Privacy Policy
Welcome to CV Sifter (“Service”), operated by CORTX AI LIMITED(“we”, “our”, “us”). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy (“Policy”) outlines how we collect, use, disclose, and safeguard your information when you visit our website cvsifter.com (“Website”) and use our services. Please read this Policy carefully. By accessing or using our Service, you agree to the terms of this Policy.
1. Definitions
- “Personal Data”: Any information relating to an identified or identifiable natural person (“Data Subject”).
- “Processing”: Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
- “Data Controller”: CORTX AI LIMITED, the entity responsible for determining the purposes and means of Processing your Personal Data.
- “Data Processor”: Any third party processing Personal Data on behalf of the Data Controller.
- “GDPR”: General Data Protection Regulation (EU) 2016/679.
- “Cookies”: Small data files stored on your device to improve your browsing experience.
- “Data Subject”: The individual to whom the Personal Data relates.
- “Third-Party Services”: Services provided by entities other than us, such as Stripe for payment processing.
2. Controller Information
CORTX AI LIMITED
Registered Office: Sutton Vale Country Club, Vale Road, Dover, England, CT15 5DH
Company Number: 15284483
Email: privacy@cortx.co
Phone: 0843 122 8260
3. Information We Collect
3.1 Personal Data You Provide to Us
- Account Information: When you register for an account, we collect your name, email address, password, and billing information.
- CVs and Job Descriptions: The CVs, job descriptions, and any other documents you upload to the Service.
- Usage Data: Information about how you use the Service, including your IP address, browser type, device information, and access times.
- Communications: Any correspondence between you and us, including emails and support requests.
- Payment Information: Billing details processed securely through our payment provider, Stripe.
3.2 Automatically Collected Information
- Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your interactions with our Website and Service. For more details, please refer to our Cookie Policy.
- Log Files: Like many websites, we collect information that your browser sends whenever you visit our Website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
3.3 Information from Third Parties
We may receive Personal Data about you from third parties, such as business partners, public sources, or other third parties, and combine it with information we collect through our Service.
4. How We Use Your Information
We use your Personal Data for the following purposes:
- To Provide and Maintain the Service: Including processing CVs, matching them against job descriptions using our AI engine, and managing your account.
- To Process Payments: Handling transactions through our payment provider, Stripe.
- To Communicate with You: Responding to your inquiries, sending service updates, and providing customer support.
- To Improve Our Service: Analyzing usage data to enhance functionality and user experience.
- To Ensure Security: Protecting against fraud, unauthorized access, and other security threats.
- Compliance and Legal Obligations: Fulfilling legal requirements and responding to lawful requests by public authorities.
- Marketing and Promotional Purposes: With your consent, we may send you promotional materials and updates about our services.
5. Legal Basis for Processing
Under the GDPR, we rely on the following legal bases to process your Personal Data:
- Consent: Where you have given clear consent for us to process your Personal Data for specific purposes.
- Performance of a Contract: Processing necessary to provide and manage our Service.
- Legitimate Interests: Processing necessary for our legitimate business interests, provided your rights do not override those interests.
- Legal Obligations: Compliance with legal requirements.
6. Data Obfuscation and AI Processing
To ensure compliance with data protection regulations and enhance data security, we implement the following measures:
6.1 Data Obfuscation
- Anonymization: Before any CV is processed by our AI engine, personally identifiable information (PII) is obfuscated. This includes removing or anonymizing names, contact details, and other sensitive information to prevent unauthorized identification of individuals.
- Pseudonymization: Where necessary, data is pseudonymized to further protect the identity of Data Subjects during processing.
6.2 AI Processing
- Automated Analysis: The obfuscated data is then analyzed by our AI systems to match CVs with job descriptions. This process ensures that the core functionality of CV Sifter operates without compromising personal privacy.
- Data Minimization: We ensure that only the necessary data required for processing is used, adhering to the principle of data minimization under GDPR.
6.3 Continuous Monitoring and Improvement
- Regular Reviews: We regularly review and update our data obfuscation techniques to align with best practices and regulatory standards.
- Audits and Assessments: Conducting periodic audits and assessments to ensure the effectiveness of our data protection measures.
7. Data Storage and Transfer
7.1 Data Centre Location
All Personal Data is stored in data centres located within the United Kingdom, ensuring compliance with UK data protection laws.
7.2 Data Transfers
- Within the UK: We do not transfer your Personal Data outside the UK. All processing activities are confined within the UK to maintain compliance with GDPR.
- International Transfers: In the event that we need to transfer data outside the UK, we will ensure appropriate safeguards are in place in accordance with GDPR requirements, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
8. Data Security
We implement robust security measures to protect your Personal Data from unauthorized access, alteration, disclosure, or destruction, including:
- ISO Certifications: Our platform is certified under ISO/IEC 27001 and ISO 42001, adhering to international standards for information security management.
- Encryption: All data transmitted between your device and our servers is encrypted using industry-standard protocols (e.g., TLS).
- Access Controls: Strict access controls ensure that only authorized personnel can access your data.
- Regular Security Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
- Incident Response Plan: We have an established incident response plan to promptly address any data breaches or security incidents.
9. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Specific retention periods are as follows:
- Account Information: Retained for as long as your account is active or as needed to provide the Service.
- CVs and Job Descriptions: Retained for as long as necessary to process your requests and improve our Service.
- Usage Data: Retained for analytical and performance monitoring purposes, typically for up to 12 months.
- Payment Information: Retained for the duration necessary to comply with financial regulations and for tax purposes.
- Communications: Retained for as long as needed to resolve disputes, enforce our agreements, and comply with legal obligations.
10. Your Rights Under GDPR
You have the following rights regarding your Personal Data:
- Right to Access: Request access to the Personal Data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
- Right to Erasure: Request deletion of your Personal Data under certain conditions.
- Right to Restrict Processing: Request limitation of processing your Personal Data.
- Right to Data Portability: Receive your Personal Data in a structured, commonly used, and machine-readable format.
- Right to Object: Object to certain types of processing, including direct marketing.
- Rights Related to Automated Decision-Making and Profiling: Request human intervention, express your point of view, and contest any decisions made solely based on automated processing.
10.1 Exercising Your Rights
To exercise any of these rights, please contact us using the contact details provided in Section 15. We may require you to verify your identity before processing your request.
10.2 No Fee
You are entitled to have your Personal Data processed free of charge, except where requests are manifestly unfounded or excessive.
11. Children’s Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently received Personal Data from a child, we will take steps to delete such information promptly.
12. Third-Party Services
We may integrate or link to third-party services (e.g., Stripe for payments). These services have their own privacy policies, and we encourage you to review them. We are not responsible for the practices or content of these third parties.
13. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our Website. For detailed information on how we use cookies, please refer to our Cookie Policy.
14. Changes to This Privacy Policy
We may update this Policy from time to time. We will notify you of any changes by updating the “Last Updated” date at the top of this Policy. Significant changes may also be communicated via email or through our Website. Your continued use of the Service after the changes become effective constitutes your acceptance of the new Policy.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
CORTX AI LIMITED
Registered Office: Sutton Vale Country Club, Vale Road, Dover, England, CT15 5DH
Email: privacy@cortx.co
16. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR requirements. To contact our DPO, please emailprivacy@cortx.co.
17. Third-Party Links
Our Website may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. You acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such websites or services.
18. International Data Transfers
As all data processing occurs within the UK, your Personal Data is not transferred outside the European Economic Area (EEA). In the event that we need to transfer data outside the UK, we will ensure appropriate safeguards are in place in accordance with GDPR requirements.
19. Automated Decision-Making and Profiling
Our Service may involve automated decision-making processes, including profiling, to match CVs with job descriptions. These processes are designed to enhance the efficiency and accuracy of our Service. You have the right to request human intervention, express your point of view, and contest any decisions made solely based on automated processing by contacting us at privacy@cortx.co.
20. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms.
21. Data Processing Agreements
Where we act as a Data Processor on behalf of another Data Controller, we enter into Data Processing Agreements (DPAs) to ensure compliance with GDPR requirements. These agreements outline the scope, nature, and purpose of Processing, as well as the obligations and rights of both parties.
22. Consent Withdrawal
Where we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of Processing based on consent before its withdrawal. To withdraw your consent, please contact us at privacy@cortx.co.
23. Data Protection Impact Assessments (DPIAs)
We conduct Data Protection Impact Assessments (DPIAs) for our high-risk Processing activities to identify and mitigate potential risks to Data Subjects’ privacy and rights. DPIAs help us ensure that our Processing activities are compliant with GDPR and other relevant data protection laws.
24. Training and Awareness
We ensure that our employees and contractors are aware of and understand their responsibilities regarding data protection and privacy. Regular training is conducted to maintain high standards of data protection within our organization.
25. Data Minimization and Purpose Limitation
We adhere to the principles of data minimization and purpose limitation, ensuring that we only collect and process Personal Data that is necessary for the specific purposes outlined in this Policy. We do not process Personal Data in ways that are incompatible with these purposes.
26. Retention of Anonymized Data
In addition to Personal Data, we may retain anonymized data that does not identify any individual. This anonymized data is used for analytical and research purposes to improve our Service and is not subject to GDPR.
27. Use of Sub-processors
We may engage sub-processors to assist us in providing the Service. We ensure that all sub-processors are bound by data protection obligations that are at least as protective as those outlined in this Policy and GDPR. A list of our current sub-processors is available upon request.
28. Your Consent
By using our Service, you consent to the collection, use, and disclosure of your Personal Data as described in this Policy. If you do not agree with our practices, please do not use our Service.