GDPR Commitment | Glassdoor

Protecting You and Your PrivacyGlassdoor and GDPR

Protecting You and Your PrivacyGlassdoor and GDPR

Glassdoor's Commitment

In May 2018, the European Union (EU) began to enforce a new data protection regulation called the General Data Protection Regulation (GDPR). The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.

Glassdoor is committed to working to support compliance with the requirements of the GDPR. This page provide an overview of our efforts and helps address questions you might have about GDPR and Glassdoor.

FAQs for Glassdoor Users

What is the GDPR?

In May 2018, the European Union (EU) began to enforce a new data protection regulation, the ​General Data Protection Regulation or Regulation (GDPR). The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.

Who does the GDPR impact?

The GDPR applies to any organization that offers goods or services to, or monitors the behavior of, EU natural persons or ‘data subjects.’ It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location. The GDPR also applies to companies established in the EU.

What steps has Glassdoor taken to comply with the GDPR?

In advance of the May 2018 enforcement date, Glassdoor conducted the following:

  • Mapped an overview of all our systems to document the use of personal data.
  • Introduced an updated Privacy and Cookie Policy that reflects our notice obligations under the GDPR.
  • Reviewed and revised our vendor agreements and implemented new processes to address the GDPR sub-processor requirements.
  • Made technical changes to our platform that enable us to support the GDPR's requirements and enhanced data subject rights.

What constitutes personal data as part of the GDPR?

Any information related to a data subject that can be used to directly or indirectly identify the person, according to the GDPR. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, or medical information.

What personal data does Glassdoor collect from its users?

When you fill out registration forms, submit your resume, fill out an application on Glassdoor, or proactively provide us with other personal information, we collect that information. For example, to create an account we ask only for an email address and password. In other circumstances, such as when you complete a form related to a particular service offering, we may ask you to provide other information, which may include your name, phone number, and/or postal address.

In addition, your device is automatically providing information to us so we can respond and customize our response to you. This generally includes technical information about your computer, such as your IP address or other device identifier, the type of device you use, and operating system version. It may also include usage information and information associated with your interaction with Glassdoor. For example, when you search for jobs, we store the titles, locations and general salary range (if available) of jobs you search for and click on. More information about the information we collect and how we use that information is available in our Privacy and Cookie Policy.

What does Glassdoor do to keep its users' personal information safe?

User privacy is at the core of our business. We are regularly enhancing and evolving our security platforms, procedures and methods to better protect our users' information and anonymity.

How do users contact Glassdoor if they have a question or request regarding their personal data on its platform?

Users should visit the Glassdoor Help Center page to learn more about how Glassdoor processes and utilizes their data and/or to submit a request to access, export, rectify, ask a question about and/or delete their personal data.

Who should I contact if I have further questions about the GDPR compliance and my relationship with Glassdoor?

For more information about Glassdoor and GDPR, please contact us. Further information on GDPR specifically can be found at eugdpr.org.

FAQs for Glassdoor Employers

What is the GDPR?

In May 2018, the European Union (EU) began to enforce a new data protection regulation, the ​General Data Protection Regulation or Regulation (GDPR). The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.

Who does the GDPR impact?

The GDPR applies to any organization that offers goods or services to, or monitors the behavior of, EU natural persons or 'data subjects.' It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.The GDPR also applies to companies established in the EU.

What steps has Glassdoor taken to comply with the GDPR?

In advance of the May 2018 enforcement date, Glassdoor conducted the following:

  • Mapped an overview of all our systems to document the use of personal data.
  • Introduced an updated Privacy and Cookie Policy that reflects our notice obligations under the GDPR.
  • Reviewed and revised our vendor agreements and implemented new processes to address the GDPR sub-processor requirements.
  • Made technical changes to our platform that enable us to support the GDPR's requirements and enhanced data subject rights.

What constitutes personal data as part of the GDPR?

Any information related to a data subject that can be used to directly or indirectly identify the person, according to the GDPR. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What personal data does Glassdoor collect from employers and how is it used?

We collect only a very limited amount of personal data from employers. For the purposes of the GDPR, the obligations relate only to personal data collected from EU residents. Because Glassdoor sells online job advertising and employer branding services, the data we collect from our customers is primarily non-personal data in the form of materials intended for companies’ public display on our platform. The only personal data we ask employers to provide for our provision of the services are:

  • The corporate email address an employer’s designated administrator(s) use(s) to log in to the employer’s Employer Account; and
  • The company contact information we have on file for a customer account for those employers who purchase our services.

We use this contact information to provide the services we have agreed to provide for our customers, as well as for our ​legitimate business purposes, such as authentication, billing, account management, technical support, and sales and marketing.

Is Glassdoor required to execute a Data Processing Agreement (DPA) with employers for both parties to comply with the GDPR?

No. Glassdoor determines the means and the purposes for processing the personal data provided by employers, so Glassdoor is the ​controller ​of such data for the purposes of GDPR. Because we are ​controllers​ and not ​processors​ of this data (i.e., we do not process the data on an employer’s behalf), we are ​not required ​under the GDPR to sign DPAs with our customers for this information. ​As data controller for this information, our obligations for control and processing are covered by our participation in the E.U.-U.S. Privacy Shield Framework.​ ​Our certification can be found ​here​.

Does Glassdoor maintain EU-U.S. Privacy Shield Framework certification?

Yes. EU data protection laws limit the transfer of personal data outside of the EU and to countries deemed to provide an "adequate" level of data protection only. The EU-U.S. Privacy Shield Framework is a cross-border data transfer mechanism by which a company is able to "adequately" transfer its user and customers data from the EU to the U.S. Our certification can be found ​here​.

Is the data that Glassdoor collects from our EU consumer users the personal data of our employer clients?

No. Any "personal data" our EU resident consumer users share with Glassdoor is governed solely by the Terms of Use and Privacy Policy that our users acknowledge before sharing their information with us. This data is not​ governed by any agreement we have with employers.

For example:

  • Employees or former employees who join Glassdoor and submit reviews of a company do so in their personal capacity, ​not​ on behalf of that company.
  • Candidates who apply for open jobs through Glassdoor give us permission to collect, store and share their CVs and application information (opt-in). We are not acting as an employer’s vendor when we collect this information and share it with the employer on a user’s behalf.

How do users contact Glassdoor if they have a question or request regarding their personal data on its platform?

Users should visit the Glassdoor Help Center page to learn more about how Glassdoor processes and utilizes their data and/or to submit a request to access, export, rectify, ask a question about and/or delete their personal data.

What resources are available if I have further questions about GDPR compliance and my relationship with Glassdoor?

For more information about Glassdoor and GDPR, please contact us. Further information on GDPR specifically can be found at eugdpr.org.