Information & Security

An overview of Jobbatical's strong commitment to security and data management.

Last update: June 23, 2023
Ephicient logoOE logo2020INC logo

A word from our CISO

Jobbatical is a leading provider of relocation services, helping companies hire top talents from anywhere in the world.

Our paperless process is powered by our own software application. We proudly serve over 600 companies as their primary relocation partner.At Jobbatical, safeguarding sensitive information and customer data is integral to our business. We rely heavily on our Relocation Case Management Software, prioritizing the confidentiality, integrity, and availability of our applications. Our primary objective is to protect our customers' data and Information and Communications Technology (ICT) assets.We are committed to continuous security improvements and adhere to Information Security Management Systems across all levels of our organization. This includes all employees, core business processes, and the ICT systems supporting our Jobbatical application.To ensure the highest standards of information security, we comply with the ISO27001 standard. This standard guides us in establishing, implementing, controlling, assessing, maintaining, and improving our documented Information Security Management System (ISMS). By choosing appropriate security measures, we aim to safeguard information and provide confidence to our stakeholders.

In this page we have curated a collection of documents that cover various aspects of our program, policies, architecture, tests, and more. These resources are designed to provide comprehensive information. If you have any additional inquiries, please don't hesitate to contact us. 

Marje Salumets
CISO

Data protection

Respecting personal data protection rights is our priority which is why we have created documentation and implemented internal processes to meet the GDPR requirements.

What is our data processing role?
Our company is a Controller

Although we offer our services through our own technically advanced cloud-based platform, we are not a typical SaaS service provider in relation to our relocation service. 

Based on our assessment, we have concluded that we are a separate controller of personal data of talents and their family members when providing relocation services because we determine the means and purposes of data processing. Such data processing is described in our privacy notice. For specific data types, please see “talent data” and “talent family member data” (this includes the talent’s or his or her family member’s first name, last name, date of birth, personal ID code, nationality, passport data, photo, etc) in our privacy notice.

Our role as a controller primarily arises because of following:

  • Even though the business client initially orders and pays for the service, a direct relationship between us and the talent is still established during the provision of the service. Additionally, a power of attorney may be requested from the talent (or his or her family member) directly,
  • There are no specific instructions from the business client on what data to collect from the talent (and his/her family member) and how exactly the relocation services should be provided, 
  • In general, most of the personal data is collected directly from the talent (i.e., business clients are not generally involved in the collection and submission of personal data to us),
  • The business client is usually kept informed of the process and receives the notification once the relocation is completed, but the business client has no significant influence on us and the provision of services in general. On the other hand, we have a significant independence in providing the service – we determine exactly how (by using what means) we process personal data in order to achieve the intended purposes.
Our Company is a Processor

When it comes to the processing of personal data of our platform users designated by our business clients, we consider ourselves as a data processor.  Such processing is regulated by the data processing agreement (DPA) appended to our terms of service. The DPA concerns only the processing of the names, emails, phone numbers and job titles of our business clients’ employees who are using our platform (e.g., HR manager who has access to the platform and who initiates the talent relocation), but not the talents (i.e., current or future employees who need to be relocated) and their family members. 

In a nutshell, a typical process looks like this:

While this is a description of our typical process, depending on the client and the processes agreed with the client, relevant legal documentation may need to be customized accordingly. Please feel free to talk to our growth team so that we can find a solution that suits your business in the best possible way.

We are also currently in the process of implementation of ISO/IEC 27701 (Privacy Information Management System) so that we can demonstrate in even a better way a high level of protection of personal data.

Should you have any questions regarding the data processing, please feel free to contact our DPO: dpo@jobbatical.com.

What about the (sub)processors?

All our (sub)processors are thoroughly assessed, certified and use EU storage location. The list of processors used by Jobbatical is available to clients and selected prospects subject to NDA.

Summary of our commitment to data security

  • Has ISO27001 Certification

  • All data is processed within the EU

  • Regular third-party audit(s)

  • Conducts cyber hygiene trainings for all employees

  • Has a formal device management program

  • Annual third-party penetration testing

  • Has a Business Continuity and Disaster Recovery Management

  • Role-based access control

  • Data Retention Policy in place

Additional documents can be provided on request to selected prospects and clients on request
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Application security

Jobbatical has built the platform for our service on top of known cloud vendors, who have high security standards, minimizing the risk of the service being not available. 

Data storage:
-Google Cloud Storage.
- All request are forced to go through HTTPS.
- Database operations are using SSLData is encrypted at rest.
- 24/7 automatic monitoring.
- Data center providers geographical region: Europe North 1

We have 24/7 automated monitoring to detect any anomalies and 99,7% service availability rate. In case of an unwanted event or incident we follow the Incident Management Process, that is also compliant with ISO27001 requirements.

Examples use-cases for alerts:
- Abnormal amount of unauthorized requests.
- High amount of errors.
- Abnormal login attempts

Our commitment to sustainability

In today’s world, defined by complex global challenges, we believe that businesses have a critical role in creating a better world. Jobbatical’s commitment to sustainability is the foundation upon which we build our future success. It reflects our values, emphasizes our responsibility, and shapes our vision for a brighter future.

With this Sustainability Commitment, we acknowledge that our actions as a company and as a provider of immigration and relocation services carry significant consequences, and we embrace the opportunity to drive meaningful change. By embedding sustainability into our core values, we aim to be a catalyst for positive change while delivering top-tier immigration and relocation services. 

Ethical mobility

At Jobbatical, we understand that the services we provide have a deep impact on the lives of individuals and families seeking new opportunities and a fresh start in a different location.

The mobility solutions we offer are not only legally compliant but also rooted in principles of fairness, respect, and empathy. As a company, we stand behind Commitment 10 of UN’s Sustainable Development Goals: Reduced Inequalities.
Our team and services always prioritize the well-being and rights of those who choose to move to new countries or regions. Jobbatical advocates for policies and practices that promote inclusivity, diversity, and equal treatment for all, irrespective of their backgrounds. We aim not just to facilitate physical relocation but also to foster a sense of belonging and security at every step of the journey. 

Diversity and inclusivity

Jobbatical stands behind Commitments 5, Gender Equality, and 8, Decent Work and Economic Growth, of the UN’s Sustainable Development Goals. We provide equal employment opportunities for all applicants and employees. We do not unlawfully discriminate on the basis of race, color, religion, sex, sexual orientation, national origin, ancestry, age, medical condition, mental or physical disability, veteran status, marital status, or any other consideration protected by law. 

Jobbatical will also make reasonable accommodations for handicapped and disabled veteran employees. Our commitment to equal employment opportunity applies to everyone involved in our operations and to all areas of employment, including recruitment, hiring, training, promotion, compensation and benefits. We strive to promote a diverse and inclusive work environment that welcomes everyone despite their background.

Employee Well-being 

We are committed to the well-being and growth of all Jobbaticlers. Jobbatical actively promotes a workplace culture that champions diversity, inclusion and growth. Our ultimate goal is to nurture an environment where every team member feels valued, respected, and empowered, regardless of their background.

To achieve this, we invest in initiatives that support employee well-being. This includes YOLO days - additional days off for Jobaticlers to do whatever makes them happy -, wellness support, and flexible work arrangements that accommodate the diverse needs of our team. 

Sustainable Office

At our single office located in Tallinn, Estonia, Jobbatical is committed to sustainability through various initiatives. 
We actively encourage eco-friendly commuting, particularly cycling to work, reducing our carbon footprint while promoting healthier lifestyles.
Additionally, we're dedicated to creating a paper-free workspace by emphasizing digital processes and responsible resource usage, reducing waste and resource consumption. We've also established a waste management program that focuses on recycling to minimize our environmental impact and support a cleaner, more sustainable future.

We continuously seek to improve and expand these efforts to ensure a positive contribution to both the environment and to society.

Remote work

At Jobbatical, we have embraced remote work as the standard practice, and it forms an essential element of our commitment to both environmental and social sustainability. 

Remote work plays a key role in our environmental sustainability efforts. It leads to a significant reduction in daily commuting, resulting in a substantial decrease in carbon emissions linked to transportation. Additionally, remote work optimizes energy consumption by reducing the need for physical office spaces, ultimately shrinking our environmental footprint. 

Going beyond traditional office boundaries has also allowed us to tap into a diverse talent pool, actively promoting inclusivity and diversity within our teams. For Jobbaticlers, remote work translates into an improved work-life balance, reduced commuting stress, and enhanced flexibility. 

Collaborations

At Jobbatical, we hold to the principle that the partnerships we establish must align with our values and collaborate exclusively with companies that share our dedication to integrity, transparency, and responsibility. Our partners are not chosen simply from a business perspective, we seek out value-driven companies that share Jobbatical’s vision for a more equitable and sustainable future. By choosing partners who mirror our ethical principles, we not only ensure the highest quality of service but also reinforce our collective impact in building a more equitable and sustainable future.

Cookie Settings

By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences
Accept allAccept necessary

This site uses cookies

Jobbatical uses cookies on its website to offer you the most relevant content and make visiting the site easier and more convenient.

Accept all cookiesAllow selected only
Show info
Required
(1)
Statistical
(1)
Marketing
(1)
About Cookies

Necessary cookies help provide you with a great website experience by enabling core functionality such as page navigation and access to secure areas of the site. The site cannot function properly without these cookies.

Name
Provider
Target
Validity
Type
bm_sz
Used in context with the web site's BotManager. The BotManager detects, categorizes and compiles reports on potential bots trying to access the web site.
1 day
HTTP
ak_bmsc
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of the website.
1 day
HTTP
rc::a
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of the website.
Persistent
HTML
_ga
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
2 years
HTTP
rc::c
This cookie is used to distinguish between humans and bots.
Session
HTML
_abck
Used to detect and defend against replay-cookie-attacks – The cookie is necessary for the security and integrity of the website.
1 year
HTTP
_gid
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
1 day
HTTP
_lfa
Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes.
2 years
HTTP
collect
Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
Session
Pixel
_gat
Used by Google Analytics to throttle request rate.
1 day
HTTP
_lfa
Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes.
Persistent
HTML
_lfa_expiry
Contains the expiry-date for the cookie with corresponding name.
Persistent
HTML
_mcid
This cookie registers data on the visitor. The information is used to optimize advertisement relevance.
1 year
HTTP
_lfa_test_cookie_stored
Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes
Session
HTTP
ads/ga-audiences
Used to detect whether the user intends to leave the page via cursor movements. This allows the website to trigger certain pop-ups to keep the user on the web site or convert them to customer.
Session
Pixel
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.