GDPR Compliance with Brainner

Brainner's Commitment to Security

GDPR Compliance with Brainner Last updated January 11, 2024

Welcome to this informational page for Brainner’s customers. If you are an EU resident and are seeking details about your privacy rights, please consult our Privacy Policy. The GDPR is a regulation that enables individuals in the European Union to control their personal data. While data privacy may seem daunting, Brainner provides our customers with the resources to confidently comply with GDPR requirements.

Common Terms

Your candidates are data subjects. They have the right to decide how their personal data is used. Your business is the controller of your candidates’ data. You have the obligation to handle their data responsibly, and to allow them to exercise their rights over it. Brainner is a data processor. We process personal information on your behalf as directed by your Data Processing Agreement with Brainner.

Data Subject Rights

The GDPR grants a number of specific rights to data subjects. As a data controller, you’re responsible for ensuring your candidates can exercise their rights over their personal information. Here’s how Brainner helps:

Candidates have the right to be notified of data collection, and to object to how their data is used. Brainner’s data privacy tools provide custom data retention periods using activity or consent-based rules. Our application forms notify candidates of their rights and record their consent at the time of application, renew their consent, or anonymize their data when their consent lapses.

Candidates have the right to request a copy of their information, or request that it be deleted. Brainner supports exporting or deleting any candidate's personal information. We also allow you to anonymize data, which strips it of identifiable information without affecting the accuracy of your aggregate reporting.

Data Processing Agreement

One of your responsibilities as a data controller is to make sure your sub-processors handle your data appropriately. Brainner offers a Data Processing Agreement on request, which includes the “standard contractual clauses” typically recommended for sub-processor agreements.

Data Transfer and Storage

Brainner stores and processes data in the United States. The GDPR places special scrutiny on data transfers outside of the EU. To help you document that those requirements are met, Brainner can provide a Transfer Impact Assessment on request.

Customers on a Business or Enterprise plan can request their data to be stored in the EU region.

For more information about Brainner’s security policies, see our Security page.