Compliance and Data Privacy Regulation Policy – Recruiting Module
1. Purpose
This policy outlines how Full Compass Systems ensures compliance with applicable laws and regulations regarding data privacy, security, and fair hiring practices in the use of the Paylocity Recruiting Module.
2. Scope
This policy applies to all employees, contractors, and third-party users who access or manage candidate data in the Paylocity Recruiting Module.
3. Compliance Standards
We commit to complying with the following applicable laws and standards:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Equal Employment Opportunity (EEO) laws
- Americans with Disabilities Act (ADA)
- Fair Credit Reporting Act (FCRA)
- Any relevant state/local privacy or labor laws
4. Data Collection & Use
Only job-related information will be collected from candidates. Data collected will be used solely for recruitment, selection, and onboarding purposes. Consent will be obtained before collecting sensitive personal data, where legally required.
5. Data Storage & Retention
Candidate data will be securely stored within Paylocity's system with access limited to authorized users. Data will be retained only as long as necessary for recruitment or compliance purposes and deleted according to retention schedules (e.g., 2 years after last activity or per legal requirement).
6. Data Access & Confidentiality
Access to candidate data is role-based and restricted to hiring managers, recruiters, and HR personnel with a legitimate business need. All users must complete data privacy training and sign confidentiality agreements annually.
7. Candidate Rights
Candidates may request access to their data, ask for corrections, or request deletion in accordance with applicable laws. Requests should be sent to privacy@fullcompass.com and will be fulfilled within 30 days.
8. Background Checks & Consent
Background checks will only be performed with prior written consent from the candidate. Information obtained during background checks will be stored securely and shared only with authorized decision-makers.
9. System Security
Paylocity implements encryption, firewalls, and audit logs to protect candidate data. Users are required to use strong passwords and enable multi-factor authentication (MFA) when accessing Paylocity.
10. Breach Notification
In the event of a data breach, affected individuals will be notified within the legally required timeframes. The incident will be documented and reported to appropriate authorities where required.
11. Policy Violations
Any violation of this policy may result in disciplinary action, up to and including termination. Suspected violations should be reported to HR or the Data Privacy Officer immediately.
12. Review and Updates
This policy will be reviewed annually or when there are changes in legal requirements or Paylocity’s functionality.