Codility has implemented technical and organizational measures to be fully compliant with GDPR by May 25th, 2018.
Even if your team is not be based in the European Union, your candidates may be, so it's important that Codility became GDPR compliant to ensure all our clients are covered.
- Thorough gap analysis with consultancy from GDPR experts
- Implementing policy and technical changes, specifically relating to client and candidate data access, management and portability
- Reviewing our contract commitments with our clients and existing vendors
- Codility stores data in the United States with AWS in North Virginia. This is permitted under GDPR thanks to the AWS Data Processing Agreement.
- Data is stored for the duration of contracted period with our client, and a grace period thereafter.
- Data backups are kept safe, and strongly encrypted. We have two layers of backups: snapshots of the entire database for three months, and make additional backups that do not include Personal Data so are kept indefinitely.
- After the expiry of a contract, we delete data within a 3 months time frame.
- We can also delete data by request to firstname.lastname@example.org
- GDPR specifies two possible roles for a company with regards to Personal Data: a Controller and a Processor (on behalf of a Controller). Codility is both, depending on how Codility is being used.
- We have appointed a Data Protection Officer, who may be contacted at email@example.com.
You may read more about this in detail in our Data Processing Agreement.
What personal data is processed by Codility on behalf of clients?
When a candidate begins an assessment session initiated by a Codility client, we store that candidate's:
- Email address
- First and last name
- A log of IP addresses used during the assessment session
- Optional at the client's discretion: last school attended, academic degree, major, programming experience, and a link to profile (GitHub, LinkedIn, etc).
If you are an employee of a Codility customer, or otherwise use Codility on their behalf, we store your:
- Email address
Compliance of our vendors (Sub-Processors)
To provide the best service to our customers we use services provided by a number of vendors (e.g. AWS, Google Analytics, Intercom etc.). We have communicated with all relevant sub-processors to ensure full compliance in our entire network before the GDPR deadline.