN-SPAM laws which require that each email include a clear unsubscribe method, a physical address (in our case 33 New Montgomery, Street, 15th FL, San Francisco, CA USA 94105), a phone number, and other corporate information.



Our Mission

FIND THE BEST-MATCHED LATENT CANDIDATES IN YOUR TALENT UNIVERSE

How we work

our work process

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

The team

Best crew ever

Geovanny DuBuque

Creative Director

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.

Raven Durgan

Chief Exectutive

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.

Erwin Schultz

Web Designer

Laborum suscipit ea nemo pariatur enim quo. Dolor quia cumque.