Compliance with data protection laws
Processing candidate personal date withing Teamio and providing them to external applications via the Candidate Replies Export API complies with the General Data Protection Regulation (GDPR), which governs the protection of personal data and individual rights across EU member states, as well as the Czech Personal Data Protection Act No. 101/2000 Coll. (Zákon č. 101/2000 Sb. o ochraně osobních údajů).
For more details regarding Teamio’s GDPR compliance, technical specifications, or overall security setup, see this page.
External candidate data processing rules
After candidate replies are transferred from Teamio via the API, personal data must be stored and processed according to the consent given by the candidate when applying. The API provides the consent text and its validity date in the <GDPR> element of the export XML. External systems should:
- Process data only within consent scope and duration Refer to the
consentValidToandconsentTextvalues in the XML for each candidate reply to ensure compliance. - Delete data after consent expires When consent expires, Teamio deletes the candidate’s data. External systems must do the same.
- Support consent extension requests Recruiters can ask candidates for consent extension in Teamio. External systems should support this for transferred candidates to prevent their loss due to expired consent.