GDPR and security
      Back to home
      1. Help Center
      2. GDPR and security

      How Beetween processes your data

      Beetween handles your data securely and in compliance with the RGPD. Here we explain the purpose of the data we process.

      Typologies of services and technologies with an impact on data processing

      Technologies used

      As a publisher for over 10 years, Beetween applies all the proven methodologies of digital tools to the development of its ATS. The technical team relies on the latest web technologies to provide a responsive interface and a scalable, high-availability infrastructure: RESTful API, Vue.js, Solr, MySQL HA.

      Data hosting

      As a SaaS (Software as a Service) provider, Beetween pays close attention to the quality of its IT infrastructure suppliers to ensure complete customer satisfaction, particularly in terms of service availability. Our choice of hosting provider also enables us to comply with European standards for the protection of personal data. Beetween uses servers (physical dedicated or VPS) leased from OVH. Beetween does not rent shared servers. These servers are hosted in France and governed by French law. OVH uses different sites in France: Roubaix, Gravelines, Strasbourg.

      Beetween's e-mailing solution is powered by SendinBlue. The hosting servers on which SendinBlue processes and stores databases are located exclusively within the European Union, on our own servers, on Google Cloud or on AWS. SendinBlue rents racks in data centers located in France (Online's DC2 and DC3 data centers in Vitry-sur-Seine, Ile-de-France), while the equipment is SendinBlue's own. Data stored in the Cloud are on Google Cloud in Belgium or on AWS in Ireland. All data is replicated three times in at least two different geographies. In the event of a disaster scenario, SendinBlue also makes regular backups of your data. These are encrypted before being stored on Cloud Storage (AWS or Google Cloud). The data backup interval depends on your usage, with a minimum frequency of once a week.

      Data processing

      Beetween is 100% RGPD compliant (hosted in France): Each candidate applying to an advert posted from Beetween must accept the conditions for processing their personal data as part of the company's or public body's recruitment process (box to be ticked at the time of application).All candidate records are automatically deleted 24 months after receipt of the application. The Recruiter may ask candidates who have reached the end of their application period for authorization to extend the processing of their candidate file and associated information.at the candidate's request, his or her data may be permanently deleted. For this purpose, each job offer published by Beetween includes the contact details of a DPO (Date Protection Officer) or a contact person in charge of personal data processing within the company or public body.

      Data security

      In terms of confidentiality, the business rules implemented by Beetween in the core application ensure that data is compartmentalized, so that each customer can only access his or her own data. In terms of security, since communications between recruiters and candidates take place mainly via Beetween's web interface, browser-based exchanges are made using HTTPs, and are therefore protected from interception and manipulation by an SSL certificate.

      Data backup

      Data storage is based on :

      • A relational database, to store all Beetween recruitment software data: user accounts, recruitment, job offers, candidate data, etc.
      • Solr: indexing of part of the database data in denormalized form to facilitate access by search. Permanently synchronized with database data.

      Backup is provided by :

      • The "live" database is backed up at least twice a day, by a dedicated SLAVE (disconnect, dump, reconnect).
      • These backups are repatriated once a day to a location managed by Beetween and stored on an encrypted hard disk. Disconnecting the hard disk from the mains, or from the computer to which it is connected, locks the data - until the secret passphrase is entered when the disk is reconnected.

      Purpose of processing: summary

      Processing of personal data entrusted to Beetween on behalf of the customer

      Nature of treatment : Activity(ies)
      • Collecting data from interested parties
      • Data query
      • Data modification
      • Deletion, destruction of data
      • Hosting, data storage
      • Transmission, data transfer
      Duration of treatment

      The duration of processing corresponds to the duration of the contract signed between the client-recruiter and Beetween.

      Categories of people concerned
      • Customer's staff
      • Other: Candidates
      Categories of personal data processed
      • Last name, first name(s)
      • Date of birth, place of birth
      • Business contact data (e.g. address, tel., e-mail)
      • Data relating to professional life (e.g. CV, authorizations)
      • Personal contact data (e.g. address, tel., e-mail)
      • Personal data (e.g. family situation)
      Organizational and technical safety measures
      • Information classification policy
      • Backup procedures
      • Security patch management process
      • Logging procedures
      • Encryption of secrets (e.g. passwords, encryption keys)
      • DCP encryption in transit
      • Encryption of saved/archived DCPs
      • Network intrusion detection/prevention device

      Subsequent Beetween subcontractor(s)

       

      Identity of subcontractor Contact Outsourced activity(ies) Localization
      OVH 2 rue Kellerman
      59100 Roubaix – France      		 Data hosting France
      CleverConnect 14 rue Gaillon
      7502 Paris – France      		 Semantic analysis of CVs France
      Brevo (ex SendInBlue) 55 rue d’Amsterdam
      75008 Paris – France      		 Newsletter mailing list management
      Send email      		 France