JobMatch LogoJobMatch

Data Protection Statement

Last updated: 2/26/2026

1. Introduction

JobMatch is committed to protecting your personal data and respecting your privacy. This Data Protection Statement explains the technical and organizational measures we implement to safeguard your data.

2. Technical Security Measures

2.1 Encryption

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (SSL/TLS)
  • Data at Rest: Sensitive data stored in our databases is encrypted
  • Password Storage: Passwords are hashed using industry-standard algorithms (bcrypt)

2.2 Access Controls

  • Multi-factor authentication for administrative access
  • Role-based access control (RBAC) limiting data access to authorized personnel only
  • Regular access reviews and audits
  • Secure authentication mechanisms for user accounts

2.3 Infrastructure Security

  • Hosting on secure cloud infrastructure (Supabase) with industry-standard security
  • Regular security updates and patches
  • Firewall protection and intrusion detection
  • DDoS protection and mitigation
  • Regular security assessments and penetration testing

2.4 Application Security

  • Input validation and sanitization to prevent injection attacks
  • Cross-site scripting (XSS) protection
  • Cross-site request forgery (CSRF) protection
  • Secure session management
  • Regular code reviews and security audits

3. Organizational Security Measures

3.1 Staff Training

  • Regular data protection and security training for all staff
  • Confidentiality agreements for all employees and contractors
  • Clear data handling procedures and policies

3.2 Data Access Management

  • Principle of least privilege - staff only access data necessary for their role
  • Logging and monitoring of data access
  • Regular review of access permissions
  • Immediate revocation of access upon termination

3.3 Incident Response

  • Established incident response procedures
  • 24/7 monitoring for security incidents
  • Rapid response team for security breaches
  • Breach notification procedures in compliance with GDPR

4. Data Processing Safeguards

4.1 Data Minimization

We only collect and process data that is necessary for providing our services.

4.2 Purpose Limitation

Data is only used for the purposes specified in our Privacy Policy and for which you have given consent.

4.3 Storage Limitation

Data is retained only for as long as necessary for the specified purposes or as required by law.

4.4 Accuracy

We take reasonable steps to ensure data accuracy and allow you to update your information.

5. Third-Party Service Providers

We use trusted third-party service providers who are contractually obligated to implement appropriate security measures:

  • Supabase: Database and authentication services (ISO 27001 certified)
  • Payment Processors: PCI DSS compliant payment processing
  • Email Services: Secure email delivery with encryption

All third-party contracts include data protection clauses and regular security assessments.

6. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours (as required by GDPR)
  • Notify affected users without undue delay
  • Provide information about the nature of the breach, likely consequences, and measures taken
  • Take immediate steps to contain and remediate the breach

7. Regular Security Assessments

We conduct regular security assessments including:

  • Annual security audits
  • Penetration testing
  • Vulnerability assessments
  • Code security reviews
  • Third-party security assessments

8. Your Role in Data Protection

You can help protect your data by:

  • Using a strong, unique password
  • Not sharing your account credentials
  • Keeping your device and browser updated
  • Being cautious about sharing personal information
  • Reporting suspicious activity immediately

9. Compliance and Certifications

We are committed to compliance with:

  • General Data Protection Regulation (GDPR)
  • Applicable data protection laws in Myanmar
  • Industry best practices and standards

10. Contact Information

For questions about data protection, contact:

Data Protection Officer: dpo@job-matchmm.com
Security Team: security@job-matchmm.com
Address: [Your Company Address]

For more information, see our Privacy Policy. Privacy Policy.

← Back to Home