Brain Gain Recruiting (“we,” or “us,” or “our”) is committed to ensuring the security and protection of the personal information that we process and to providing a compliant and consistent approach to data protection.

We maintain a consistent level of data protection and security across our organization and are fully compliant with the General Data Protection Regulation (“GDPR”) as of May 25, 2018.

We undertake industry standard data protection measures. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.

We take the privacy and security of individuals and their personal information very seriously and take reasonable industry measures and precautions to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including but not limited to: password/encryption policies, authentication measures, SSL and access restrictions and controls.

Our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.

We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.

Our privacy policy complies with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

Our users have a right to know what information about them we hold and have a right to request erasure of personal data (where applicable). Further, users have a right to seek legal remedy from us and made aware of who to contact for such action.

We have consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.