A Word on Privacy From Our Management
Dice places data privacy at the heart of what we do. We fully welcome the EU General Data Protection Regulation (GDPR) and it’s aims to provide greater control to individuals over their personal data, along with enhancing greater transparency as to how this information is used.
At Dice we are carrying out a range of updates to our products, services, email capture and data storage, along with a policy review to ensure our services are fully aligned with the General Data Protection Regulation (GDPR). Our dedicated project team is responsible for ensuring that we continue to protect the personal data of clients and professionals who use our services by identifying the changes required for our business.
I invite you to review the information below and return to this page for ongoing updates on our GDPR compliance.
EVP Product & Marketing
GDPR Frequently Asked Questions
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union Regulation which comes into effect on 25 May 2018. It replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
Who is affected by the GDPR?
In relation to Dice, persons affected by the GDPR are those EU citizens whose personal data is being collected and utilised in our business. Parties include job-seeking candidates who registered themselves on our service, active and inactive employers who use or have used Dice services, prospective employers who have not previously used our services but may do so in the future, and our EU based employees.
What types of information are defined as “personal data”?
“Personal data” is defined as any information relating to an identified or identifiable natural person (also called a “data subject”). Such data may include personal identifiers like a name, location, links to online presence, contact information such as phone numbers or email addresses, or photos.
How should companies communicate with individuals about their data protection?
Organisations need to ensure they use simple language when asking for consent to collect personal data, they need to be clear about how they will use the information, and they need to understand that silence or inactivity no longer constitutes consent. The GDPR requires all organisations collecting personal data to be able to demonstrate the legal basis upon which they are processing personal data - be that based on contractual necessity, legitimate interest or where Consent is the basis - to prove clear and affirmative consent to process that data.
What rights do individuals have under GDPR?
Most of these rights below are already covered under existing data protection laws and the GDPR has put renewed emphasis on them.
- The right to be informed
- The right of access
- The right to rectification
- The right to be forgotten
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
What are we doing at Dice to prepare for GDPR?
In line with the transparency principles of GDPR, we are making changes so that;
- Information is communicated in a clear way that is understood by professionals and clients who use our services
- We clearly demonstrate how we collate and store personal data
- The data we hold is easily accessible should we be asked to provide evidence to processing data in compliance with GDPR
- Professionals who create a profile can choose whether they are searchable and can be found by recruiters from our database
- It is clear from all email capture that professionals know what they are consenting to and how their personal data will be shared
- We are asking clients to opt into marketing communications and newsletters
- When we capture opt-in information we can show when it was captured and for which communication, and store that information effectively
What is Dice’s data minimisation policy?
We will only hold personal data that is necessary to provide the services found on Dice. Any personal data that is not required will either be anonymised to make it non-personal or it will be deleted.
What is Dice’s data retention policy?
We are updating the periods for which we hold data. Once any personal data reaches the appropriate data retention period it will either be deleted or made non-personal via anonymisation. For job-seeking professionals who registered themselves on Dice, personal data is kept for five years and then deleted if they haven’t been actively using the site. For those that are actively using the site, we’ll keep their data if they want to stay active in their search. For employers on Dice, personal data is kept for ten years, and efforts are made to delete as much information as possible while still maintaining sufficient data for audit, legal, and tax requirements.
How does Dice share personal data?
We will only share personal data when we have the necessary right to do so. For instance; Professionals & Candidates:
- Resume profiles which contain information provided to Dice including; contact information, work history, skills, references, or other employment data
- Resume profiles made searchable on our candidate database
- When applying for a job via a job posting listed by one of our registered employers
- If a candidate has opted-into receiving promotional materials from third parties, information may be made available to these third parties who provide goods or services that we believe may be of interest to you
- Information displayed on job postings is shared with prospective candidates
- Personal data from employers beyond what is seen on job postings is not shared, and only used internally
How does Dice protect personal data?
We have firewalls around the database and access controls in place. Access to the data is protected by a combination of access controls and network layer protection such as multi-factor authentication, joiner/mover/leaver processes, password policies, logging, and monitoring. The network layer includes a combination of hardware firewalls and cloud security.
How can I check on the status of my personal data on Dice?
Candidates have the ability to download all of the information that Dice holds on them. For any queries, please contact us at firstname.lastname@example.org
How do we gather data from professionals at Dice?
We only gather our data from candidates who register on our site whereby they provide consent for the use of their personal data. In addition we supplement data provided directly by the client with publicly available data in order to improve the quality of the data provided to our clients.
What does GDPR mean for professionals?
- All emails are opted-out by default for new registrants in Europe so users must expressly opt in to email communications from Dice
- All messaging and system emails are updated to ensure absolute clarity for users on what they are opting into, what happens to their personal data and to make sure that we are not ‘marketing’ to users who have not opted in to other communications
- The default option for tech professionals who have created a profile will be unsearchable
- We will be displaying a message on the candidates profile to ensure users know if their profiles are searchable in our candidate database or private
- We will be providing candidates with the ability to ‘download a profile link’ with all their information so that they have a clear and portable view of their data
- We now capture date and time stamps against any opt ins on our site – either email or becoming searchable in our candidate database. This allows us to prove exactly when a user opted in (or out) of email communications or being searchable
- Dice has always had an account deletion option for candidates and so already aligned with GDPR compliance
What does this mean for our clients?
Firstly, clients should review their own practices and Privacy Policies. More information can be found here https://www.eugdpr.org/ or the Information Commissioner’s Office website https://ico.org.uk/
- Our revised data retention policy for Dice will now store candidate data for five years since their last log in to the platform
- We will be updating our data security policies and procedures along with a new escalation process in the event of any kind of breach
- An audience and candidate pool that have expressly chosen to be contacted and are therefore a more engaged audience
- The candidate data available is assured to be accurate and up to date
- Personalised and more efficient recruitment marketing by utilising email preference centres
- A more effective data-driven marketing approach that can help deliver more appropriate, personalised, timely communications to candidates