Privacy Policy

Introduction

Grow Recruiting ("we," "our," or "us") values your privacy. We are constantly striving to meet the latest standards in data privacy and security best practices.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.growrecruiting.com), engage with our services, or interact with us online.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the website or feel free to contact us regarding your concerns before engaging our services.

  1. Information We Collect

    We may collect the following types of information:

    • Personal Identifiable Information (PII):

      • Name, email address, phone number, postal address, and other contact details.
      • Employment-related information such as resumes and job history if you submit your details via our website or during the recruitment process.

    • Automatically Collected Information:

      • IP address, browser type, operating system, referring URLs, and other technical data.
      • Cookies and similar tracking technologies used to collect information about how you interact with our website.

  2. How We Use Your Information

    We may use the information we collect for the following purposes:

    • To provide recruitment and staffing services.
    • To communicate with you about job opportunities, services, and other relevant information.
    • To improve and maintain our website and services.
    • To comply with legal obligations and protect our legal rights.
    • To personalize your experience on our website.

  3. How We Share Your Information

    We do not sell or rent your personal information. However, we may share your information with

    • Third-party Service Providers: We may share your information with third-party vendors who perform services on our behalf, such as cloud hosting providers (e.g., Microsoft365) or Applicant Tracking Systems (ATS).
    • Business Partners: We may share your information with our clients as part of the staffing and recruitment process.
    • Legal Compliance: We may disclose your information to comply with applicable laws, regulations, or legal processes, or to respond to lawful requests from public authorities.
    • Business Transfers: If we undergo a merger, acquisition, or asset sale, your information may be transferred as part of the transaction.

  4. Cookies and Tracking Technologies

    We use cookies and similar technologies to enhance your experience on our website. Cookies help us understand user preferences and optimize our site. You may choose to disable cookies in your browser, but this may affect your ability to use certain features of our website.

  5. Your Data Protection & GDPR Rights

    If you are in the European Union (EU) or the European Economic Area (EEA), you have the following rights under the GDPR:

    • Right to Access: You have the right to request a copy of the personal data we hold about you.
    • Right to Rectification: You can request that we correct any inaccuracies in your personal data.
    • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to certain legal exceptions.
    • Right to Restriction of Processing: You can ask us to restrict the processing of your data in certain circumstances.
    • Right to Data Portability: You can request that we provide your data in a structured, commonly used, and machine-readable format.
    • Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
    • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.

      • To exercise these rights, please contact us at info@growrecruiting.com

  6. Data Security

    We take reasonable measures to safeguard your information from unauthorized access, disclosure, or alteration. However, please note that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

  7. Data Retention

    We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. After the retention period, your data will be securely deleted or anonymized.

  8. Third-Party Links

    Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites. We encourage you to review their privacy policies before providing them with any personal information.

  9. Children’s Privacy

    Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

  10. Security Incident and Privacy Event Management (SIEM)

    Grow Recruiting is committed to safeguarding the personal information we handle. To this end, we have established a Security Incident and Privacy Event Management Policy that outlines the procedures for identifying, responding to, and managing security incidents and privacy breaches.

    1. Incident Detection and Response: We utilize technical measures and employee training to detect potential security incidents or privacy breaches. In the event of an incident, a designated response team will evaluate the situation and take immediate steps to mitigate risks, notify affected parties, and remediate the issue.
    2. Annual Policy Review: This policy is reviewed and reaffirmed on an annual basis to ensure it meets current regulatory standards and internal security requirements.
    3. Stakeholder Communication: The details of this policy, including any updates, are communicated to all relevant stakeholders, including employees and business partners, at least once annually, and more frequently as necessary

  11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the "Effective Date" at the top will be updated accordingly. We encourage you to review this Privacy Policy periodically

  12. Contact Us

    If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

  13. Remote Access Policy

    Grow Recruiting provides remote access to its systems and tools in a secure and controlled manner to authorized employees and contractors. The policy outlines the following principles for remote access:

    1. Authorized Access: Only authorized personnel are permitted to access company systems and sensitive data remotely. Access is granted based on job roles and is subject to approval by the IT/security team.
    2. Security Measures: All remote access must be conducted using secure methods, including the use of virtual private networks (VPNs) and multi-factor authentication (MFA). Devices accessing company systems must have up-to-date security software and encryption enabled.
    3. User Responsibilities: Remote users are responsible for ensuring the security of their devices and connections, including the use of secure Wi-Fi networks and strong passwords. Users are also responsible for changing all passwords from their original defaults, and we suggest changing them monthly to avoid breach risk.
    4. Monitoring and Logging: Remote access sessions are monitored and logged to ensure compliance with company policies and to detect any unauthorized access or suspicious activity
    5. Annual Review and Communication: This policy is reviewed and reaffirmed annually to ensure it remains up to date with the latest security practices. All relevant stakeholders are informed of any updates or changes through annual communication.

  14. Network Device Security Policy

    All routers, switches, wireless access points, and firewalls used by Grow Recruiting are secured in line with documented security standards. These standards include:

    1. Access Controls: All network devices are secured using unique, strong administrative credentials and multi-factor authentication (MFA) where applicable.
    2. Encryption: Wireless networks are secured with WPA3 encryption, and VPN is required for remote access.
    3. Firewall Configurations: Firewalls are configured to block unauthorized inbound/outbound traffic and only allow the necessary services.
    4. Firmware and Software Updates: All devices are regularly updated with the latest security patches to protect against vulnerabilities.
    5. Monitoring and Auditing: All network activities are logged and regularly audited for suspicious or unauthorized access.
    6. Network Address Translation (NAT) Policy: All team members working remotely are required to ensure that their home routers are configured with Network Address Translation (NAT), which conceals internal IP addresses and protects network devices from direct exposure to the internet. This configuration is enabled by default on most consumer-grade routers. This policy is reviewed annually to ensure it remains compliant with the latest security standards.
    7. Wireless Network Security Each team member working remotely is responsible for securing their home wireless networks using WPA3 or WPA2 encryption. While we do not use a centralized wireless analyzer, team members are required to monitor their home networks for unauthorized devices and ensure their Wi-Fi is protected with strong passwords.

  15. Desktop Computing Policy

    Grow Recruiting is committed to ensuring that all desktop and laptop computers used for business purposes are secure and compliant with company standards. The following guidelines apply to all employees:

    1. Device Security: All company desktops and laptops must be password-protected, with strong passwords changed regularly. Devices should also have automatic locking enabled after a period of inactivity
    2. Antivirus and Security Software: All desktop and laptop computers must have up-to-date antivirus software and firewalls enabled. Security updates must be applied promptly.
    3. Data Encryption: Sensitive data stored on desktops or laptops should be encrypted to protect against unauthorized access in case of device loss or theft.
    4. Backup and Data Retention: Important business data stored on desktops or laptops should be backed up regularly to a secure cloud or external device.
    5. Annual Review: This desktop computing policy is reviewed, updated, and reaffirmed on an annual basis to ensure it complies with the latest security standards and operational needs.
    6. Stakeholder Communication: All relevant stakeholders are informed of any updates to the policy on an annual basis.

  16. Information Security Email Policy

    Grow Recruiting is committed to maintaining the security and confidentiality of all business communications conducted via email. To ensure the security of sensitive information, we follow these email security guidelines:

    1. Use of Secure Email Platforms: All employees are required to use secure email platforms (e.g., Microsoft365 with Outlook) that support encryption and other security features.
    2. Password Protection: Email accounts must be protected with strong, unique passwords and multi-factor authentication (MFA) to prevent unauthorized access.
    3. Phishing Awareness: All employees receive annual training on identifying phishing attempts and avoiding suspicious emails.
    4. Confidential Information: Sensitive business information should not be sent via email unless encrypted. Attachments containing sensitive data should be password-protected.
    5. Review and Update: This email security policy is reviewed and reaffirmed on an annual basis to ensure it complies with the latest security practices and regulatory requirements.
    6. Stakeholder Communication: All employees and relevant stakeholders are informed of any updates or changes to this policy on an annual basis.

  17. Electronic Information Security Exception Management Policy

    Grow Recruiting recognizes that, on occasion, there may be valid reasons to deviate from established information security policies. This exception management policy provides a framework for requesting, approving, and documenting exceptions.

    1. Requesting Exceptions: Employees or contractors who require exceptions to standard security policies must submit a formal request detailing the nature of the exception, the reason for the request, and the expected duration.
    2. Approval Process: Exception requests must be reviewed and approved by the designated security officer or a member of the management team. Approval is based on risk assessment and business need.
    3. Monitoring and Documentation: All approved exceptions are documented, including the reason for approval, the duration of the exception, and any additional security measures taken to mitigate risks.
    4. Expiration and Review: Exceptions are granted for a limited time and must be re-evaluated before they expire. If ongoing, they are reviewed annually to ensure they remain necessary and secure.
    5. Annual Policy Review: This exception management policy is reviewed and reaffirmed annually to ensure it aligns with current security standards and business practices.
    6. Stakeholder Communication: Relevant stakeholders are informed of any updates to the exception management policy on an annual basis.

  18. Mobile Computing Information Security Policy

    Grow Recruiting recognizes the use of mobile devices as an integral part of business operations. This policy ensures that all mobile devices used for company purposes are secured and managed according to best practices.

    1. Device Security: All mobile devices (laptops, smartphones, and tablets) used to access company data must be protected with a password or biometric lock. Devices must automatically lock after a period of inactivity.
    2. Encryption: Mobile devices that store sensitive company data must use encryption to protect against unauthorized access in the event of loss or theft.
    3. Remote Wipe: Any mobile device used for business must be capable of remote wipe, allowing the deletion of sensitive data if the device is lost or stolen.
    4. Updates and Patching: All mobile devices must have up-to-date operating systems and security patches installed.
    5. Public Network Access: Employees are discouraged from accessing company data over unsecured public Wi-Fi. If access is necessary, a Virtual Private Network (VPN) must be used.
    6. Annual Policy Review: This mobile computing policy is reviewed and reaffirmed annually to ensure it complies with evolving security practices and business needs.
    7. Stakeholder Communication: All employees and relevant stakeholders are informed of updates to this policy on an annual basis.

  19. Secure Disposal of Electronic Information Policy

    Grow Recruiting is committed to ensuring that all electronic information is securely disposed of when it is no longer needed to protect against unauthorized access and data breaches.

    1. Data Deletion: All electronic files containing sensitive or confidential information must be permanently deleted using secure methods such as data wiping or file shredding software to prevent recovery.
    2. Hardware Disposal: Any hardware (e.g., laptops, hard drives, USB drives) containing electronic information must be wiped and, if necessary, physically destroyed before disposal.
    3. Third-Party Disposal Services: If hardware or electronic devices are disposed of using thirdparty services, those vendors must be certified to handle secure data destruction in compliance with regulatory standards.
    4. Documentation: Records of all data disposal activities must be maintained, including the method of destruction and the date of disposal.
    5. Annual Review: This policy is reviewed and reaffirmed annually to ensure compliance with evolving security standards and business needs.
    6. Stakeholder Communication: All relevant stakeholders are informed of updates to this policy on an annual basis.

  20. Vulnerability Management Policy

    Grow Recruiting is committed to identifying and mitigating security vulnerabilities in its systems to protect company data and ensure the integrity of its services. This policy outlines the steps for managing vulnerabilities across all systems.

    1. Vulnerability Identification:
      • Regular scans and assessments are conducted to identify vulnerabilities in software, hardware, and network configurations.
      • External vulnerability assessments may be conducted by third-party services on an annual basis.
    2. Risk Prioritization:
      • Vulnerabilities are classified based on their potential impact and likelihood of exploitation. Critical vulnerabilities are addressed with the highest priority.
    3. Remediation and Patch Management:
      • Identified vulnerabilities are remediated in a timely manner through patches, updates, or configuration changes.
      • Patches for critical vulnerabilities are applied as soon as they are available, while lowerrisk vulnerabilities are addressed according to business needs.
    4. Monitoring and Reporting:
      • Continuous monitoring is in place to detect new vulnerabilities and assess the effectiveness of existing security measures.
      • All vulnerabilities and their remediation actions are documented and reported to management on a regular basis.
    5. Annual Policy Review:
      • This policy is reviewed and reaffirmed annually to ensure alignment with current security practices and business requirements.
    6. Stakeholder Communication:
      • Relevant stakeholders are informed of any updates to the vulnerability management policy on an annual basis.

  21. IT Asset Management Policy

    Grow Recruiting implements a formal IT Asset Management program to track, manage, and maintain all technology assets, ensuring their efficient use, security, and compliance with company standards.

    1. Asset Inventory:
      • All IT assets, including hardware, software, and licenses, are documented in an asset management system.
      • The inventory is regularly updated to reflect the acquisition, deployment, and decommissioning of assets.
    2. Asset Ownership:
      • An asset owner is designated for each IT asset, responsible for maintaining and reviewing the status of the asset throughout its lifecycle
    3. Asset Lifecycle Management:
      • The lifecycle of IT assets, from acquisition to disposal, is tracked to ensure they are maintained, updated, and securely disposed of when no longer in use.
    4. Compliance and Licensing:
      • Software licenses are monitored to ensure compliance with licensing agreements, and assets are reviewed to prevent unauthorized software installations.
    5. Annual Review:
      • The IT Asset Management policy is reviewed annually by the designated asset owner and approved by management to ensure it remains aligned with business objectives and regulatory requirements.
    6. Stakeholder Communication:
      • The policy and any updates are communicated to all relevant stakeholders, including management and IT personnel, on an annual basis.

  22. Clean Desk Policy

    Grow Recruiting enforces a Clean Desk Policy to protect sensitive information:

    1. Workstation Security:
      • Employees must clear desks of all sensitive materials at the end of the day and store them securely.
    2. Device Security:
      • Computers must be locked when unattended, and passwords must not be left visible.
    3. Confidential Documents:
      • Confidential materials must be stored securely when not in use.
    4. Annual Review: The policy is reviewed and reaffirmed annually, with updates communicated to stakeholders.

  23. Software & Operating System Patch Management Policy

    Grow Recruiting ensures that all software and operating systems are kept up to date with the latest patches and updates to protect against security vulnerabilities and ensure system stability.

    1. Automatic Updates:
      • Where possible, automatic updates are enabled for all operating systems and software to ensure patches are applied promptly
    2. Patch Testing:
      • Critical patches are applied immediately. For non-critical patches, testing is conducted in a controlled environment (when applicable) to ensure compatibility with existing systems.
    3. Patch Management Schedule:
      • A regular schedule is in place to review, test, and apply updates and patches to all systems. Critical security patches are prioritized and applied as soon as they are released.
    4. Monitoring:
      • Systems are monitored to ensure that all patches are applied correctly and that no vulnerabilities remain unaddressed.
    5. Annual Policy Review:
      • This patch management policy is reviewed and reaffirmed annually to ensure compliance with the latest security standards and operational needs.
    6. Stakeholder Communication:
      • Relevant stakeholders are informed of any updates or changes to this policy on an annual basis.

  24. Removable Media Policy

    Grow Recruiting prohibits the use of unapproved removable media (e.g., USB drives, external hard drives) and requires that any use of such media be authorized, encrypted, and documented, with the policy reviewed annually and managed by the designated security officer