1. Compliance Framework

Reerac implements governance, process controls, and technical safeguards intended to align with NDPR principles and related guidance.

Compliance is treated as an operational discipline supported by policy review and process oversight.

2. Lawful and Fair Processing

Processing activities are expected to be tied to explicit recruitment purposes and legitimate legal grounds.

Customers are responsible for ensuring candidate notices and lawful basis at the point of data collection.

Platform workflows are designed to limit collection to information relevant for hiring operations.

Data should not be repurposed for unrelated objectives without an appropriate legal basis and notice.

We support policy transparency through clear documentation of processing categories and controls.

Customers should provide candidates with role-appropriate privacy information and consent notices where required.

Operational access is restricted according to role responsibilities and security need-to-know principles.

Security practices include monitoring, incident workflows, and periodic control review.

We support mechanisms to help customers address access, correction, and deletion requests as required by law.

Execution of rights requests may require identity verification and lawful exceptions review.

Processing accountability is supported through documented procedures and operational records where applicable.

Customers may be required to maintain their own records to meet internal and regulatory obligations.

Security incidents are managed under defined response processes, including investigation, containment, and communication steps.

Where required, notifications are coordinated in line with legal and contractual obligations.

Reerac and customer organizations each have compliance responsibilities based on their roles in data processing.

Customers remain responsible for lawful hiring policies, candidate communications, and internal approval controls.