GDPR
      Back to home
      1. Help & Learning
      2. GDPR

      FAQ GDPR

      Processing of Personal Data by SmartyMeet Please familiarize yourself with the basic information about the principles of personal data processing in SmartyMeet.

      General Information

      SmartyMeet offers a Software as a Service (SaaS) solution. It is a tool designed to optimize the recruitment process and assess a candidate's suitability for a specific job position. To this end, it utilizes algorithms that check the alignment of a candidate's experience with specific requirements (defined by the recruiter). This means that a candidate applying for multiple positions can be evaluated differently in relation to each position.

      Special Category Data

      SmartyMeet does not collect or process data that could be considered special category data, in accordance with Article 9 of the GDPR (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning sexuality, or sexual orientation). The data verified is strictly related to the candidate's experience in the context of the position for which they are applying.

      The SmartyMeet system is an open system, which allows Users to enter any personal data they choose.

      Therefore, SmartyMeet has no control over the information that an individual might voluntarily disclose in their documentation, such as religious beliefs. However, we strongly discourage providing such data as it is not necessary for the full functionality of the SmartyMeet system.

      Is SmartyMeet the Data Controller for Job Candidates?

      No. SmartyMeet is a tool provided to organizations conducting recruitment. The purposes and means of processing personal data are determined by the organization, and SmartyMeet acts as a processor of personal data.

      Why Is Using SmartyMeet Legal Under GDPR?



      SmartyMeet has implemented safeguards that ensure personal data is secure and processed legally.


      The implementation of principles indicated in Article 5 of the GDPR has been ensured through:
      • Lawfulness, Fairness, and Transparency. The rules for data processing by SmartyMeet have been defined and described in the Privacy Policy document.
      • Purpose Limitation
      Personal data obtained by SmartyMeet are processed only for the purpose defined in the contract for using our system and the contract for the processing of personal data. We do not process data for other purposes.
      • Data Minimization
      We collect only the data that is genuinely necessary. However, please note that our resources come from data provided by candidates. We assume that if a candidate believes certain information about themselves increases their chances in the recruitment process, we cannot restrict its content.
      • Accuracy, Integrity, Confidentiality, and Availability of Data
      SmartyMeet uses measures that guarantee the fundamental characteristics of data security, including:
      • Secure login: Users can log in using a username and password or through SSO (single sign-on).
      • Redundant backup system.
      • Access control to the systems used (dedicated user for each system, possibility of identification, recording of activities performed).
      • Use of TLS encryption for transmitted data, as well as other cryptographic data protection measures.
      • Use of multi-layered login methods (JWT tokens, 2FA).
      • Strict control over API access (based on clientId and clientSecret and generation of API-KEY).
      • SSL certificate for the web layer.
      • Logs are collected for 30 days and then deleted.
      • Dedicated AWS servers - Amazon Web Services located in two regions - European and USA.
      • Storage Limitation
      SmartyMeet does not act as the data controller for candidates' personal data. It is the recruiting entity that sets the data retention period.
      • Accountability
      Actions taken in the system are accountable through system logs and user access controls.

      Do We Enter Into Data Processing Agreements?



      Yes, an integral part of the agreement you enter into with SmartyMeet is a personal data processing agreement. It is included in the SmartyMeet terms and conditions. You do not need to sign any additional documents for this purpose. Upon entering into an agreement, SmartyMeet becomes the entity processing personal data of your candidates, for which you are the Controller.

      Does SmartyMeet Sell My Data to Third Parties?



      No, SmartyMeet does not sell your data to third parties.

      How Can I Safely Integrate with SmartyMeet?



      Use the integration option through Zapier. When using SmartyMeet services and integrating with other applications via Zapier, Zapier, as a tool supporting integration, processes various types of personal data entered by our clients while using their Services.

      Zapier ensures compliance with EU law regarding international data transfers.


      Zapier processes personal data subject to European data protection regulations as a data processor. Zapier fulfills its obligations under the Zapier Data Processing Addendum, including certification in accordance with the EU-US Data Privacy Framework and adoption of the EU Standard Contractual Clauses defined in the European Commission Decision 2021/914 of June 4, 2021.