Recruiting Partners

Free ATS

Free Sourcing

Pricing

Resources

GDPR

Introduction

Thank you for choosing to be part of our community at Staya, Inc., doing business as Dover ("Dover", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy in accordance with the General Data Protection Regulation (GDPR). This policy explains how we process, store, and handle personal data of European Union (EU) residents.

Scope

This policy applies to all information collected through our website (such as https://dover.com), and/or any related services, sales, marketing or events (collectively referred to as "Services") concerning EU residents, whether as customers, job applicants, or other data subjects.

Data Protection Principles

We take your privacy seriously and adhere to the following principles:

  1. Lawfulness, Fairness, and Transparency

    • We process your personal data lawfully, fairly and in a transparent manner

    • We tell you what processing will occur and match our actions to our descriptions

    • We establish clear legal grounds for processing before collection begins

  2. Purpose Limitation

    • We collect personal data for specified, explicit, and legitimate purposes

    • We won't process your data in ways incompatible with those purposes

    • If we need to change how we use your data, we'll get your consent first

  3. Data Minimization

    • We only collect what we need to provide our Services

    • We keep our data collection proportional and relevant

    • We regularly review what we collect to ensure it's necessary

  4. Accuracy

    • We keep your personal data accurate and up to date

    • We correct or delete inaccurate information

    • We have processes to identify and address out-of-date or incorrect data

  5. Storage Limitation

    • We keep your data only as long as necessary

    • We delete your data when you ask to have your account and data deleted

    • We regularly clean up unnecessary data

  6. Integrity and Confidentiality

    • We implement appropriate technical and organizational security measures

    • We protect against unauthorized processing

    • We guard against accidental loss, destruction, or damage

Data Subject Rights

When you use our Services, you have the following rights:

  1. Right to Access

    • You can request copies of your personal data

    • We'll explain how we use your data

    • We'll confirm our processing is lawful

  2. Right to Rectification

    • You can correct any inaccurate data

    • You can complete any incomplete data

    • You can update outdated information

  3. Right to Erasure

    • Email support@dover.com with subject "Data Deletion"

    • Include your account email

    • We'll delete your data within 72 hours

  4. Right to Object

    • You can object to certain types of processing

    • You can opt-out of profiling

    • You can request alternative processing methods

  5. Right to Data Portability

    • We'll provide your data in a structured format

    • You can transfer your data to another service

    • You can request direct transfers where technically feasible

Data Protection Officer

For questions about this policy, you may contact our Data Protection Officer (DPO):

  • Name: Maksim Kolysh

  • Email: gdpr@dover.com

  • Address: Staya, Inc, 130 Bush St, San Francisco, CA 94104, United States

International Data Transfers

We process data in the United States through:

  1. Google Cloud Infrastructure

  2. Subprocessors (see Subprocessor Management section below)

Security Measures

We have implemented appropriate technical and organizational security measures including:

  1. Controls to prevent unauthorized access

  2. Encryption during data transmission

  3. Systems to log access and changes

  4. Regular security audits

  5. Data protection impact assessments

Data Breach Procedures

If we discover a data breach:

  1. We'll assess the incident within 72 hours

  2. We'll notify affected users if there's a high risk

  3. We'll inform relevant authorities as required

  4. We'll document the incident, including:

    • What happened

    • What data was affected

    • How many people were impacted

    • What we did about it

Subprocessor Management

We maintain an up-to-date list of subprocessors and ensure:

SUBPROCESSOR NAME

PURPOSE

LOCATION

Cloudflare

Content delivery

Worldwide

Google

Cloud infrastructure

Worldwide

Elastic

Cloud infrastructure

Worldwide

OpenAI

AI service provider

United States

Nylas

Email and calendar infrastructure

United States

Front App

Customer support and communications

Worldwide

Slack

Customer support and communications

Worldwide

Intercom

Customer support and communications

Worldwide

Affinda

PDF Parsing

Worldwide

Metabase

Whitelabeled analytics

Worldwide

New Relic

Performance monitoring and logging

United States

Sentry

Error tracking and monitoring

United States

Segment

Product Analytics

United States

Full Story

Product Analytics

United States

For any questions about our subprocessors, please contact gdpr@dover.com.

Compliance Monitoring

Our DPO conducts:

  • Annual data protection audits

  • Regular compliance checks

  • Employee training programs

Contact Information

For GDPR-related questions:

  • Email: gdpr@dover.com

  • Subject Line: "GDPR Inquiry"

  • We'll respond within 30 days

Policy Updates

We review this policy every three years or when regulations change. We'll notify you of any material changes.

Document Control

  • Last Updated: January 23, 2025

If you have any questions or concerns about this policy or our practices, please contact gdpr@dover.com