Skip to main content
For Companies

Compliance

GDPR, EU AI Act, ESCO standards, and certifications. Cumino guarantees full regulatory compliance for corporate recruiting.

GDPR - General Data Protection Regulation

Cumino is designed with privacy by design. Every aspect of data processing is compliant with GDPR and Italian data protection regulations.

Data security

  • Encryption AES-256 at rest
  • TLS 1.3 in transit
  • EU data center (Frankfurt)
  • Encrypted backups

Documentation

  • DPA (Data Processing Agreement)
  • DPIA on request
  • Processing register
  • Customizable privacy notices

Data subject rights

  • Data access
  • Rectification and deletion
  • Data portability
  • Right to object

Corporate responsibilities

  • Controller: your company
  • Processor: Cumino
  • Documented sub-processors
  • Audit on request

EU AI Act

The European Artificial Intelligence Regulation classifies recruiting systems as "high risk". Cumino is designed to meet all requirements.

1

Algorithmic transparency

Candidates are informed of AI use in the process. Algorithmic decisions are explainable and documented.

2

Bias monitoring

Continuous monitoring of algorithmic bias for gender, age, nationality, and other protected categories.

3

Human oversight

No fully automated decisions. A human recruiter always validates the final selection.

4

Technical documentation

Complete AI system documentation: training datasets, performance metrics, risk assessment.

ESCO Standard

European Classification of Skills

Cumino uses the ESCO taxonomy (European Skills, Competences, Qualifications and Occupations) to classify skills and occupations. This ensures:

  • Standardization: skills coded uniformly in 27 languages
  • Portability: CVs usable across the entire EU
  • Objectivity: matching based on measurable skills, not keywords
  • Interoperability: compatible with European HR systems
Discover ESCO guides →

Certifications and standards

GDPR Compliant

EU Regulation 2016/679

EU AI Act Ready

EU Regulation 2024/1689

ESCO Certified

European skills taxonomy

ISO 27001

Information security management

SOC 2 Type II

Security and availability controls

EU Data Center

Data in Europe (Frankfurt)

Configurable data retention

You decide how long to keep data

Each company can configure its own data retention policies. Data is automatically deleted when the configured period expires.

6 months
Minimum retention
24 months
Standard retention
Custom
On request

Have compliance questions?

Our legal team is available to clarify every aspect.

Contact UsPrivacy Policy

Compliance

GDPR compliant100%
ESCO languages27
Data retentionConfigurable

Learn more

How It WorksAdvantages & ROIUse Cases