Privacy Policy

Data Controller: GlobalSponsorJobs Ltd, a company registered in England and Wales.

Contact: [email protected]

When this Privacy Policy refers to "we", "us", or "our", it means GlobalSponsorJobs Ltd. When it refers to "you" or "your", it means any individual who visits or uses our platform.

We do not collect sensitive special-category data (such as racial/ethnic origin, biometric data, or health information) unless you voluntarily include it in your CV or profile, in which case the processing is based on your explicit consent (Art. 9(2)(a) GDPR).

• Providing the Service: Processing registrations, enabling job applications, and managing your candidate profile.
• Matching & Recommendations: Surfacing relevant job listings based on your profile and search history.
• Communications: Sending transactional emails (account verification, password resets, application status updates).
• Platform Improvement: Analysing aggregated usage patterns to improve search relevance and user experience.
• Security & Fraud Prevention: Detecting and preventing abuse, unauthorised access, and fraudulent activity.
• Legal Compliance: Complying with applicable laws, responding to lawful requests, and enforcing our Terms.

We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your explicit consent.

We share your data only in the following circumstances:

• Employers: When you apply for a job, your application data (name, email, CV, cover letter) is shared with the hiring employer. By submitting an application you consent to this transfer.
• Service Providers: Trusted third-party processors (cloud hosting, email delivery, analytics) who operate under data processing agreements and may only process data on our instructions.
• Legal Authorities: Where required by law, court order, or regulatory authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

After the applicable retention period expires, data is securely deleted or anonymised.

Our infrastructure is primarily located within the United Kingdom and the European Economic Area (EEA). Where we transfer personal data outside these regions, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs).
• Transfers only to countries with an adequacy decision from the UK ICO or European Commission.
• Binding Corporate Rules where applicable.

We use cookies and similar technologies to operate and improve our Service:

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Service from functioning correctly.

Under UK/EU data protection law, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to Restrict Processing (Art. 18): Request that we limit how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a person under 16 without parental consent, we will delete that data promptly.

If you believe we have collected data from a child, please contact us immediately at [email protected].

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

• TLS encryption for all data in transit.
• Password hashing using industry-standard bcrypt.
• JWT-based authentication with short-lived tokens.
• Access controls limiting internal staff access to personal data on a need-to-know basis.
• Regular security reviews and penetration testing.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email and/or by displaying a prominent notice on our platform. The date of the latest revision is shown at the top of this page.

We encourage you to review this Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the revised Policy.

For any questions, requests to exercise your rights, or concerns about this Privacy Policy, please contact us:

• Privacy enquiries: [email protected]
• General support: [email protected]
• Postal address: GlobalSponsorJobs Ltd, London, United Kingdom

You also have the right to raise a complaint with the UK supervisory authority: Information Commissioner's Office (ICO) — ico.org.uk/make-a-complaint.