Fetcher and GDPR
The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018, and Fetcher is proud that we are 100% compliant. While GDPR is focused on Europe, we believe all Fetcher’s data subjects have the same rights and deserve these top-level protection standards. We respect your privacy and consider your personal information sacred. Fetcher has updated systems and processes to ensure compliance and to ensure that all of our users receive the same protections.
Following the principles of Privacy Shield, we are committed to resolving complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Fetcher at: firstname.lastname@example.org.
Why did I receive a Fetcher email?
Companies use Fetcher to connect with potential talent leads to their current job openings.
How do I request a copy, to delete or update my information?
Please forward the Fetcher email you received to email@example.com with your specific request and we’ll comply within 72 hours.
What if a talent lead has requested a copy, to delete or update my information?
Please email firstname.lastname@example.org for the data on file for that talent lead. Be sure to include the talent lead’s email address and telephone number so we can confirm their wishes directly with them.
Data Security Standards
Fetcher falls into the GDPR categories of data processor and controller. Controllers and processors must comply with the measures outlined in Article 32, which require controllers and processors to implement "appropriate technical and organizational measures to ensure a level of security appropriate to the risk," including: encryption of personal data; ensuring the continuous confidentiality, integrity, and availability of processing services; restoring data in a timely manner; regularly testing, assessing and evaluating the effectiveness of technical measures to ensure data and data transmission security.
Fetcher meets all four requirements. Further, Fetcher ensures that:
- Talent lead data is encrypted with a key unique to that talent lead.
- All data at rest, from databases to file systems to caches, is encrypted using AES-256, managed through Amazon Web Services Key Management Service.
- All passwords are hashed and salted using industry-standard techniques, such as bcrypt.
Fetcher runs on Amazon Web Services (AWS) cloud infrastructure, which meets rigorous international security standards: https://aws.amazon.com/compliance. On March 26th, 2018, Amazon stated that all AWS services are GDPR ready: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready
Administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, the Framework requires compliance around matters such as informing individuals of their rights to their personal data, outlining our own liability and having further transparency in our privacy notice. Joining the Privacy Shield Framework is a voluntary action, but it is an important one because it is a legal commitment, enforceable under U.S. law.
The Right of Erasure and to Object
GDPR confers a right to consumers (data subjects) to be forgotten, which is discussed in Article 17 as the right of erasure. Controllers must erase personal data upon the request of the data subject to which it pertains or when "the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed." Upon request from a data subject, Fetcher will delete all data subject data in our systems within 72 hours.
Data Subject Consent / Right to Object
Article 21 of GDPR grants data subjects a right to object to their personal data being processed for direct marketing purposes and/or profiling. If a talent lead makes this objection, they may unsubscribe from Fetcher communications, and we will not send further messages.