RECRUITER.AI

Policy on Personal Data Processing

Definitions and Terms

Automated processing of personal data - any personal data operation entirely or partly executed by automated means.

Blocking of personal data - temporary suspension of personal data processing, except processing required to clarify the data.

Information system of personal data - a set of personal data within databases, managed by information technologies and technical means.

Depersonalization of personal data - actions that make it impossible to link data to a specific individual without additional information.

Processing of personal data - any operation with personal data, including collection, recording, storage, modification, extraction, use, transfer, depersonalization, blocking, deletion, or destruction.

Operator (Data Controller) - Andersenlab or its affiliates, who determine the purposes and means of processing.

Personal data - any information relating to an identified or identifiable person.

Provision of personal data - actions disclosing data to a specific person or group.

Dissemination of personal data - actions disclosing data to an indefinite group.

Cross-border transmission - transfer of personal data to a recipient in another country.

Destruction of personal data - actions permanently deleting personal data from systems or media.

Cookies - small fragments of data from websites, stored on the user's device and sent to the server each time a site is accessed.

IP address - unique network address of a device in a computer network.

1. General Provisions

This Policy defines Andersenlab's approach to personal data processing, discloses implemented security measures, and explains candidate rights and company data protection obligations during AI-driven recruitment interviews.

It is developed and maintained in compliance with Regulation (EU) 2016/679 (GDPR) and other relevant European laws.

Requests or inquiries regarding personal data processing may be submitted to: dpo@andersenlab.com

The Policy is publicly accessible.

2. Principles and Conditions of Personal Data Processing

2.1 Principles of Personal Data Processing (GDPR)

Personal data processing by Andersenlab is carried out based on the following principles:

lawfulness, fairness, and transparency;
purpose limitation;
data minimization;
accuracy and up-to-date data;
storage limitation;
integrity and confidentiality;

2.2 Conditions of Processing

Personal data is processed under at least one of the following lawful bases (GDPR Art. 6):

explicit consent of the data subject;
processing necessary for contract performance or pre-contractual measures;
legitimate interest of Andersenlab, provided it does not override the rights or freedoms of the subject;

2.3 Confidentiality

We do not disclose personal data to third parties without explicit consent, except as required by law or for technical operations with appropriate safeguards.

2.4 Public Sources & Authorized Disclosure

Andersenlab does not create public sources of personal data and only publishes data with separate written consent from the data subject.

2.5 Special Categories and Biometric Data

If needed for platform operation (e.g. voice/video analysis), biometric or special category data are only processed with explicit consent and in accordance with GDPR Art. 9.

2.6 Delegation of Processing

Processing may be assigned to a third party (processor or sub-processor) under contractual guarantees and only with legitimate basis. All processors must meet EU regulatory requirements.

2.7 International Data Transfers

Data transfer outside the EEA only occurs with adequate safeguards (Standard Contractual Clauses, adequacy decisions).

3. Rights and Obligations

Within personal data processing, the following rights are determined for Andersenlab and personal data subjects.

Rights of the Data Subject:

right to access, correct, block, delete, restrict, object to processing;
right to withdraw consent;
right to data portability;
right to lodge a complaint with a supervisory authority;
right to request information regarding processing practices.

Rights of Andersenlab:

process data for stated legitimate purposes;
request accurate data needed for contract, identification, and compliance purposes;
restrict access to personal data where legally justified;

4. Legal Bases

Personal data processing is based on:

GDPR principles;
the subject's consent;
contractual necessity;
legal obligations;
legitimate interest;
vital interests where required.

5. Categories of Data Subjects & Data

Andersenlab may collect and process data from:

Candidates - audio/video, assessment results, contact info

Employees and former employees - current and former staff members

Clients, partners - business partners and clients

Interns - individuals in internship programs

Website users - individuals visiting company websites

Personal data includes:

identification information (name, contact, address);
professional details (CV, interview responses);
technical data (IP, cookies, browser info);
audio/video recordings during interviews.

6. Security Measures

Security of personal data is ensured via:

appointment of responsible personnel for data protection;
restricted access, encryption, user activity log;
firewalls, antivirus protection;
organization of compliant data handling procedures;
continuous risk assessment and technical measures;
appropriate safeguards for cross-border data transfer.

7. Final Provisions

Andersenlab reviews and updates this Policy as needed for compliance;
Responsible personnel are liable under EU law for breaches;
Amendments to this Policy take effect upon publication;
Latest version always available at andersenlab.com;