Alva Labs & GDPR

How we process and protect our users’ personal data

What is GDPR?

The General Data Protection Regulation (GDPR) is a new EU Regulation, related to protection of personal data that took effect on the 25th of May 2018. The goal of GDPR is to protect the rights of EU citizens within data privacy and to ensure transparency, security, and accountability by data controllers and data processors. Simply speaking, it will give EU citizens the right to know what, why, where, and when their data is being processed, as well as a new ‘right to be erased or forgotten’.GDPR has expanded on the eight principles of the already existing EU Data Protection Directive:

  • Obtain and process information fairly.

  • The data must be kept for a specified, lawful purpose.

  • The data should be used and disclosed only for the specified purpose.

  • The data must be kept safe and secure.

  • The data must be up to date, accurate and complete.

  • The data must be relevant, adequate but not excessive.

  • The date must be retained for no longer than is necessary.

  • A copy of the data must be made available to the data subject, on request.

.

How Alva Labs protects and processes our users’ data

At Alva Labs, we take data privacy very seriously. Below you will find a brief summary of how we process and protect your data as an Alva Labs user and how you can control it at all times.

  • Candidates and/or employees submit data to the Alva platform, usually in the form of a personality test, logic test, or 360-feedback evaluation etc.

  • This data belongs to the user, which actively grants access to her data, either as an applicant or an employee. At any time, the user may revoke access to the data from any organization by emailing legal@alvalabs.io.

  • In line with ‘the right to be forgotten’, the user can at any time delete their account along with all data that is associated with the account.

  • To be able to give both the user and the companies that use Alva as much value as possible from our services, Alva conducts analyses of aggregated segments of our data set in order to find valuable insights. These analyses are all done on a highly aggregated level, as we are interested in finding broad and statistical trends and not detailed tendencies on an individual level. One finding from such analyses could, for example, be; “In fast-growing companies in industry X, we see that candidates with personality traits Y are more likely to be happy and stay longer in role Z.”

  • Alva will never keep any personal data longer than necessary.

  • All data is hosted, and protected, by Google Cloud Platform and is stored on their servers in Belgium. Alva has a data processor agreement with Google Cloud Platform.

For more information on how we work with personal data, read our Privacy Policy.

.

Security measures to keep our platform safe

Our customers’ security and integrity is very important to us and something we take seriously. Our systems are designed with Privacy by design and Privacy by default in mind. Access to sensitive data is restricted by strong authentication both internally at Alva Labs and externally. When transferring and storing data we always use recommended end-to-end encryption protocols and algorithms. We continuously run tests to ensure that unauthorized access to sensitive data cannot occur.

If you have any further questions regarding how we processes personal data, please contact legal@alvalabs.io.

.