GDPR compliance (Recruiters/ Employers)

General Data Protection Regulation (GDPR) is designed to give EU citizens more control over their data. It aims to use an all-encompassing privacy and security law to safeguard personal data. GDPR applies to all the relevant controllers or processors, irrespective of their location, who deal with the personal data of EU citizens. This section briefly answers how GDPR will affect your activities while using ExpertRating's services.
What is ExpertRating's Privacy Policy (GDPR article 30)?

You can see our privacy policy at:
Our privacy policy is certified by Truste. If you have a privacy or data-use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at

Is ExpertRating responsible for candidate data?

From the point of view of recruiters/employers, ExpertRating is only a processor (as it stores or processes personal data on behalf of another organisation).
The responsibility of updating and deleting all candidate data, when requested by a candidate, lies with the company administering the test. ExpertRating, however, will facilitate this process.

For how long is candidate data stored on ExpertRating's servers?

We retain candidate information as long as the employer account is active or as long as we need to provide you services. If you wish to cancel your account or request that we no longer use your/ your candidates' information to provide you services, contact us at We will, however, retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

Who, within ExpertRating, has access to candidate data?

Nobody from ExpertRating has direct access to any candidate's personally-identifiable data. However, in case you raise support requests, for which we have to access data in order to understand the issue better, then the support agent will have temporary access to that data only.

Does ExpertRating share candidate information with third-party services?

In certain situations, ExpertRating Solutions may be required to disclose personal data in response to lawful requests by public authorities, including for meeting national security or law enforcement requirements. We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell your personal information to third parties. We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us.
ExpertRating may be required by law to disclose information to law enforcement, or other government agencies under certain circumstances such as in the event of a formal request made in a civil suit, court order, bankruptcy proceedings, or subpoena served on the website. We reserve the right to disclose information in our sole and absolute discretion, where deemed necessary, for protecting the safety of our staff, users, and the general public, or for protecting our intellectual property.

Who, from my organization, will have access to candidate data?

Anyone from your organization who has access to the test reports of a candidate will have access to candidate data.

How can candidates stop the processing of their data?

The only way a candidate can stop the processing of their data is by requesting the test administrator to delete their data. If the data exists on our servers, it will be processed automatically.

How do I request for candidate data to be updated or deleted?

You can send requests for candidate data to be deleted or updated on our support page at ExpertRating Help Desk. Alternatively, you can contact the business manager assigned to your account. We will update or delete the requested data within 48 working hours of receipt of your request.

Do you maintain an audit log of all the activities of a candidate who takes the test?

Yes, ExpertRating maintains audit logs of all the activities of a candidate during the testing process. You can ask us for these logs by contacting us on our support page at ExpertRating Help Desk. Alternatively, you can contact the business manager assigned to your account.

What are the information security policies followed at ExpertRating (GDPR article 25)?

If you are a registered recruiter/ employer, you can request us to share our information security policies with you by mailing us at

Does ExpertRating provide a vulnerability testing report (GDPR article 25)?

As a registered Recruiter/ Employer, you can ask us to provide you our latest vulnerability testing report by sending us a request at