Evidenced is a company registered in England and Wales under company number 12753827. Evidenced has privacy and transparency at its core.
Evidenced collects and stores the following data on users:
The data are obtained when a user signs up to Evidenced and throughout their use of the application.
Evidenced collects and stores the following data on candidates:
When explicitly consented to:
Candidate data is only visible to the company they are interviewing with and Evidenced staff, who may encounter the data when providing customer support. No data is shared between companies on Evidenced.
Evidenced collects data so that we can schedule interviews and provide interviewing functionality for our users and their prospective candidates. We also use this data to generate reports for our users and to help us improve our product by understanding how our users use the application.
When a call recording or transcript is made with your consent (as a candidate), users from the company you have interviewed with can review the recording for the purposes of ensuring fairness and accountability in the hiring process, and to support training interviewers. This forms our legitimate interest lawful basis for processing your data. If you wish for us to not use your data in this way, simply withdraw your consent when joining the interview.
Evidenced securely stores data in AWS’s eu-west-2 region (London), and via Twilio's US1 region per Twilio's Cross Border Data Transfer Policy.
All data is transmitted between devices and the Evidenced app over HTTPS.
Data is stored on Amazon RDS and is encrypted at rest. Amazon RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt data on the server that hosts the Amazon RDS instance.
Evidenced is a multi-tenant SaaS application so all customers exist within the same environment and database instance, however industry standard authentication and authorization practices are in place using Auth0 to ensure that a customer’s data is not accessible by other customers. More information can be found on Auth0 Security, Privacy & Compliance.
Evidenced keeps user data until they request account deletion.
Evidenced keeps candidate data until deletion is requested by the company they applied with, or when deletion is requested directly from a candidate by emailing firstname.lastname@example.org
Data we collect is shared with the following companies in order to achieve the functionality of our application and support our users if something goes wrong:
GDPR compliance and data privacy are front and center of all product decisions made at Evidenced.
Evidenced is GDPR compliant. GDPR compliance is shown through actions, not through certifications. Evidenced provides our users with the ability to access and control information Evidenced processes on their behalf, and is sympathetic and supportive of individual privacy choices.
Evidenced would like to make sure you are fully aware of all of your data protection rights under the General Data Protection Regulation (GDPR). These rights can be seen on the official website of the Information Commissioner's Office.
Under Article 17 of the UK GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
When Evidenced is connected to an Applicant Tracking System (ATS), and the system provides a relay mechanism for right to erasure requests (e.g. an API or Webhook for candidate deletion events), Evidenced is automatically notified of this request and will process it automatically.
When a mechanism for automatic handling a right to erasure request is not provided by the ATS, a request can be made manually via our in-app support chat, or by emailing email@example.com.
All requests are handled within 28 days.
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.
Applicant Tracking Systems do not typically provide a programmatic access mechanism for right of access requests. If a request is received, you can notify us of this via our in-app support chat, or by emailing firstname.lastname@example.org.
We will reach out to you via email with a copy of the information held on the candidate. This will consist of:
(N.b. You are not obliged to provide the audio and video of the interviewers who interviewed the candidate, as interviewers have their own right to privacy.)
All requests are handled within 28 days.
Evidenced has a built-in mechanism for the automatic removal of a candidate’s Personally Identifiable Information (PII). When removal takes place, candidate PII is removed and the remaining information is held under an anonymized candidate identity.
When connected to an Applicant Tracking System (ATS), Evidenced will automatically perform deletion and anonymization for any candidate that is deleted or anonymized (when this is supported) from the ATS.
If Evidenced is used without an ATS, your account manager will establish a retention period in consultation with you during the onboarding process. Candidate data will be automatically deleted and anonymized at the end of their retention period.
When a candidate deletion is processed, the following data is removed from Evidenced:
The following data will continue to be held under an anonymous candidate identity:
A mix of first-party and third-party cookies are used to recognize you on our website and remember your previously selected preferences.
You can set your browser not to accept cookies. If you choose to do this some of our website features may not function.
Should you wish to report a complaint or if you feel that Evidenced has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.