Privacy Policy & GDPR

2. Personal Data We Collect

We may collect and process the following categories of information:

A. Information Provided Directly by You

• Identity details: name, email, phone number
• CV content: employment history, education, skills, qualifications
• Profile photographs or portfolio attachments (optional)
• Recruiter organizational information and verification details

B. Automatically Collected Data

• IP address, device details, browser type, and operating system
• Geolocation indicators (approximate)
• Log data: access dates, times, session duration
• Cookies and similar tracking technologies

C. Communications & Interaction Data

• Correspondence between Jobseekers and Recruiters
• Support records and verification responses

D. Payment Information

Transaction records and billing confirmation (Processed securely by third-party payment providers — we do not retain full card details)

E. Restricted and Prohibited Data

Users must not upload:

• Government-issued identification numbers
• Biometric, medical, or highly sensitive personal data
• Political, religious, or union-related data unless legally required for job eligibility

Such data may be removed without notice.

3. Legal Basis for Processing

Where required by applicable law, we rely on:

You may withdraw consent at any time without affecting prior lawful processing.

4. Purpose of Processing Personal Data

We use information to:

• Provide and enhance the Services
• Generate and maintain shareable résumé links
• Facilitate employer access to candidate profiles
• Enable legitimate recruitment outreach
• Authenticate accounts and prevent fraudulent activity
• Conduct analytics to improve performance and security
• Comply with applicable legal and regulatory requirements

We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement.

5. Sharing and Disclosure of Data

We may share Personal Data only with:

• Verified Recruiters (subject to visibility settings)
• Authorised service providers (hosting, analytics, payment processing, cybersecurity)
• Regulatory authorities when legally compelled
• Successor entities in business restructuring, merger, or acquisition

We never sell Personal Data to unauthorized third parties or data brokers.

6. International Transfers

Personal Data may be processed in jurisdictions outside your residence, including the United States. All such transfers are conducted under appropriate legal safeguards such as Standard Contractual Clauses, data residency controls, and industry-standard protections.

7. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes set out in this Policy, or longer if required by law.

Inactive or dormant accounts and CV links may be deactivated or removed after a reasonable period, subject to lawful retention obligations.

8. User Rights & Requests

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete Personal Data
• Restrict or object to processing
• Transfer Personal Data to another controller ("data portability")
• Withdraw consent at any time
• Opt-out of marketing activities

EU/UK users may escalate concerns to their Data Protection Authority. We may require identity verification before processing such requests.

9. Cookies & Tracking Technologies

We utilize cookies for:

• Essential authentication and functionality
• Performance analytics
• Advertising and personalization (only with lawful consent)

Details and jurisdiction-specific controls are provided in our GDPR & Cookie Policy section below.

10. Data Security

We maintain a comprehensive security program designed to protect Personal Data through:

• Encryption (in transit and at rest)
• Advanced access controls and authentication
• Routine audits, risk assessments, and threat monitoring

No method of electronic storage is infallible; therefore, absolute security cannot be guaranteed.

11. Fraud Detection & Enforcement

We may:

• Monitor activities to detect fraud, abuse, or policy breaches
• Take immediate action against misconduct, including suspension, data preservation, and referral to authorities

12. Data Breach Notification

In the unlikely event of a data breach affecting Personal Data:

• Affected Users and applicable authorities will be notified within statutory timeframes
• Prompt remediation measures will be implemented

13. Business Continuity & Corporate Events

In the event of a merger, acquisition, or restructuring, Personal Data may be transferred to the new controlling entity. All protections under this Policy will continue to apply until formally amended.

14. Amendments to This Policy

We reserve the right to update this Policy at any time. Material updates will be communicated via our Platforms or by email when appropriate. Continued use of the Services constitutes acceptance of any modifications.

15. Contact Information

For privacy inquiries or to exercise your rights:

We will respond to verified requests within legally required timelines.

1. Data Controller

The Company is the Data Controller with respect to Personal Data processed through the Platforms:

Where required under GDPR or UK GDPR, the Company shall appoint and publish the details of an EU Representative and/or UK Representative.

2. Lawful Basis for Processing

Processing of Personal Data is conducted exclusively on one or more lawful bases as defined by GDPR Article 6:

• Consent
• Contract performance
• Legal obligation
• Vital interests
• Public task
• Legitimate interests

Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

3. Data Subject Rights

EU/UK users retain the following rights, subject to statutory limitations:

• Right of Access — confirmation and access to Personal Data
• Right to Rectification — correction of inaccurate or incomplete data
• Right to Erasure — deletion in accordance with Article 17
• Right to Restrict Processing
• Right to Data Portability
• Right to Object — including objections to profiling or legitimate interest processing
• Right to Withdraw Consent at any time
• Right to Lodge a Complaint with a competent supervisory authority

The Company will respond to verified rights requests within one (1) month, subject to lawful extensions.

4. Public Profile Visibility & Search Indexing

At the voluntary election of a Jobseeker, CVs may be made publicly accessible.

By enabling public visibility, the user expressly consents to:

• Availability to verified recruiters
• Limited discoverability through search engine indexing

Users retain full control and may modify visibility settings at any time.

5. Allocation of Compliance Responsibilities

Recruiters accessing Jobseeker Personal Data through PreviewCV.com act as independent Data Controllers for their subsequent use of such data, including:

• Lawful processing
• Data minimization and retention practices
• Responding to candidate privacy requests

Recruiter misuse may result in:

• Immediate suspension
• Reporting to regulatory authorities
• Enforcement through legal proceedings

This clause ensures liability isolation for the Company.

6. Data Minimization & Prohibited Data

Users must disclose only Personal Data relevant to recruitment purposes. Submitting the following is strictly prohibited:

• Biometric data, health information, union membership
• Government-issued identification numbers
• Data revealing racial/ethnic origin, political opinions, or religious beliefs (unless legally required for employment eligibility and voluntarily submitted)

The Company reserves the right to remove such data without notice.

7. Accountability & Vendor Management

The Company shall:

• Maintain Records of Processing Activities (RoPA)
• Conduct Data Protection Impact Assessments (DPIAs) where required
• Execute Data Processing Agreements (DPAs) with all compliant service providers
• Perform ongoing security and compliance audits

8. International Data Transfers

Personal Data may be transferred to jurisdictions outside the EU/UK, including the United States. All cross-border transfers utilize appropriate legal safeguards:

• Standard Contractual Clauses (SCCs)
• Transfer Impact Assessments
• Encryption and access limitation controls

Details may be provided upon request where legally permitted.

9. Cookie & Tracking Technology Usage

The Platforms deploy cookies as categorized below:

No non-essential cookies are placed without explicit prior consent through the Cookie Consent Banner. Users may adjust preferences at any time via Cookie Settings.

10. Do Not Track Signals

Due to varying interpretations and lack of binding standards, the Company does not currently respond to browser-based Do Not Track ("DNT") signals.

11. Automated Decision-Making

The Company does not perform automated decision-making producing legal or similarly significant effects on users without meaningful human involvement.

12. Retention & Deactivation

Personal Data is retained only for the duration necessary to fulfill contractual and legal obligations. Dormant accounts and public CV links may be deactivated following reasonable advance notice, subject to lawful record retention exceptions.

13. Data Security

We maintain a comprehensive security framework including:

• Encryption of data in transit and at rest
• Strict access role controls
• Intrusion detection and real-time threat monitoring
• Regular vulnerability assessments and remediation

Despite these measures, no system can be guaranteed impregnable.

14. Data Breach Notification

In the event of a Personal Data breach presenting risk to your rights:

• Notification to affected individuals will occur without undue delay
• Supervisory authorities will be notified within the deadlines prescribed by law

15. Complaints Procedure

Initial complaints should be directed to:

Unresolved concerns may be escalated to your local Data Protection Authority. (List available from the European Commission website)

16. Amendments

This Policy may be amended to reflect legal, operational, or technical developments. Updated versions will display a new "Last Updated" date. Continued use of the Platforms constitutes acceptance of any revised Policy.

17. Acknowledgment

By accessing the Platforms from within the EU/UK and by providing consent to non-essential cookies where applicable, you:

• Acknowledge this Policy
• Affirm that you understand your rights
• Consent to the processing and international transfer of your Personal Data in accordance with GDPR/UK GDPR