Codility has implemented technical and organizational measures to be fully compliant with GDPR by May 25th, 2018.
Even if your team is not be based in the European Union, your candidates may be, so it's important that Codility became GDPR compliant to ensure all our clients are covered.
This involved:
- Thorough gap analysis with consultancy from GDPR experts
- Implementing policy and technical changes, specifically relating to client and candidate data access, management and portability
- Reviewing our contract commitments with our clients and existing vendors
Current State:
- Codility offers data storage options both in the United States (North Virginia) and in Germany (Frankfurt). Storage of data in the US is permitted under GDPR thanks to the AWS Data Processing Agreement.
- Data is stored for the duration of contracted period with our client, and a grace period thereafter.
- Data backups are kept safe, and strongly encrypted. We have two layers of backups: snapshots of the entire database for three months, and make additional backups that do not include Personal Data so are kept indefinitely.
- After the expiry of a contract, we delete data within a 3 months time frame.
- We can also delete data by request to support@codility.com
- Upon request sent to support@codility.com, we may set a recurring deletion of all candidate personal data to comply with your data retention period. You can see more about it here.
- GDPR specifies two possible roles for a company with regards to Personal Data: a Controller and a Processor (on behalf of a Controller). Codility is both, depending on how Codility is being used.
- We have appointed a Data Protection Officer, who may be contacted at dpo@codility.com.
You may read more about this in detail in our Data Processing Agreement.
What personal data is processed by Codility on behalf of clients?
When a candidate begins an assessment session initiated by a Codility client, we store that candidate's:
- Email address
- First and last name
- A log of IP addresses used during the assessment session
- Optional at the client's discretion: last school attended, academic degree, major, programming experience, and a link to profile (GitHub, LinkedIn, etc).
If you are an employee of a Codility customer or otherwise use Codility on their behalf, we store your:
- Name
- Email address
Compliance of our vendors (Sub-Processors)
To provide the best service to our customers we use services provided by a number of vendors (e.g. AWS, Google Analytics, Zendesk, etc.). We have communicated with all relevant sub-processors to ensure full compliance in our entire network before the GDPR deadline.
Should you have any questions about our recent policy updates, GDPR, or how your data is being managed, please contact us at support@codility.com.