Technical and Organizational Measures

Last updated: 23rd December, 2025

This document describes the technical and organizational measures implemented by Expert Hire to protect Personal Data processed in connection with the use of its services. These measures are designed to ensure an appropriate level of security, confidentiality, integrity, availability, and resilience.

1. Information Security Program

Expert Hire maintains a documented information security program designed to protect systems and Personal Data against unauthorized access, loss, alteration, or disclosure. Security controls are reviewed and updated periodically based on risk assessments and industry best practices.

2. Data Minimization and Purpose Limitation

  • Personal Data is processed only as necessary to provide the services.
  • Collection is limited to information relevant for hiring workflows, assessments, and platform operations.
  • Processing for unrelated purposes is prohibited.

3. Encryption and Data Protection

Encryption in Transit: Data transmitted between users, systems, and services is protected using industry-standard secure transport protocols.

Encryption at Rest: Stored Personal Data is protected using industry-standard encryption mechanisms. Encryption keys are securely managed and access is restricted.

4. Access Controls and Authentication

  • Access to Personal Data is restricted based on the principle of least privilege.
  • Role-based access controls are enforced.
  • Strong authentication is required for administrative and production access.
  • Access rights are reviewed periodically and revoked upon role change or termination.

5. Organizational Security Measures

  • Employees and contractors are bound by confidentiality obligations.
  • Security and privacy training is provided during onboarding and at regular intervals.
  • Segregation of duties is enforced across teams.

6. Application and Infrastructure Security

  • Production systems are logically separated from development and testing environments.
  • Secure software development practices are followed.
  • System configurations are hardened and monitored.
  • Changes are logged, reviewed, and controlled.

7. Logging, Monitoring, and Incident Detection

Security-relevant events, access activity, and system changes are logged. Monitoring mechanisms are in place to detect unauthorized access, anomalies, and potential security incidents.

8. Vulnerability Management and Testing

Expert Hire conducts regular vulnerability scanning and security assessments. Identified issues are prioritized and remediated based on risk and severity.

9. Data Segregation and Multi-Tenant Controls

Customer data is logically segregated using tenant-specific identifiers. Controls are enforced at multiple layers to prevent unauthorized cross-tenant access.

10. Data Retention and Deletion

Personal Data is retained only for as long as necessary to provide the services or as required by law. Data deletion or return is handled in accordance with contractual terms.

11. Business Continuity and Availability

Expert Hire maintains business continuity and disaster recovery measures designed to support service availability and data recovery in the event of an incident.

12. Sub-Processor Oversight

Expert Hire may engage sub-processors where necessary to deliver its services. Sub-processors are subject to contractual obligations requiring appropriate security and confidentiality protections. Sub-processor details may be provided to enterprise customers upon request or under separate agreement.

13. Data Subject Rights Support

Expert Hire assists customers in fulfilling applicable data subject requests, including access, correction, deletion, and portability, in accordance with applicable law.

14. Accountability and Governance

Expert Hire maintains internal accountability mechanisms for data protection and security. Policies, procedures, and controls are reviewed periodically to ensure continued compliance with applicable laws and contractual obligations.