Beetween : Security & GDPR

Ensuring security and GDPR compliance is a top priority for Beetween SaaS software. Here’s how we handle it.

An overview of recruitment management

Processing candidate data

Regarding the processing of candidate data, our privacy policy can be summarized in three major key points:

Candidate consent

When a candidate applies to a job posting through Beetween, they must explicitly agree to the terms of processing their personal data for the recruitment process of the company or public organization.

→ This is done by checking a box during the application.

Data retention period

We automatically delete all candidate profiles 24 months after receiving their application. This 24-month period is recommended by the CNIL (National Commission for Informatics and Liberties).

→ Recruiters can ask candidates whose retention period is approaching to request their permission to extend the processing of their data.

Right to Erasure

If a candidate wishes, their data can be permanently deleted. For this purpose, each job offer distributed through Beetween provides the contact details of a DPO (Data Protection Officer) or a person responsible for the processing of personal data within the company or public organization.

→ The candidate can contact them to exercise their right to erasure.

Data hosting and security

As a provider of Software as a Service (SaaS), Beetween places great importance on the quality of its IT infrastructure providers to ensure complete satisfaction for its Clients, particularly in terms of service availability.

To guarantee quality service and maximum availability, we carefully select our IT infrastructure providers. We have chosen OVH, a reputable hosting provider, which allows us to comply with European standards for personal data protection. The servers used by Beetween are located in France (Roubaix, Gravelines, and Strasbourg), which ensures compliance with French law.

When you use Beetween, your data is hosted in France, ensuring our compliance with French and European standards for the protection of personal data, including GDPR. We use dedicated physical or VPS servers, and no logically shared servers are used, enhancing the security and confidentiality of your information.

Regarding our email solution, we rely on Brevo, a trusted platform. The databases used by Brevo are exclusively hosted within the European Union, on our own servers, as well as on platforms such as Google Cloud or AWS. All equipment is owned by SendinBlue, and data stored in the Cloud is replicated three times in at least two distinct geographic locations to provide enhanced protection against potential risks. All these servers are located in Europe, with data centers in France, Belgium, and Ireland.

To enhance the security of your data, Brevo regularly performs encrypted backups of your customer information on a Cloud Storage (AWS or Google Cloud). These backups are done at regular intervals, adapted to your usage, with a minimum frequency of at least once per week.

At Beetween, your security is our top priority. You can be assured that your data is in good hands, and we take the necessary measures to ensure their confidentiality, integrity, and availability at all times. With our rigorous approach to hosting and data protection, you can focus on your activities with peace of mind.

Client data management

At Beetween, we manage data to ensure the security and confidentiality of each client. We use a unique database that contains information from multiple clients while ensuring that each client can only access their own data. For some clients, we can also restrict access between different agencies within the same account, providing additional flexibility while maintaining security.

To ensure high availability and data redundancy, we implement a chained MASTER-SLAVE replication. This allows us to have backup copies in case of primary system failure and offload some heavy operations to “read-only” servers. We also use SolrCloud mode to meet high availability and load distribution requirements for data searching.

Data storage relies on a relational database that contains all the information from the Beetween software, as well as Solr to facilitate data access through search. We maintain constant synchronization between these two sources.

To ensure data backup, we perform at least two daily backups of the “live” database through an automated process. These backups are stored on an encrypted hard drive, providing additional protection in case of power issues or disconnection.

Regarding data retention, “live” data is retained for 30 days after a user account is closed or the client’s contract is terminated. Linked data is automatically deleted from Solr during this operation. Client data backups are retained for a maximum of 6 months from their generation, and these two periods accumulate to determine the data retention period after contract termination.

If a user account is closed but the client’s contract is maintained, we transfer the data to another user account designated by the client. This way, the information remains accessible and manageable, even if the initial account is deactivated for consistency purposes. In the event a candidate requests data deletion, we strictly adhere to this request in accordance with our commitment to GDPR.

At Beetween, we are committed to ensuring the security, availability, and confidentiality of your data. We implement rigorous measures to protect your information and ensure compliance with data protection standards and regulations. You can trust our responsible and secure approach to managing your data with care and GDPR compliance. If you have further questions about data management at Beetween, feel free to contact us.

Data security

Data security is paramount when using Beetween’s Saas software. Here’s how we protect your information:

Incoming and outgoing data

  • Incoming mail server: We utilize a mail server to receive candidate applications or certain CV imports. This mail server supports SMTPs (recommended) and SMTP protocols. It’s used by some job sites to send applications for job openings, by users to import CVs received in their email inbox, and by certain career sites of our clients.
  • API entry point: Beetween exposes certain functionalities as a REST API, accessible via HTTPS and protected by the same certificate as the user interface. We also use webhooks to integrate our system with certain partners (job boards) using the same HTTPS protocol.
  • XML Feeds: XML feeds can be used to distribute job openings to the career sites of our clients. The URL for this feed is generated randomly and provided to the client, ensuring restricted access to the feed data only by Beetween’s teams and the client, as long as the URL isn’t disclosed.

Secure data flows

Most information exchanges occur through Beetween’s web interface. To ensure the confidentiality and integrity of these exchanges, we use the HTTPS protocol with an SSL certificate. This prevents any interception or manipulation of data during transfer, providing optimal protection.

These exchanges involve various interactions, such as:

  • Logged-in users (recruiters, managers, administrators);
  • Candidates (viewing job offers and submitting applications);
  • Questionnaires accessible to non-connected users (manager feedback, candidate questionnaires). These questionnaires are accessible via randomly generated URLs that expire after a certain time or a certain number of uses, ensuring their security.

At Beetween, we are committed to ensuring the security and confidentiality of your data at every stage of its processing. We employ secure protocols and advanced protection measures to ensure that your information is in safe hands. You can trust our responsible and secure approach to data management, providing you with complete peace of mind. If you have any additional questions regarding the security of your data at Beetween, don’t hesitate to contact us. Your trust and satisfaction are our top priorities.

User login

When you receive your Beetween user accounts, we provide you with an identifier along with a temporary password. You can then customize your password according to your company’s password management policy, which ensures enhanced security.

If your company uses an identity management solution, be aware that Beetween is natively compatible with Google, Microsoft, and CAS Single Sign-On (SSO). This means you can use your existing credentials from these platforms to log in to Beetween, without the need to enter a new password. This is convenient, fast, and secure, as you only need one authentication to access our software.

GDPR and Data Security

Interoperability

At Beetween, we understand the importance of interoperability of our Saas software with your other tools. That’s why we have designed our software to facilitate its integration with third-party software, such as HRIS (Human Resources Information System) or temporary worker management software.

We have implemented specific interfaces, such as web services API REST or JSON, that enable a seamless connection between our Saas software and your other systems. These APIs act as well-defined entry points that allow the exchange of data in a secure and fast manner. This means that you can easily synchronize essential information and processes between Beetween and your other management tools.

We understand that each company has specific interoperability needs, which is why we are available to provide you with detailed technical documentation on integration possibilities with your technical ecosystem. We will work with you to explore potential gateways between Beetween and your other systems so that you can fully leverage our software while retaining your existing workflows.