Monjin's commitment to GDPR Compliance

We’re committed to helping monjin’s customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and went into effect on May 25, 2018.
Besides strengthening and standardising user data privacy across the EU nations, it introduces new or additional
obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations are located.
Monjin, as a Data Processor, collects and stores a relevant of Personal Data for the purposes of delivering the monjin services.

The data we collect and store on behalf of our customers

  • Name, phone number, demographics, gender and email, location;
  • Depending on client configuration – skills, employment history
  • Video profile and video interview, which may include your bodily image and voice,
    as well as your surroundings
  • Internet Protocol (IP) address, cookies, location, browser type, access time, error log

Where we store this data?

  • All Monjin data is stored in European West cloud data centers of Microsoft Azure.
  • Monjin India team processes some of the Personal Information to support our client
    needs on a case to case basis

How we comply with GDPR

The GDPR’s updated requirements are significant and our global team has adapted
monjin’s product offerings, operations and contractual commitments to help customers
comply with the regulation. Measures we have implemented include:

  • All Monjin data is stored in European West cloud data centers of Microsoft Azure.
    • Monjin has in place data transfer agreements, based on EU model clauses across
      its global entities that govern the data transfer, processing and control.
    • Monjin has appointed data privacy officer to oversee privacy framework,
      operations, compliance and monitoring.
    • Monjin’s privacy policy is based on EU GDPR and other global regulations that
      govern Monjin’s operations.
    • Further, Monjin has put in place a program to conduct risk assessment, identify
      and adhere to privacy requirements whenever it enters a new territory.
  • Notice – We display adequate notices to users while accessing Monjin website and
    platform making them aware of what data is captured and where it is processed,
    how it is processed and what are the user’s rights
  • Choice and consent – Monjin obtains explicit consent of users before capturing
    and processing their personal information. User always has a choice to out out of
    Monjin services.
  • Collection, use, retention and disposal – Monjin has adequate processes to ensure
    we only collect information relevant to our and our client’s business and use it
    only for that purpose. We have appropriate data retention and disposal program
    in place.
  • Access – The access to the user’s personal information is restricted by role based
    access control on need to know basis. User has a portal access to modify,
    confirm and delete his profile information.
  • Disclosure to third parties – User’s personal information is disclosed only to those
    third parties that we use for processing of personal information and user is
    made aware of these third parties during the notice display.
  • Security for privacy – Monjin is ISO27001 certified organisation and has adequate
    measures to prevent or detect data breach or misuse.
  • Quality – Monjin always maintains current and accurate information of the users
    and every single user has an ability to access and modify his data as per his need.
  • Monitoring and enforcement – Monjin data privacy officer continuously assesses
    the program effectiveness and on a periodic basis uses professional services
    organisations to assess compliance levels and takes corrective actions.

How we protect your personal information?

Monjin uses secure cloud infrastructure platform of Microsoft Azure. Monjin itself is a ISO 27001: 2013 – information security certified company and we only use security certified companies to support in delivering services to our clients. Few specific controls that we have implemented to protect your Personal Information are:

  • Encryption for data at rest and during transit
  • Masking of Personal Information at rest and during transit
  • Access to videos and documents using shared access signature
  • Row level security within the database
  • Role based access control
  • Continuous control monitoring (vulnerability assessment and penetration testing at each stage of SDLC)

Should you have any questions, please reach out to our CISO at

Looking for more information? Here are some reference Terms of Service and Privacy Policy

Pin It on Pinterest

× How can I help you?