Candidate Data Protection

KaaZ is committed to responsible handling of candidate personal data. We comply with applicable data protection legislation, including India's Digital Personal Data Protection Act, 2023 (DPDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).

As a registered job seeker, we may hold the following categories of personal data:

• Identity Data: Full name, date of birth, gender.
• Contact Data: Email address, mobile number, permanent address, communication address.
• Professional Data: Work history, educational background, skills, certifications, projects.
• Document Data: Resume/CV files, portfolio links, LinkedIn and GitHub profiles.
• Technical Data: IP address, browser type, device information, login timestamps.
• Application Data: Records of job applications submitted through the Platform.

We process your personal data under the following lawful bases:

• Contract: To provide the job marketplace services you have registered for.
• Consent: When you choose to share profile information with employers.
• Legitimate Interests: For Platform security, fraud prevention, and service improvements.
• Legal Obligation: Where we are required by law to process certain data.

When you apply to a job or your profile is visible to employers on sourcing tools:

• Employers can view your name, professional summary, skills, experience, education, and contact information.
• Employers can view your personal details (DOB, gender, address) where provided.
• Employers are bound by our Employer Fair Usage Policy and may only use your data for recruitment purposes.
• We do not sell your data to employers or third parties.

You control how your profile is visible on the Platform:

• Open to Work: Enabling this makes your profile discoverable by employers in candidate search.
• Profile Visibility: You can set your profile to public or private in your profile settings.
• If you disable visibility, employers cannot find you through search, though applied-to employers retain access to your application.

• Active Accounts: We retain your data for as long as your account is active.
• Deleted Accounts: Upon account deletion, personal data is anonymised or deleted within 30 days, except where we are required to retain it for legal or audit purposes.
• Application Records: Application history and employer notes may be retained for up to 12 months following the close of a recruitment process.

You have the following rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data (many fields can be updated directly in your profile).
• Right to Erasure: Request deletion of your personal data (subject to our legal retention obligations).
• Right to Restriction: Ask us to temporarily restrict processing of your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@kaaz.works. We will respond within 30 days.

We employ comprehensive technical and organisational security measures:

• Authentication: HTTP-only JWT cookies, bcrypt password hashing (cost factor 10+).
• Transport Security: All data is encrypted in transit via TLS/HTTPS.
• Access Control: Role-based access control ensures you only see data you are authorised to access.
• Rate Limiting: Sensitive endpoints (login, registration, password reset) are rate-limited to prevent brute-force attacks.
• File Storage: Uploaded resumes and documents are stored securely in Cloudinary with access controls.
• Database Security: MongoDB with network-level access restrictions and encrypted connections.

Your data may be processed on servers located outside India. In such cases, we ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your data in accordance with applicable law.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and report to the relevant supervisory authority as required by law.

For data protection queries or to lodge a complaint, contact our Data Protection point of contact at privacy@kaaz.works.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.