CareerBoost AI
Back to Home

GDPR Compliance

Last Updated: May 1, 2025

Introduction

At CareerBoost AI, we are committed to protecting the privacy and rights of our users. This GDPR Compliance Statement explains how we comply with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

Data Controller

CareerBoost AI acts as a data controller for the personal data we collect and process. As a data controller, we determine the purposes and means of processing personal data.

Legal Basis for Processing

We process personal data on the following legal bases:

  • Consent: We process personal data based on the explicit consent provided by users when they register for our services, upload their resumes, or participate in mock interviews.
  • Contractual Necessity: We process personal data as necessary to fulfill our contractual obligations to users who have subscribed to our services.
  • Legitimate Interests: We process personal data based on our legitimate interests, such as improving our services, ensuring security, and preventing fraud, as long as these interests are not overridden by the user's interests or fundamental rights and freedoms.
  • Legal Obligation: We process personal data to comply with legal obligations to which we are subject.

Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data:

  • Right to Access: Users have the right to request access to their personal data and to receive information about how it is processed.
  • Right to Rectification: Users have the right to request that inaccurate or incomplete personal data be corrected.
  • Right to Erasure (Right to be Forgotten): Users have the right to request the deletion of their personal data under certain circumstances.
  • Right to Restriction of Processing: Users have the right to request the restriction of processing of their personal data under certain circumstances.
  • Right to Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: Users have the right to object to the processing of their personal data under certain circumstances.
  • Right to Not be Subject to Automated Decision-Making: Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

To exercise any of these rights, users can contact us at support@careerboost.digital. We will respond to all requests within one month.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing, assessing, and evaluating the effectiveness of security measures
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also communicate the personal data breach to the affected users without undue delay.

Data Protection Impact Assessment

Where a type of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons, we will, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

International Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect the personal data, such as:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
  • Implementing binding corporate rules

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Statement and our privacy practices. If you have any questions about this statement or how we handle your personal data, please contact our DPO at dpo@careerboost.digital.

Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this statement periodically to stay informed about how we are protecting your personal data.