Technical and Organizational Measures

Software as a Service 

Nelisa operates as a SaaS (Software as a Service), which simply means: 

• It runs on a private cloud, 
• Nelisa’s servers and data are hosted across data centers within the EU,  
• Nelisa, as an Application Service Provider (ASP), ensures the system’s operation and availability. 

Access Restrictions 

User data is accessible only to a limited group of authorized employees om a need-to-know basis. 

Security measures include, among other things, monitoring operations and activities with operator idnetity attribution. 

Role Separation 

When processing user requests, we distinguish the following roles: 

• Customer Support [<10] – receives and handles customer requests as the first line of support. 
• Sales Team [20+] – addresses functional requests related to products, campaigns, and services. 
  System Administration [<10] – maintains technical resources (servers, backups, etc.). 

The roles described above must (or may) have access to parts of, or in some cases complete, user data in order to perform their duties. The approximate number of employees reflects the level of support required to accessdata. 

Deletion of Personal Data 

Within the Nelisa platform, companies can manually delete both 

• candidates and 
•  recruitment records from the candidate list and recruitment list. 

Nelisa does not collect consent to process candidates’ personal data for its own purposes, as Nelisa does not work with candidates directly and only makes their data available to companies. Companies can provide their own GDPR consent text and define the required data retention period. If a candidate grants consent for a longer retention period, data deletion follows the validity of that consent. If the candidate does not grant consent, or if the company does not provide its own GDPR consent, personal data is deleted after 6 months. 

Technical Security Measures 

User access is secured through encrypted connections.  
Non-production environments (development and testing) are separated from production data. 
User data is restricted to the production environment; non-production environments use their own test data that is not derived from production data. 
Nelisa is continuously developed and tested, focusing on both functionality and security. 

Updates and patches are deployed on a daily basis. 

User Support 

Support requests are collected and tracked through Intercom and handled promptly by our customer support team during business hours (Mon–Fri, 08:00–17:00 CET/CEST, Prague/Bratislava). 

Contact: support@nelisa.com, +420 702 102 080 (CZ/SK/EN). 

Compatibility and Minimum Requirements 

Nelisa is accessible via a web browser and is compatible with major browsers, including Firefox, Chrome, Explorer/Edge, and Safari.  

JavaScript support and essential cookies are required. 
We recommend using the latest version of your browser for the best experience. 

Transferred Data 

Web access is available exclusively via encrypted HTTPS connections. 

Separation of individual client sessions is ensured through session cookies. 

All inbound and outbound production traffic is filtered. HTTPS is permitted only for user interaction, and encrypted access (SSH with key-based authentication) is used exclusively for application maintenance and updates. 

Authentication 

User accounts are considered individual (Nelisa strongly discourages account sharing among more user). 

Plain-text passwords are never stored and exist only in memory during user login.  

Passwords are stored exclusively in a hashed form. The hashing algorithm is continuously updated to reflect current technological standards. 

Data Storage and Infrastructure 

For storing data Nelisa uses managed MySQL from DigitalOcean.  

Servers run in containerized environments (Kubernetes) on Linux. 

Backups and restore options follow DigitalOcean’s default settings with a 7-day retention period: https://docs.digitalocean.com/products/databases/mysql/how-to/restore-from-backups/. 

Monitoring and Oversight 

Operational monitoring runs continuously (24/7). 

System status is checked daily: 

• We use a combination of external monitoring services and internal systems for monitoring. 
• To view the three-month operational history of Nelisa’s main entry points, please visit:  https://nelisa.betteruptime.com/. 
    

Development Lifecycle 

Development, integration, and testing environments are fully virtualized and run on a cloud platform. Each environment has different access permissions. The production environment is completely (physically) separated from non-production environments. 

Planning, development, and testing of all updates and new versions of Nelisa follow an agile development approach, using SCRUM sprints. 

All components used — including internally developed ones — are tested for stability, availability, and security before deployment to production, ensuring continued vendor and platform support. 

If security vulnerabilities are identified, updates (patches and fixes) are applied as quickly as possible after proper testing. 

Testing is continuous and performed in multiple layers: 

• Before any change is accepted into the source code, it undergoes developer review (local linting and the four-eyes principle). 
• Static code analysis is performed as part of quality control, using automated code review tools. 
• New functionality is manually tested. 
• Once all tests are successfully completed, a controlled deployment process is initiated and the new code is released to production. 
• Deployments are fully automated — manual interventions are not permitted. 

Audits and History 

System configuration audits are part of our internal processes.  

Personal data processing is overseen by a Data Protection Officer (DPO), who can be contacted at dpo@nelisa.com. 

History: Nelisa stores selected records related to: 

• Service usage. 
• Order management. 
• Candidate management. 
• Changes in company access permissions.