fbpx

HireLATAM

Menu
Start Hiring
Apply for Jobs

Data Processing Plan for HireLATAM

  1. Introduction

This document outlines the data processing framework for Hire Latam LLC, a Wyoming incorporated company. The plan ensures compliance with relevant data protection regulations, such as the General Data Protection Regulation (GDPR), and establishes protocols for securely handling, processing, and storing data across a distributed workforce.

  1. Data Protection Principles

Hire Latam LLC  adheres to the following principles:

  • Lawfulness, Fairness, and Transparency: Data is processed in a legal, fair, and transparent manner.
  • Purpose Limitation: Data is collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Only data that is necessary for specific purposes is collected.
  • Accuracy: Data is kept accurate and up-to-date.
  • Storage Limitation: Data is retained only for as long as necessary to fulfill its purpose.
  • Integrity and Confidentiality: Data is processed securely to protect against unauthorized access, loss, or destruction.

 

  1. Roles and Responsibilities
  • Data Controller: Hire Latam LLC, responsible for determining the purposes and means of data processing.
  • Data Processors: Third-party service providers engaged for specific processing activities (e.g., cloud storage, communication tools).
  • Data Protection Officer (DPO): Designated individual to oversee data protection compliance and act as the point of contact for data subjects and regulatory authorities.

 

  1. Data Categories and Purposes
  • Client Data: Contact details, contracts, payment information and service requirements for project execution.
  • Employee Data: Personal details, payroll information, and performance data for HR purposes.
  • Candidate Data: CVs, interview records, and assessments for recruitment services.
  • Operational Data: Data necessary for business operations, including communications and collaboration.

 

  1. Data Processing Protocols

 

5.1. Collection

Data is collected via secure online forms, contracts, and authorized communication channels.

Consent is obtained wherever required.

5.2. Storage

Data is stored on encrypted cloud platforms (e.g., Google Workspace, Notion, HubSpot).

Access to storage systems is restricted to authorized personnel.

5.3. Access Control

Role-based access ensures employees access only the data necessary for their work.

Multi-factor authentication (MFA) is mandatory for all accounts.

5.4. Transmission

Data is transmitted using secure channels, such as TLS-encrypted connections.

5.5. Retention and Deletion

Data retention schedules are established based on legal and operational requirements.

Data is securely deleted or anonymized when no longer needed.

  1. Security Measures

6.1. Technical Measures

Encryption: AES-256 encryption for stored data and TLS for data in transit.

Backup Systems: Automated backups are conducted daily and stored in secure locations.

Endpoint Protection: Devices used by employees are equipped with antivirus software, firewalls, and VPNs.

6.2. Organizational Measures

Remote Work Policies: Guidelines for secure remote work, including password management and device usage.

Incident Response Plan: Procedures to respond to data breaches promptly.

Training: Regular training on data protection and cybersecurity for all employees.

  1. Vendor and Sub-Processor Management

 

  • Vendor Due Diligence: All vendors are assessed for data protection compliance.
  • Data Processing Agreements (DPAs): DPAs are signed with all vendors to ensure data is processed securely.
  • Sub-Processor List: A public list of all sub-processors is maintained and updated regularly.

 

  1. Data Subject Rights

Hire Latam LLC ensures that data subjects can exercise their rights, including:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to restrict or object to processing
  • Requests are processed within 30 days of receipt.

 

  1. International Data Transfers

Standard Contractual Clauses (SCCs): SCCs are used for transferring data outside the EEA.

Supplementary Measures: Additional safeguards, such as encryption, are applied to secure international data transfers.

  1. Monitoring and Auditing

Regular internal audits are conducted to ensure compliance with the data processing plan.

A third-party review may be conducted annually to verify compliance with data protection laws.

  1. Updates and Review

This plan is reviewed annually or as required by changes in legislation, business processes, or technology.