Compliance

GDPR Compliance

MND Systems is fully committed to GDPR compliance. Here is how we protect personal data and uphold data subject rights.

Data Subject Rights

Right to Access

Candidates and clients can request a complete copy of all personal data we hold about them. Requests are fulfilled within 30 days.

Right to Portability

Data can be exported in standard formats (JSON, CSV) for easy transfer to another service provider.

Right to Erasure

Request deletion of personal data. Deleted data is permanently removed from all systems, backups included, within 30 days.

Right to Be Informed

Clear disclosure at every point of data collection. Candidates are informed about what data is collected and how it is used.

Right to Object

Candidates can object to data processing at any time. Processing stops immediately upon receipt of a valid objection.

Right to Rectification

Inaccurate data can be corrected upon request. We verify and update records within 5 business days.

Technical & Organizational Measures

Consent RecordingTimestamp + IP address recorded for every candidate interaction
Audit Trail54 audit dimensions tracking every data change across the platform
Data IsolationMulti-tenant architecture with complete organizational data separation
EncryptionAES-256 encryption at rest, TLS 1.3 in transit, time-limited SAS tokens
Access ControlRole-based permissions with granular resource-level controls
Data MinimizationOnly collect and process data necessary for the stated purpose
Breach Notification72-hour notification commitment in the event of a data breach
DPODedicated Data Protection Officer for privacy inquiries and compliance

GDPR inquiries

Contact our Data Protection Officer at dpo@mndsystems.com