Privacy Policy

1. Introduction

CareerSpa ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller

CareerSpa is the data controller for your personal data. Our contact details are:

3. Information We Collect

3.1 Information You Provide

We collect information you voluntarily provide when:

• Creating an Account: Email address, password, role (Talent/Employer/Partner)
• Building Your Profile: Name, contact information, work history, education, skills, languages, location, salary expectations, preferences
• Uploading Your CV: CV files, parsed information from your CV
• Job Applications: Cover letters, application notes, interview feedback
• Using Relocation Services: Visa information, passport details, relocation preferences, document checklists
• CareerSpa Learning: Course enrollments, completion certificates, credentials
• Contacting Us: Messages, support requests, feedback

3.2 Automatically Collected Information

We automatically collect certain information when you use our Services:

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, device type, operating system
• Location Data: General location based on IP address (with your consent)
• Cookies and Tracking: Cookies, web beacons, and similar technologies (see Cookie Policy)
• Log Files: Server logs, error logs, access logs

3.3 Information from Third Parties

We may receive information about you from:

• Employers: Application status updates, interview feedback
• Partners: Visa processing status, relocation service updates
• Public Sources: Publicly available professional information (with consent)
• Analytics Providers: Aggregated usage statistics

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• Create and manage your account
• Provide job matching and recommendations
• Process job applications
• Facilitate communication between job seekers and employers
• Provide relocation support and visa assistance
• Deliver learning courses and credentials
• Analyze CVs and provide career insights

4.2 AI and Machine Learning

4.3 Communication

• Send account notifications and updates
• Respond to your inquiries and support requests
• Send job alerts and matching notifications (with your consent)
• Provide service updates and important information

4.4 Analytics and Improvement

• Analyze platform usage and user behavior
• Improve our Services and develop new features
• Conduct research and statistical analysis (anonymized data)
• Ensure platform security and prevent fraud

4.5 Legal Compliance

• Comply with legal obligations and regulations
• Respond to legal requests and court orders
• Protect our rights and the rights of users
• Enforce our Terms of Service

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

• Consent: When you consent to specific processing (e.g., marketing emails, AI processing)
• Contract: To fulfill our contract with you (providing the Services)
• Legal Obligation: To comply with legal requirements (e.g., tax, employment law)
• Legitimate Interests: To improve our Services, prevent fraud, ensure security
• Vital Interests: To protect your or others' safety (rare circumstances)

You can withdraw consent at any time where we rely on consent as the legal basis. Withdrawal does not affect processing that occurred before withdrawal.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

6.1 With Employers

When you apply for a job, we share your profile, CV, and application materials with the employer. Employers agree to use this information solely for recruitment purposes and to maintain confidentiality.

6.2 With Service Partners

When you use relocation services, we may share relevant information with:

• Visa processing partners
• Housing and relocation service providers
• Language training providers
• Other marketplace partners (with your consent)

6.3 Service Providers

We may share data with trusted service providers who assist us in operating our platform:

• Cloud hosting providers
• Analytics and monitoring services
• Email and communication services
• Payment processors
• AI and machine learning service providers

All service providers are bound by strict confidentiality and data protection obligations.

6.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

To exercise these rights, contact us at privacy@careerspa.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: While your account is active and for 2 years after last activity
• Job Applications: 7 years (employment law requirements)
• Consent Records: Until consent is withdrawn plus 1 year
• Legal Obligations: As required by law (e.g., tax records)
• Analytics Data: Anonymized data may be retained indefinitely

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10. International Data Transfers

Your data is primarily processed in the United Kingdom and European Economic Area (EEA). If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the ICO
• Adequacy decisions recognizing the country's data protection standards
• Your explicit consent where appropriate

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. For detailed information, see our Cookie Policy.

You can manage cookie preferences through your browser settings or our cookie consent banner.

12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered email address
• Prominent notice on our platform
• Updating the "Last Updated" date

Continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.