This privacy policy from Vettio (doing business as VETTIO) (“we”, “us” or “our), describes how we collect, store, use, share, and process your information when you use our Services (“Services”) through our website: Vettio (“Website”)and our mobile application (App) (Collectively referred to as “Platform”)

For the purposes of this privacy policy, Data Protection Laws mean all applicable worldwide legislation including, without limitation, European data protection laws:

• Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter, the "GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and
• Applicable national implementations of (i) and (ii); (iii) the GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (hereinafter, the "UK GDPR"); and
• Regulations of the United States of America, including the California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et. seq., and its implementing regulations (hereinafter, the "CCPA"), New York SHIELD ACT 2020, and New York City Local Law 144 of 2021 (AI Hiring Bias Law) applicable to the processing of the Personal Data (or an analogous variation of such term); and
• other applicable data protection and privacy laws.

What we do:

Primarily, we connect employees with potential employers. When a potential candidate registers with our Platform, our recruitment process ensures a comprehensive and transparent evaluation of candidates, benefiting both employers and employees. From the employee"s perspective, each candidate undergoes in-depth interviews conducted by industry domain experts, ensuring they are thoroughly assessed on skills, strengths, and potential beyond what is listed on a resume. This process allows employees to showcase their expertise and experience in a manner that is tailored to the specific role, giving them a fair chance to highlight their strengths.

From the employer"s perspective, our recruitment process ensures that when a candidate is presented, a comprehensive evaluation of the employee is provided rather than a basic overview.

What information do we collect?

We collect personal information you voluntarily provide us when you register to our Website and App to avail the Services. When you register with our Platform, we ask for the following information:

• Name
• Email ID:
• Job Title:
• Username:
• Password:
• Curriculum Vitae (CV):
• Employment History:
• Educational Information:
• Salary Preference:
• Location:

PLEASE NOTE: We do not ask our users to upload any documents about their finances, employment, or other confidential information except for the information mentioned above.

Sensitive Information: We do not collect any sensitive information.

Financial Information: We do not collect any financial information such as payment instrument numbers and any security codes associated with the payment instrument.

Purpose of Data Processing

We collect personal data for the following purposes:

• Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Job Matching: We use the information to assess your qualifications and match you with job opportunities that align with your experience and preferences.
• Application Processing: The data is used to assist with job applications and related processes, such as scheduling interviews or submitting resumes to employers.
• Improvement of Services: We analyze and use the data to improve our Services and its performance, understand user interaction, and enhance the overall recruitment experience.
• Compliance with Legal Obligations: We use the data to comply with applicable laws, including data protection regulations, and to respond to legal requests or government authorities.

Data Sharing

We may disclose your personal information to the following categories of recipients:

Please remember the following information about who we may share your personal information with:

• Potential employers
• Our group companies, third-party service providers, and partners who assist in data processing to support the delivery, functionality, security, and features of our Services
• Any competent law enforcement body, regulatory, government agency, court, or other third party if we believe disclosure is necessary due to applicable law or regulation, to exercise or defend our legal rights, or to protect vital interests
• In connection with any proposed purchase, reorganization, merger, or acquisition of any part of our business, provided that the buyer agrees to use your personal information only for the purposes disclosed in our privacy policy.
• Any other person with your consent

International Data Transfers

Please remember the following:

• Your personal information may be transferred, stored, and processed in a country outside of your home jurisdiction. This may include countries that do not provide the same level of data protection as the one in which the data was originally collected. Under the GDPR, such transfers are only permitted if specific safeguards are in place to ensure your information is adequately protected. These safeguards may include Standard Contractual Clauses (SCCs), or other approved mechanisms that ensure your personal information remains protected at an equivalent level to EU standards.
• For California residents under the CCPA, any transfer of personal information outside the U.S. will follow CCPA guidelines, ensuring that your rights to opt out of the sale of personal information and other privacy rights are respected, even when your data is processed in jurisdictions outside of California. We also ensure that any third-party processors with whom your data is shared maintain the same level of privacy and security protections mandated by the CCPA.
• As required by the New York SHIELD Act, we maintain administrative, technical, and physical safeguards to protect your personal information, even when it is transferred to other countries. These safeguards are designed to protect your data from unauthorized access, loss, or misuse, regardless of where it is processed. In cases where your personal information is transferred across borders, we will inform you of the jurisdictions involved and the specific measures in place to protect your information, in compliance with applicable laws.
• For users currently residing in the UAE, we may transfer your personal data to jurisdictions outside the UAE. All transfers shall comply with UAE Federal Law No. 45 of 2021 (PDPL), DIFC Data Protection Law, and ADGM Data Protection Regulations. If the destination jurisdiction does not provide adequate protection as determined by the relevant authority, we will implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), or obtain your explicit consent after informing you of potential risks. For more information or to exercise your rights regarding cross-border transfers, you may contact our Data Protection Officer.

Third-Party Services

The Services may include mentions and hyperlinks to other third-party websites and services. Any personal information you choose to share on third-party sites or services is collected directly by that third party and is governed by their privacy and security policies. Our responsibility does not extend to the content or privacy and security practices of third-party sites or services. We use the following third party services:

• AWS - Link
• OPEN AI - Link
• SENDGRID - Link

We recommend familiarizing yourself with the privacy and security policies of third parties before sharing your personal information with them.

Data Subject Rights

Under the Data Protection Laws, you have the following rights:

• Right to Access: You can request access to the personal information we hold about you, including the purposes for which it"s used and with whom it"s shared.
• Right to Correction: If your data is inaccurate or incomplete, you can ask for corrections. This applies to personal information stored by us. The CCPA also allows you to request updates to inaccurate information we process.
• Right to Deletion: You can request deletion of your personal information if it"s no longer needed, if you withdraw consent, or if the data has been unlawfully processed. CCPA lets you request this unless the data must be retained for legal reasons. We shall delete your data upon request in 30 days in accordance with the Data Protection Laws.
• Right to Object to Automated Decisions: If automated systems like AI evaluate your job application, you can ask for a human review of those decisions.
• Right to Data Portability: You may request your data in a portable, machine-readable format. This allows you to transfer it to another service provider, and we can assist in doing so directly where possible.
• Right to Withdraw Consent: If you have given consent for data processing, you can withdraw it at any time, stopping further processing.
• Right to Opt-Out of Sale of Personal Information: The CCPA gives you the right to opt out of the sale of your personal information. For clarification, we would like to confirm that we do not sell any personal information to third parties.

Data Retention Period

We retain your personal information for as long as it is necessary to process your information to keep providing you with the Services unless retention is required by law (such as tax, accounting, or other legal requirements).

If you request the deletion of your personal information, we will delete your information and comply with your request while only retaining information as required by law.

Data Processing of Minors

We do not process any information relating to minors. By accepting our terms of use, users represent to us that they are at least 18 years old and that either a parent or a legal guardian has provided consent to use our Services. It should also be noted that while we may conduct verification of the information provided by you during your use of our Services. If it is made known to us that we have collected any information pertaining to minors, we will immediately deactivate the account and delete all information pertaining to minors. Users may contact us on [email protected] to notify us if they become aware that we may have received such information.

Security Measures

We implement technical and organizational measures to ensure that your personal information is secured. These measures are implemented to safeguard your personal information to prevent any unauthorized access, prevent misuse, and to protect the confidentiality of our users.

We implement the following security measures:

• Data Encryption: We use encryption protocols (such as AES-256) to protect your data both in transit and at rest. This ensures that any data you provide or that is stored in our cloud infrastructure is secure from unauthorized access.
• Regular Security Audits: Our systems undergo regular security audits and assessments to identify and address any vulnerabilities. We perform continuous monitoring to ensure that all cloud-based services meet industry-standard security practices.
• Data Access Control: Access to sensitive data is strictly role-based, and only authorized personnel have access to the data based on their job responsibilities. We enforce the least privilege principle to minimize potential risks.
• Data Masking and Anonymization: Where applicable, we use data masking and anonymization techniques to protect your personal information while ensuring that data can still be used for processing or analysis without exposing sensitive details.
• Firewalls and Intrusion Detection Systems (IDS): We utilize firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor, detect, and block malicious activities or unauthorized access to our network and cloud resources.
• Secure Data Backup: Your data is backed up regularly using secure, encrypted storage solutions to ensure availability and protection from data loss or corruption. Backup data is also encrypted and stored separately to reduce risk.

Identity and Contact Information

If you have a question about this privacy policy or wish to inquire further about our Services and handling practices, please contact us as follows:

[email protected]

Waiver of Legal Liability

As defined herein, the best and most robust information security architecture has been deployed to ensure a seamless user experience and protect user rights. However, in the unlikely event of a data breach, system failure, or any arising dispute, reasonable efforts shall be made to resolve the dispute amicably. The user understands that certain unavoidable risks arise in the normal course of business operations and consents to hold Vettio, and their affiliates harmless against all claims of loss (financial or non-financial), damages, or injury, whether direct or indirect, to the maximum extent permissible under applicable law, except in cases of gross negligence or willful misconduct.

Changes to the Privacy Policy

We may update this privacy policy as necessary from time to time. The updated version will be made available on our Website and App and will become effective as soon as it is accessible to our users. We will notify you of any material changes in the privacy policy by directly sending you a written notification. We encourage all our users to review the privacy policy and to remain informed about how we protect your privacy.