JobAdder Trust Centre

You own and control your data. We protect and defend it.

Our commitment to recruitment agencies, staffing firms and talent acquisition teams

To be transparent about our operations, policies and technologies

To ensure the security, compliance and privacy of your data

To support and empower the privacy decisions of every single user

Information security certifications

We’re proud that JobAdder has achieved internationally recognised ISO 27001:2013 certification. This standard demonstrates JobAdder’s commitment to global best practice, having implemented a robust approach to protect your data. JobAdder is audited regularly to maintain the certification status.

You can view our certification here.

We use Amazon Web Services (AWS) as our host operating system in the cloud. Security and compliance is therefore a shared responsibility between AWS and JobAdder. We’re responsible for securing your data, while AWS is responsible for securing the infrastructure that hosts it. Amazon’s data centre operations have been audited and certified under:

ISO 27001
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Federal Information Security Management Act – Moderate
Sarbanes-Oxley (SOX)

Data centre locations

High technical and physical security

Resilience to disasters and data loss

Energy efficiency and sustainability

Security controls

JobAdder uses Cloudflare for WAF (web application firewall) and DDoS (distributed denial-of-service) mitigations
AWS Network Load Balancer restricts access to only required ports/services
AWS security groups are utilised for network segmentation on a least access model
Application server operating systems hardened to provide only necessary ports, protocols, services and applications as part of the baseline standard build
CAIQ (Consensus Assessments Initiative Questionnaire) and pen-tests are available on request. To view JobAdder’s Penetration Test Policy, please click here

Web and application servers run on the latest version on a hardened Windows Server Linux AMI
Windows updates, hotfixes and service packs are applied promptly
Port blocking is set at the network setting level
RDP connection encryption level is set to high and only accessible via VPN connection
Unnecessary services are disabled
Windows Defender and Crowdstrike are enabled and set to be updated daily
Logs are shipped to New Relic for monitoring and alerting
For a full list of JobAdder’s Security FAQs, please click here

JobAdder is cloud-based to ensure data is securely encrypted and stored in AWS data centres
Data can be restored from backup and regular backups take place nightly and weekly

In the case of any unforeseen incidents Disaster Recovery and Business Continuity Plans are in place, as part of our ISO27001 certification
JobAdder utilises AWS multiple Availability Zones (AZ) to remain resilient in the face of most failure modes
JobAdder has two AZs in each region and tests are conducted regularly to ensure different disaster scenarios are mapped and planned for

JobAdder has a Multi-Factor Authentication (MFA) feature, which requires two proofs of identity (JobAdder password and authenticator app code on the user’s mobile) to grant access to your JobAdder account.

Single Sign-On (SSO) is available for increased security. JobAdder integrates with a third-party SaaS product, Auth0, which supports a range of enterprise authentication mechanisms, including OpenID Connect (OIDC) and Security Assertion Markup Language (SAML):

Click here to learn about using OIDC with JobAdder.

Click here to learn more about using SAML with JobAdder.

Other protocols offered by Auth0 are available if required, including:

Google Workspace
Microsoft Azure AD
ADFS
Active Directory/LDAP
PingFederate

Platform compliance

General Data Protection Regulation (GDPR) plays a significant part in recruitment when it comes to collecting, handling and sharing candidate data.

With respect to candidate and client information that is stored in the JobAdder system:

You are the data controller and hold the direct relationship with your clients and candidates. You retain ownership of the client and candidate records that you store within your JobAdder account.

JobAdder, as the data processor, acts on your instructions when processing the candidate and client information stored in your JobAdder account.

JobAdder has a number of features to support your GDPR compliance:

Data processing opt-in policy: GDPR-compliant opt-in functionality on Job Application forms, with customisable text and data processing policy link
Pending candidates: Candidates are held in a ‘pending’ state until prerequisite requirements are met (eg. send privacy notice)
Auto-delete pending candidates: Candidates that are still in a ‘pending’ state past the one-month grace period will be automatically deleted
Export records: Manually respond to subject access requests by exporting the candidate record
Candidate Portal: Automatically respond to subject access requests by sending candidates a link to their CareerUpdate profile
Email and SMS templates: Email and SMS templates can be configured to fulfil the rectification and right to erasure notification obligations

Read JobAdder’s GDPR Terms
Read JobAdder’s Privacy Policy

Subprocessors
JobAdder uses third-party subprocessors to assist in the service we provide. Read the full list of subprocessors here.

GDPR FAQ

The EU general data protection regulation (GDPR), and the corresponding UK GDPR, is the law that governs how the personal data of individuals in the EU (and UK) may be processed and transferred. This includes the personal data of the candidates and clients that you interact with as part of your business.

Yes, JobAdder is committed to ensuring that its services comply with the requirements of GDPR.

With respect to the personal data of candidates and clients that is stored in the JobAdder system:

(a) the agency/inhouse talent team is the data controller; and
(b) JobAdder is the data processor.

The agency/inhouse talent team, as the data controller, holds the direct contractual relationship with its clients and candidates and retains complete ownership of the client and candidate records that it stores within its JobAdder account. The agency/inhouse talent team must comply with the provisions of the GDPR that apply to data controllers. For example if a candidate wishes to be deleted or forgotten then they will contact the recruiter and the recruiter is responsible for actioning that request.

JobAdder, as the data processor, acts in accordance with the instructions of its customer (ie: you) when processing the candidate and client information stored in that customer’s account. With respect to your account data, JobAdder complies with the provisions of the GDPR that apply to data processors This includes secure storage, appropriate data-transfer consideration and good management of its own sub-processors

Yes, JobAdder is ISO 27001 certified, which means we adhere to a globally recognized standard for information security management. JobAdder’s ISO certification demonstrates JobAdder’s commitment to maintaining the highest standards of data security and protection. You can view a copy of our ISO certification here https://jobadder.com/wp-content/uploads/2022/10/JobAdder-27001-Certificate.pdf.

JobAdder is a cloud based SaaS offering. We use Amazon Web Services (AWS) for account data storage and processing. Customers located in the UK and EMEA have their core account data stored on AWS servers located in Ireland.

There are some limited circumstances in which your data may be transferred out of the EU to the subprocessors identified here https://jobadder.com/subprocessors/. In those circumstances, JobAdder ensures that those sub-processors are contractually bound to maintain privacy and security standards that are, at a minimum, as stringent as those that we promise to you.

We also ensure that, where relevant, appropriate data transfer clauses are in place in its data processing agreements with each of our subprocessors. To the extent that any of your account data flows to countries that are not the subject of an adequacy decision, JobAdder’s adoption of the standard contractual clauses for international data transfer are set out in our GDPR terms available here
https://jobadder.com/gdpr-terms/

AWS is GDPR-compliant and offers a robust set of features to ensure data protection and security. JobAdder’s use of AWS means that your data benefits from the extensive security measures implemented by both JobAdder and AWS. You can find out more about AWS’s compliance measures here https://aws.amazon.com/compliance/iso-27001-faqs/

JobAdder employs a range of security measures, including encryption, secure access controls, and regular security audits. JobAdder also maintains a backup system to ensure your account data could be recovered in the event of a Our ISO 27001 certification further underscores our dedication to information security. Additionally, by using AWS, JobAdder leverages advanced security features and best practices provided by Amazon’s infrastructure. You can find out more about how JobAdder secures your data by reviewing Annexure 2 to our GDPR terms https://jobadder.com/gdpr-terms/ and/or by requesting a copy of our Security FAQs.

To maintain its own GDPR compliance, JobAdder will irretrievably delete the data stored in your account 90 days after your account is terminated. You can request a backup of the data prior to that deletion occurring. Backups are irretrievably deleted two weeks after they’re generated.

There are some circumstances in which your account data will be shared with third parties. It’s essential that you review JobAdder’s Privacy Policy and Terms of Use to understand how and with whom your data might be shared.

As part of providing our service to you, we engage trusted sub-processors that may also process your candidate/client information (eg: AWS and others). We ensure that those sub-processors are contractually bound to maintain privacy and security standards that are, at a minimum, as stringent as those that we promise to you. A list of those subprocessors is available here https://jobadder.com/subprocessors/

Your account data will also be shared if you connect your JobAdder account to a third party product, such as third party job boards, a HRIS software, payroll services or other software and services, including those promoted through the JobAdder Marketplace or resold by JobAdder. These third party products work in conjunction with the JobAdder service but do not form part of the service. Data is transmitted between your JobAdder account and these services only if you choose to connect them to your JobAdder account. We encourage you to carefully review an integration partner’s privacy information, before permitting them to process your client/candidate information via an integration.

JobAdder’s recruitment software provides features and best practices to support our customers with their GDPR compliance, including:

CareerUpdate portal – this portal allows candidates to securely access, update, and enrich the data you have on file for them – and also facilitates an opt-out and deletion process (should any of your candidates wish to do so)

Job Application Forms – Our forms enable you to obtain any necessary candidate consents to your own business’s privacy and contractual terms.

“Pending candidate” state – Candidates can be held in a ‘pending’ state until prerequisite requirements are met (eg. send privacy notice). Candidates are automatically available within your account when these prerequisites are met. Candidates that are still in a ‘pending state’ past the one month grace period will be automatically deleted

Other features include:

Comprehensive Reporting: Detailed reports allow for monitoring and auditing of data processing activities, ensuring transparency and accountability.

Customers located in the UK and EMEA have their core account data stored on AWS servers located in Ireland. Some non-core JobAdder features may require the transfer of personal data outside of the EU/EEA. In those instances, JobAdder enters into data processing agreements with its subprocessors, that include the standard contractual clauses for international data transfer, to ensure compliance with GDPR. You can find a full list of JobAdder’s subprocessors here https://jobadder.com/subprocessors/.

For GDPR-related questions or concerns, you can:

reach out to JobAdder’s support team via https://jobadder.com/contact/,
Email JobAdder’s UK based data protection officer via dpo@ametrosgroup.com
Email JobAdder’s internal privacy lead via dataprivacy@jobadder.com

Performance

JobAdder is committed to providing high availability and is transparent with customers about this, which means you can visit our status page anytime to quickly see if the JobAdder platform, or any related services, are experiencing any degradation. You can also see our standard Service Level Agreement (SLA) here.

JobAdder welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, what you can expect from us.