INTRODUCTION

Thank you for using Rakuna! As the leading recruiting technology solutions provider for employers, transparency has always been a cornerstone of our values - we are committed to being accountable and protecting the privacy and security of your personal information.

In an effort to expand EU data subjects’ control over their personal data, a landmark privacy law called General Data Protection Regulation (GDPR) goes into effect on May 25, 2018 in the European Union (EU). All organizations that market, track or handle EU personal data are legally required to comply.

The GDPR builds upon and modernizes existing EU Data Protection and Privacy rules and will replace them with one single set of rules which govern how personal information is collected and processed. It also specifically addresses the export of personal data of EU citizens outside the EU, and sets clear guidelines for companies who operate between the EU and other global markets with different legal structures and approaches to data transfer and its commercial use.

OUR COMMITMENT AND APPROACH TO THE GDPR

Protecting and defending user privacy is at the heart of our work. Rakuna is committed to the following foundational principles built into the DNA of our company:

Transparency
We inform and educate our users and customers of our data policies. We do this through in-product notifications, campaigns, and direct conversations with our customers to ensure people understand how their data is being used.
User Control
We provide people with the ability to control how their data is used.
Accountability
We are committed to sticking to our practices of protecting data, getting frequent feedback from regulators, policy makers, privacy experts, and improving how we protect personal information.

DATA WE COLLECT

From RECRUITERS

I. Information that is necessary for the use of Rakuna

1.1. Personal account information

When you sign up for a Rakuna account, we require certain information such as your (1) first name, (2) last name, (3) business email address, and (4) phone number.

1.2. Company information

When you sign up for a Rakuna account, we also require information on (1) company name, and (2) company website.

1.3. Communications with Rakuna

When you communicate with Rakuna on our platform (e.g: chat support via Intercom on the Rakuna website), we collect information about your communication and any information you choose to provide.

II. Information you choose to give us

2.1. Additional personal account information

You may choose to provide additional information as part of your Rakuna profile, such as (1) time zone and (2) profile picture.

2.2. Additional company information

You may choose to provide additional information as part of your company profile, such as (1) company logo, (2) company description, (3) Facebook link, (4) Youtube link, (5) Twitter link, and (6) LinkedIn link.

2.3. Prospect information

By providing us with digital copies of prospects’ resumes and their contact information, we have access to their information such as (1) full name, (2) phone number, (3) email address, (4) address, (5) education information.

2.4. Other information

You may otherwise choose to provide us information when you fill in a form, update or add information to your Rakuna account, respond to surveys, submit comments on our blog posts, participate in promotions, communicate with our Customer Success team, share your experience with us (such as through Customer Success Case Study), or use other features of the Rakuna Platform.

III. Information that is necessary for the use of the Payment Services

We need the following information necessary for the adequate performance of the business (event credit and contract) with you and to comply with applicable law (such as anti-money laundering regulations).

3.1. Payment information

When we send an invoice to you to inform a request of payment, we will need your (1) name, (2) email address, and (3) invoice address.

IV. Information we automatically collect from your use of Rakuna 4.1. Usage Information

We collect information about your interactions with Rakuna such as the pages or content you view, your searches, and other actions on Rakuna.

4.2. Log Data and Device Information

We automatically collect log data and device information when you access and use Rakuna, even if you have not created a Rakuna Account or logged in. That information includes, among other things: details about how you’ve used Rakuna (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using Rakuna.

4.3. Cookies and Similar Technologies

We use cookies and other similar technologies when you use our platform, use our mobile app, or engage with our online ads or email communications. We may collect certain information by automated means using technologies such as cookies, web beacons, pixels, browser analysis tools, server logs, and mobile identifiers. In many cases the information we collect using cookies and other tools is only used in a non-identifiable manner without reference to personal information. For example, we may use information we collect to better understand website traffic patterns and to optimize our website experience. In some cases we associate the information we collect using cookies and other technology with your personal information.

V. Information We Collect from Third Parties

Rakuna may collect information, including personal and work information, that others provide about you when they use Rakuna and the Payment Services, or obtain information from other

sources and combine that with information we collect through Rakuna and the Payment Services. We do not control, supervise or respond to how the third parties providing your information process your Personal Information, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

5.1. Third Party Services

If you link, connect, or login to your Rakuna Account with a third party service (e.g. signing in with Single Sign-On or calendar integration with Google Calendar/Outlook), the third party service may send us account information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.

5.2. Other Sources

To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or information to help detect fraud and safety issues, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Rakuna through partnerships, or about your experiences and interactions from our partner and networks.

From PROSPECTS

VI. Information that is necessary for the use of Rakuna

6.1. Personal information

6.1.1. When registering via the “Pre-Event Registration Link”: We ask for your (1) First name, (2) Last name and (3) Email as the three required fields. (4) Phone number and (5) your Resume are optional for you to give.

6.1.2. When scheduling for an interview time slot: We ask for your (1) First name, (2) Last name and (3) Email as the three required fields. (4) Phone number and (5) your Resume are optional for you to give.

6.1.3. When sending in your resume: We ask for your electronic version of your resume (PDF format) that we will store under the customer’s database.

6.2. Communications with Rakuna

When you communicate with Rakuna on our platform (e.g: chat support via Intercom on the Rakuna website), we collect information about your communication and any information you choose to provide.

VII. Information you choose to give us

7.1. Prospect information

By providing event recruiters, and thus Rakuna, with a digital copy of your resume, we have access to your information such as (1) full name, (2) phone number, (3) email address, (4) address, and (5) education information.

7.2. Other information

You may otherwise choose to provide us information when you respond to surveys, submit comments on our blog posts, participate in promotions, communicate with our team, share your experience with us (such as through Customer Success Case Study), or use other features of the Rakuna Platform.

VIII. Information we automatically collect from your use of Rakuna 8.1. Usage Information

We collect information about your interactions with Rakuna such as the pages or content you view, your searches, and other actions on Rakuna.

8.2. Log Data and Device Information

8.3. Cookies and Similar Technologies

IX. Information We Collect from Third Parties

Rakuna may collect information, including personal and work information, that others provide about you when they use Rakuna and the Payment Services, or obtain information from other sources and combine that with information we collect through Rakuna and the Payment Services. We do not control, supervise or respond to how the third parties providing your information process your Personal Information, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

9.1. Third Party Services

9.2. Other Sources

HOW WE USE THE DATA WE COLLECT

We may use information we have collected to (1) process data and provide additional services to our customers, (2) pass on to third parties for further use, (3) develop, improve and maintain Rakuna, and (4) create and maintain a trusted and safer environment.

I. To process data and provide services to customers

With data collected from recruiters, we:

Allow recruiters to access and update their profile information
Allow recruiters to access and update their company information
Allow recruiters to access and download the prospect’s information (only applicable to the Admin role)
Allow recruiters to access and view the prospect’s information (only application to the Reviewer role)
Access, modify and update recruiters profile and/or company information on their behalf and per request
Copy and maintain such data on Rakuna’s servers (or the servers of its suppliers)
Use in an anonymous manner in support of Rakuna’s marketing and sales activities
Sanitize and erase data from the database anytime per the recruiter’s request

With data collected from prospects, we:

Stored prospect’s resume and parsed information of (1) Name, (2) Email address, (3) Phone number, (4) Educational institution name, (5) GPA, (6) Major, (7) Graduation year, in an online, searchable candidate database that may be accessed by Rakuna and its Users.
Store prospects’ rating and feedback their experience (when attending a recruiting event) on the Rakuna portal to allow Rakuna to determine the user experience and improve the Portal.
Download prospect’s information on the recruiter’s behalf and per request
Access, modify and update prospect’s personal information per the recruiter’s request
Copy and maintain such data on Rakuna’s servers (or the servers of its suppliers)
Use in an anonymous manner in support of Rakuna’s marketing and sales activities
Sanitize and erase data from the database anytime per the recruiter’s request

II. To pass onto third parties for additional business use

Rakuna will pass on your data to third parties with your consent (via the Terms of Services and Privacy Policy agreement). The following third parties will receive your personal data for the following purposes as part of the processing activities:

Intercom
AWS
Application Tracking System (Greenhouse, Lever, iCIMS, Workday, SAP SuccessFactors)

III. To develop, improve and maintain Rakuna products and services

We may use the data collected and your personal information to provide, improve, and develop Rakuna such as to:

enable you to access and use Rakuna;
enable you to communicate with other team members;
operate, protect, improve, and optimize Rakuna and the user experience, such as by performing analytics and conducting research;
provide customer service;
send you service or support messages, updates, security alerts, and account notifications;
if you provide us with your contacts’ information, we may process this information: (i) for fraud detection and prevention, and (ii) for any purpose you authorize at the time of collection;
enable your use of our products.

We process this personal information for these purposes given our legitimate interest in improving our products and services, your experience with it, and where it is necessary for the adequate performance of our business with you.

IV. Create and maintain a trusted and safer environment

We may use the data collected and your personal information to create and maintain a trusted and safer environment such as to:

detect and prevent fraud, spam, abuse, security incidents, and other harmful activity;
conduct security investigations and risk assessments;
verify or authenticate information or identifications provided by you;
conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required;
comply with our legal obligations and applicable laws;
resolve any disputes with any of our members/users and enforce our agreements with third parties;
enforce our Terms of Service and other policies;

In connection with the activities above, conduct profiling based on your interactions with Rakuna, your profile information and other content you submit to Rakuna, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to Rakuna if such processes detect activity that we think poses a safety or other risk to Rakuna, our community, or third parties. If you challenge this process, please contact us as provided in the Contact Us section below.

HOW WE KEEP YOUR DATA SECURED

I. Access control

To access and use the Rakuna application, all the users need to be authenticated by email and password with requirements:

Passwords must be at least 8 characters long and contain a character from each of the following categories: (1) Uppercase (A-Z), (2) Lowercase (a-z), (3) Numeric (0-9) and (4) Special characters (!$?...).
User passwords will expire every 90 days and users will receive an email reminder to change password prior to expiry.
Users won't be able to reuse the last 10 passwords.
System lockout after five unsuccessful login attempts.

Once pass through authentication, user can access to Rakuna resources based on permission levels:

Admin: This permission level grants full access to both the mobile app and web app. An Admin can create and edit Events, Forms, and Messaging/Email templates, and view all prospects and organization data via the Dashboard. In addition, an Admin can also invite or remove members from the organization, edit team members’ permission levels, and purchase Event Credits.
Reviewer: This permission level grants full access to the mobile app and limited access to the web app. Reviewer users are usually the talent acquisition leaders who need access to the dashboard to review event recruiting metrics, or hiring managers who can have access to prospects' information to select who they would like to interview, tag, and leave comments on specific prospects. A Reviewer can view a prospect’s information, published Events, Forms, and Messaging templates, but cannot edit.
Mobile: This permission level grants full access to the mobile app only. A Mobile user only has access to “Settings” on the web app.

II. Data control

Rakuna separates scoped data on the application control level where sensitive personal information is classified then encrypted before saving to database, only privileged can access and request service to decrypt information in readable format.

III. Encryption

A. Encryption of Data in Transit

Rakuna enforces the SSL encryption on the top level of network communication to protect information transmitted on the internet. Under the SSL connection, the client and server employ the public and private keys to exchange randomly generated data called the session keys which is used to encrypt and decrypt the data.

To ensure encryption strength, Rakuna utilizes SSL public and private keys which are certified by well known and trusted authorities (Amazon, Google, Godaddy). Those certificates are updated and improved on yearly basis

B. Encryption of Data at Rest

Rakuna has developed Secure Data Service which is responsible for encrypting/decrypting personal data before saving it to the database. To protect the data, Secure Data Service employs Key Management Service (KMS) to generate and manage encryption keys which are used to encrypt and decrypt sensitive data. KMS uses a master key that is compounded by different shared keys to generate encryption keys and transmit to Secure Data Service in a private network over SSL/HTTPS.

On database instances, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas and snapshots. The database system uses industry standard AES=256 encryption algorithm to encrypt customer data.

IV. Logging

All personal data related activities are logged and monitored in a centralized log system and all the local logs on other resources are removed. If there are any abnormal activities, DPO and Security committee will take responsible with suitable action

V. Security Assessment

Rakuna conducts a penetration testing annually. Our pen test entails entire product code review, security assessments (OWASP), and intrusion attempts from third-party Pen Test contractors.

In addition, Rakuna performs security vulnerability scanning on a weekly basis using automated security tools and internal resources.

OUR DATA PROTECTION OFFICER

We’ve a dedicated Data Protection Officer (DPO) to oversee and advise on our data management. You can reach out to us by emailing dpo@rakuna.co.

YOUR DATA RIGHTS

Rakuna would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to be informed
Organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
The right of access
Individuals have the right to request a copy of the information that an organisation holds on them.
The right to rectification
Individuals have the right to correct data that is inaccurate or incomplete.
The right to erasure
In certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.
The right to restrict processing
Individuals can request that organisation transfer any data that it holds on them to another company.
The right to data portability
Individuals can request that an organisation limits the way it uses personal data.
The right to object
Individuals have the right to challenge certain types of processing, such as direct marketing.
Rights related to automated decision making and profiling
Individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

CHANGES TO THIS GDPR PRIVACY POLICY

Rakuna reserves the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on the Rakuna Platform and update the “Last Updated” date at the top of this Privacy Policy. We will also provide you with notice of the modification by email at least thirty (30) days before the date they become effective. If you disagree with the revised Privacy Policy, you may cancel your Account. If you do not cancel your Account before the date the revised Privacy Policy becomes effective, your continued access to or use of Rakuna will be subject to the revised Privacy Policy.

CONTACT US

If you have any questions about Rakuna’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at support@rakuna.co.