Monjin's commitment to GDPR Compliance
We’re committed to helping monjin’s customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and went into effect on May 25, 2018.
Besides strengthening and standardising user data privacy across the EU nations, it introduces new or additional
obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations are located.
Monjin, as a Data Processor, collects and stores a relevant of Personal Data for the purposes of delivering the monjin services.
The data we collect and store on behalf of our customers
- Name, phone number, demographics, gender and email, location;
- Depending on client configuration – skills, employment history
- Video profile and video interview, which may include your bodily image and voice,
as well as your surroundings - Internet Protocol (IP) address, cookies, location, browser type, access time, error log
Where we store this data?
- All Monjin data is stored in European West cloud data centers of Microsoft Azure.
- Monjin India team processes some of the Personal Information to support our client
needs on a case to case basis
How we comply with GDPR
monjin’s product offerings, operations and contractual commitments to help customers
comply with the regulation. Measures we have implemented include:
- All Monjin data is stored in European West cloud data centers of Microsoft Azure.
- Monjin has in place data transfer agreements, based on EU model clauses across
its global entities that govern the data transfer, processing and control. - Monjin has appointed data privacy officer to oversee privacy framework,
operations, compliance and monitoring. - Monjin’s privacy policy is based on EU GDPR and other global regulations that
govern Monjin’s operations. - Further, Monjin has put in place a program to conduct risk assessment, identify
and adhere to privacy requirements whenever it enters a new territory.
- Monjin has in place data transfer agreements, based on EU model clauses across
- Notice – We display adequate notices to users while accessing Monjin website and
platform making them aware of what data is captured and where it is processed,
how it is processed and what are the user’s rights - Choice and consent – Monjin obtains explicit consent of users before capturing
and processing their personal information. User always has a choice to out out of
Monjin services. - Collection, use, retention and disposal – Monjin has adequate processes to ensure
we only collect information relevant to our and our client’s business and use it
only for that purpose. We have appropriate data retention and disposal program
in place. - Access – The access to the user’s personal information is restricted by role based
access control on need to know basis. User has a portal access to modify,
confirm and delete his profile information. - Disclosure to third parties – User’s personal information is disclosed only to those
third parties that we use for processing of personal information and user is
made aware of these third parties during the notice display. - Security for privacy – Monjin is ISO27001 certified organisation and has adequate
measures to prevent or detect data breach or misuse. - Quality – Monjin always maintains current and accurate information of the users
and every single user has an ability to access and modify his data as per his need. - Monitoring and enforcement – Monjin data privacy officer continuously assesses
the program effectiveness and on a periodic basis uses professional services
organisations to assess compliance levels and takes corrective actions.
How we protect your personal information?
Monjin uses secure cloud infrastructure platform of Microsoft Azure. Monjin itself is a ISO 27001: 2013 – information security certified company and we only use security certified companies to support in delivering services to our clients. Few specific controls that we have implemented to protect your Personal Information are:
- Encryption for data at rest and during transit
- Masking of Personal Information at rest and during transit
- Access to videos and documents using shared access signature
- Row level security within the database
- Role based access control
- Continuous control monitoring (vulnerability assessment and penetration testing at each stage of SDLC)
Should you have any questions, please reach out to our CISO at privacy@monjin.com.
Looking for more information? Here are some reference Terms of Service and Privacy Policy