You may revoke your consent to this policy. To revoke your consent, please contact us. If you revoke your consent, your account and profile information will be removed from our website.
Information collected on our sites and applications is stored in the United States; therefore, your information may become subject to U.S. law.
Monster’s Commitment : Protecting You and Your Privacy
What is GDPR?
The European Union’s GDPR (General Data Protection Regulation (EU) 2016/679) is a comprehensive piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the EU. The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Most significantly, the GDPR enhances EU individuals’ privacy rights and places enhanced obligations on organizations handling personal data.
Monster takes its commitment to protecting our jobseekers and employers seriously and Monster is fully committed to complying with GDPR.
What has Monster done to comply with GDPR?
Monster dedicated internal resources to the GDPR in January 2017, over a full year before the deadline. Monster collects personal data from millions of job seekers so data protection is of paramount importance to us. We did this because we value our users’ and customers’ rights to privacy.
Monster has worked diligently to prepare for the GDPR and we have made significant investments in data protection and compliance measures for our EU resident users. Our Global Privacy Office has lead the effort and continues to engage with a multi-disciplinary working group with representatives from every Monster department to ensure compliance.
To that end, here are some of the activities we engaged in leading up to, and through, May 25, 2018:
- Updated security policies and procedures related to the processing of personal data.
- Appointed a Data Protection Officer in the EU.
- Audited vendor agreements, and where necessary, appended data protection agreements to implement processes addressing GDPR’s Article 28 processor requirements.
- Conducted data privacy impact assessments for core business and data processing activities.
- Created data inventories and data flow maps across the organization.
- Trained customer service representatives to recognize and respond to data subject access requests.
- Made technical changes to our platform to enable us to comply with the GDPR.
What personal data does Monster collect from employers and how is it used?
Monster is a data controller for the data we’ve collected. Our employer customers are separate data controllers for the jobseeker data they get from Monster. We are not acting as a data processor when we collect this information and share it with you on a user’s behalf.
Monster primarily sells job postings and access to our CV database. The only personal data we ask you to provide for these services is:
- The company contact information we keep on file for a customer’s account, and
- The corporate email address your recruiters use to log in to your employer account.
We use this contact information for our legitimate business purposes, such as authentication, billing, account management, technical support, and sales and marketing. As a result, because Monster determines the means and the purposes for processing such information, Monster is the controller of such data for the purposes of GDPR.
What is Monster’s relationship with EU jobseekers?
Monster practices Privacy by Default
Monster practices privacy by default as required under the GDPR. A user’s CV is set to “private” by default when first uploaded, meaning it is not searchable by employers. The user must take an affirmative action to make his or her CV shareable with employers by choosing to set it to “public”.
Does Monster collect consent for employers to contact jobseekers about other roles?
Monster does not specifically solicit consent to allow employers to contact an applicant regarding other roles. By applying to a job, providing contact information to show interest in a job or replying to a message from an employer, a user consents to disclosure of their information to that employer and to be contacted by them. It is ultimately up to each employer to decide to reach out to an applicant with other opportunities. The only restriction Monster places is that employers may not contact the applicant for any non-employment related reason without the applicant’s prior consent (e.g., users may not be contacted for direct marketing purposes without first opting in to receiving such communications).
Does Monster have a response procedure in place for data subject access requests?
Since Monster is a data controller for the information in Monster’s CV database, not a processor, Monster is not obligated to notify each Monster customer of a data subject access request made by a Monster user. However, Monster’s Privacy Office has taken significant steps to ensure that Monster is able to honor all data subject access requests. We have established an intake process to ensure requests are sent to Monster’s Privacy Office.
Does the GDPR apply to my company even if I am outside the EU?
If you are a company outside the EU, you should still be aware of your obligations. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.
Regardless of where your company is present, we do not anticipate the law impacting your ability to use Monster services to post jobs or search for candidate CVs, however, if you have questions about your role as a data controller, we recommend you consult your own legal counsel.
What resources are available if I have further questions about GDPR compliance?
If you have any questions, please refer to our privacy center for additional resources or contact us here
Monster’s Global Privacy Office