GDPR compliant
At Alva, we have evaluated all processing activities to ensure the correct data relationship. Alva has three different roles in the data processing, depending on the processing activity.
How Alva Labs protects and processes our users’ data
At Alva Labs, we take data privacy very seriously. Below you will find a brief summary of how we process and protect your data as an Alva Labs user and how you can control it at all times.
- Alva Labs assess your abilities and suitabilities for a specific position within an organisation you are applying for.
- Candidates and/or employees submit data to the Alva platform, usually in the form of contact information, ability and suitability information (i.e. test input), device information, information about job position and demographic information.
- The user can at any time restrict the data processing and revoke access to their data.
To be able to give both the user and the companies that use Alva as much value as possible from our services, Alva conducts analyses of aggregated segments of our data set in order to find valuable insights. These analyses are all done on anonymized data, not on personal identifiable information, as we are interested in finding broad and statistical trends and not detailed tendencies on an individual level. One finding from such analyses could, for example, be; “In fast-growing companies in industry X, we see that candidates with personality traits Y are more likely to be happy and stay longer in role Z.”
Alva Labs as Data Processor
Alva is a data processor for the processing of personal data on behalf of our customers. The customer decides what candidates to assess, under what purpose and mean, and is responsible for the processing. This aspect of the data processing is clarified under a DPA.
Alva Labs as Joint Controller
In one data processing activity, the test procedure, Alva and our clients are joint controllers. When it comes to actually assessing a candidate with Alva's psychometric tests, the customer can't have full control of the activity. It is Alva, and Alva alone, that decides what questions to ask, and therefore, what personal data to collect. No customer is able to impact this. This makes it impossible for the customer to be a stand-alone controller for this part of the process.
Alva Labs as Independent Controller
If a candidate decides to create an account with Alva, Alva becomes an independent controller for the personal data in that aspect of the processing. The customer and Alva process data for different reasons, different purposes, and under different legal grounds. Under this circumstance, the candidates (data subjects) opts-in by giving their consent, creating a situation where Alva has direct contact with the candidate and offering them a different service than instructed under the DPA.
Alva Labs customer service offering
Alva Labs candidate service offering
External review and audit
In order to ensure that we are constantly living up to legal obligations and evolve our privacy practices, we have committed to performing annual privacy audits of our services. The audit is undertaken by an external party with the aim of confirming compliance and identifying potential for improvements of our service.
We have appointed an external Data Protection Officer to oversee the privacy framework within Alva.
Our DPO can be contacted at dpo.alvalabs@gdprhero.se.