Legal

Privacy Policy

Effective Date: 21/05/2023

Company information

Elevatus Inc.
Craigmuir Chambers, Road Town,
Tortola, British Virgin Islands

Statement

Elevatus is an end-to-end enterprise recruitment and hiring solution provider. Using our cutting-edge technology, we help businesses worldwide accelerate their growth, achieve greater success and digitally transform their hiring processes.

We are committed to transparency about the data we collect about you, how it is used, with whom it is shared and under what context and legal basis.

Disclaimer

Elevatus is committed to comply with all regional privacy laws and regulations such as GDPR.

This Privacy Policy applies when you use our Products (described below). We offer our users choices about the data we collect, use and share as described in this Privacy Policy.

As per [GDPR, Chapter 4, Article 37-39], a designated Data Protection Officer (DPO) is employed and given complete autonomy over tasks such as, but not limited to:

  • Informing Elevatus and its employees of their obligations pursuant to the GDPR.
  • To monitor and evaluate compliance with the data protection provisions regarding the protection of personal data. This includes training of staff of their respective responsibilities towards processing operations.
  • Continuously assess and identify impact and gaps to maintain audit continuity; and
  • Handle and help you exercise your rights as data subjects of Elevatus.

Introduction

Elevatus is a technology provider. People use our (”Products”) – constituent parts that make up our (”Platform”) – to create pipelines, stages, questionnaires that may represent vacancies, assessments, interviews and more. People also use our platform to track, manage, monitor and evaluate, as well as apply and be processed by platform. Our Privacy Policy applies to any User of our Products or Platform. Our registered users, commonly referred to as recruiters, employers, headhunters, managers, supervisors and applicants (”Users”, “you”) share their professional identities,
Automation processes are defined by the Company (Controller). Share video content and engage in various pre-designed processes such as hiring. Others, namely people invited to interviews who are not registered are considered (”Visitors”, “you”).

Product and Platform

As a Visitor of our Platform or User of our Products, the collection, use and sharing of your personal data are subject to this Privacy Policy and updates. This Privacy Policy applies to your use of our Products and our Platform.

Changes to the Policy

Elevatus (”we” or ”us”) can modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Products, or by other means, to provide you with the opportunity to review the changes before they become effective. If you object to any changes, you may close your account. Changes to the Privacy Policy apply to your use of our Products after the ”effective date”.

Roles and Obligations

The particulars about what data we collect is further elucidated in the following section, titled ‘Data We Collect`.

When Elevatus is a Data Controller

We are a Controller when it comes to processing your data for our own purpose of improving our technologies and business by analyzing your data and/or training artificially intelligent algorithms.

As an Applicant

As an Applicant, these data may involve pseudonymized postings and applications, videos you record and content such as extracted speech and text. These data are utilized for the only purpose of improving our learning algorithms to yield a better, less biased experience of our platform.

As a Company or Applicant

Your data may be used to feed our ontology and our algorithms in order to allow us to serve powerful recommendations to you in the form of suggestions and recommendations, making the system smarter as a whole and the process more efficient.

When Elevatus is a Data Processor

We are a Processor when it comes to storing, managing and serving your data on your behalf as part of our Contractual obligations to you, consent given by you, or as part of legitimate interests.

As an Applicant

We process your information for the Company (the Controller) that you register to. The data we collect and process are your personal information pertaining to the purpose entailed and defined by the Company. The Company entrusts us to process your data.

As a Company

We are your data processor and we process your information and the Applicant’s information on your behalf.

Data we Collect

Registration

Upon signing up as a “User”, you are required to enter your identification information such as your first name, last name, company name, email address, and an encrypted password (which is unknown to us). You are then directed accordingly to the purpose of your registration. If you are a registered entity (“Company”), then you are directed towards the Company profile builder, upon which you may be required to disclose more information about your Company.

If you are a person (“Applicant”), upon signing up, you are required to enter your first name, last name, email address, and an encrypted password. You may share your phone number if you choose – in some regions you may be required to. Afterwards, you are directed to the Applicant profile builder, upon which you may provide data not limited to your educational background, work experience, achievements and a video CV where you may present yourself. These will be visible in your profile to those who have a link to your profile, namely the Company on whose career portal you have signed up.

Assessments

As an Applicant, during video-based assessments and interviews, we collect and store data consisting of your videos and your details when you register for the assessment such as your email address and name. These data are important to identify you to the Company that invited you to the assessment.

As a Company, we save all data pertaining to managing and evaluating applicants to your video assessments. 

Tracking System

As an Applicant, you may be processed through a tracking system with custom made pipelines and automation rules defined by the Company. We track your progress through the system and keep your data safe and secure. Data that may be stored could, for example, be private or confidential documents that need to be submitted to the Company as per their requirements.

As a Company, we save all data pertaining to the tracking of applicants through your own customized templates, questionnaires and pipelines.

Branding

As a Company, we store all data you use to edit and customize the branding of your portal. Data included could be photos of team members, videos that may showcase the culture and image of your company, social media links.

Interviews and Video Meetings

As an Applicant or a Company, any video recorded or uploaded to the platform will be saved and stored securely on our servers.

Automated Hiring Pipelines

We provide the capability to easily define automated hiring pipelines. It is crucial to note that we do not create these pipelines nor determine the motives or grounds for their use in any particular way. 

If you are a registered entity (“Company”) then you may use our Platform to define a multitude of pipelines, questionnaires, templates and the associated logic for (“Applicants”) to undergo for various purposes of your own determination. For example, these pipelines may be hiring pipelines with different stages where automation occurs by defining how movement between stages in the pipeline occurs. You may perhaps create the automation logic for a stage in the pipeline for document submission where you may request Applicants to submit a specific document. Upon successful completion by the Applicant, they are automatically moved to the next stage. 

If you are an Applicant, then by registering to a Company’s portal your data will be processed according to the Company’s definitions and purpose. Nevertheless, we assert that any Company cannot use artificial intelligence technologies during decision-making stages as they are meant to be used responsibly and human involvement and participation is required when autonomous decisions are made.

Data We Collect for AI

You (the Company or the Applicant) create your Elevatus profile (a complete profile helps you get the most from our Products).

Our products require certain information to perform predictions and to learn and improve, and for that we encourage sharing more information as long as it is restricted to our Legitimate Interests. However, for the training, improvement or enhancement of our products, all information, commonly referred to as “Personally-Identifiable Information”, ”PII” or ”PII-data” such as your first and last name, your email, and phone number are excluded automatically from any automated or artificial learning, improvement or enhancement. We attempt to use all other data such as, your skills or previous job titles and achievements as anonymized data for machine learning purposes and technological enhancement.

Offerings

EVA-SSESS (Video Assessment)

EVA-SSESS is a product that reduces the burden of one-on-one interviews. A Company may define questionnaires to be answered by Applicants in short videos under specific constraints. Insights are drawn from the answers and the Applicant is given a choice upon completion to either answer a psychometric test or to skip. A personality report is generated and shared with the Company. This report is intended to guide and not discriminate against the Applicant and does fall into any automated decision making process, but instead, is divorced from it.

EVA-REC (Recruitment Module)

EVA-REC is a bundle of products and services that are carefully designed to solve the hiring cycle (or a similarly defined process).

EVA-BRAND (Company Branding)

EVA-BRAND is the Company’s way to showcase its culture and team atmosphere to an Applicant. It is how it may attract Applicants by instilling a sense of belonging to their brand. Companies experience significant increases in inbound sourcing of Applicants, time saved and apparent credibility through a professional, highly-customizable company portal.

EVA-MEET (Meetings)

EVA-MEET is a comprehensive cognitive solution for your online and offline meetings.

 EVA-BOARD (Personnel Onboarding)

EVA-BOARD is a module dedicated towards providing seamless and effortless onboarding of personnel post-hiring.

 EVA-VISA (Visa Management)

EVA-VISA is a module that enables companies to manage their visa requirements as per their hiring needs.

Marketing Campaigns

As per [GDPR, Chapter 3, Article 21], recipients of email-based marketing campaigns must have given explicit consent to receiving the emails. Elevatus uses mailing list providers to generate leads as part of its sales process and ensures that any marketing campaign excludes EU citizens to ensure compliance with GDPR. This exclusion filter is part of the offering of the mailing list provider that Elevatus contracts.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2803-1-1

Legal Basis – Processing your Personal Data

As per [GDPR, Chapter 2, Article 5-7], we have determined our legal bases for processing your data to fall under either a contractual obligation, consent, or a legitimate interest.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1807-1-1

Contractual Obligations

We will process your personal data to fulfil our duties towards our subscription agreement. Most of your personal data are processed under this legal basis. These include but are not limited to the processing of profiles, vacancies, assessments, questionnaires, and curriculum vitae.

Your Consent

Where you have given consent regarding the usage of your personal data, Elevatus will use your personal data as consented to. You are free to revoke this consent for the future without giving any justification.

These data include cookies that allow us to obtain insights on user behavior on the system in order to learn and optimize accordingly. There are specific cookies that are mandatory for the platform to function properly.

Your consent to cookies can be given and withdrawn using the Cookie Drawer, clearly visible when you access our platform. The drawer is present throughout the platform and you are free to accept or revoke your consent at any point.

Legitimate Interests

We process personal data regarding network audits and security logging. These data are collected and processed to monitor aspects related to unauthorized attempts to access your data, thereby protecting your personal data and by association our system.

The ingested logs are retained for a period of three months. These logs include network requests, system access logs, and monitoring of unusual behavior and disallowed actions.

Legal Obligation

We will process your personal data to comply with legal obligations, such as answering authority requests in the course of investigation proceedings. We must comply and retain data that is processed or kept for the purpose of legal obligation.

Sharing your Personal Data

We share your data only with necessary third-party service providers such as but not limited to the provider of our video recording APIs, translation and speech-to-text APIs.

We do not share your personal information including but not limited to name, address, contact information, credit card information, with third-party providers, except for billing purposes and only what is required by the payment gateway provider.

Your data may be shared with Government Authorities, Law Enforcement Officials and Courts pursuant to conformity with Regulation (EU) 2016/679 (GDPR) when personal data is required to be disclosed by Law Enforcement Authorities.

International Data Transfer Safeguards

Elevatus will protect your data, regardless of whether it is inside or outside the European Economic Area (EEA). In case we need to share your personal data with any entity outside of the EEA, we will require your consent and their signature on approved standard contractual clauses to ensure that your personal data are adequately protected.

Data Retention Policy

Object Storage

We store all data in Amazon S3/Google Cloud Storage until request for deletion of the account. Videos, resumes, documents and other objects are deleted automatically. A single cold backup remains for up to one year (varies with regional laws), for the purpose of account reactivation, unless an explicit request is made to delete the data beforehand. An agreement can be made to retain the cold backup for a shorter or longer duration prior to the creation of the account.

Tabular Storage

We store all the data until the request for deletion of the account. After which all data are purged from the database and all replicas, and denormalized forms and views are also deleted automatically. A single cold backup remains for up to one year (varies with regional laws), for the purpose of account reactivation, unless an explicit request is made to delete the data beforehand. An agreement can be made to retain the cold backup for a shorter or longer duration prior to the creation of the account.

Applications

We will retain your applications for the duration of the recruiting process and to the extent permitted by applicable law after the end of the hiring process. Most applications will be deleted one year after rejection. Please note that some local laws may require or allow us to retain your data for longer periods.

Legal Action

We will keep your personal data if you take legal action against any Elevatus entity. The personal data will be deleted at the end of the legal proceeding.

Security

We have appropriate technical and organizational measures in place and signed contractual agreements with our service providers to protect your personal data, including, but not limited to loss, alteration or unauthorized access. Please note that any transmission of your personal data through the internet is at your own risk. Once we have received your data, we do our best to protect it.

Personal Data Breaches

Preparation

We developed a comprehensive logging system that allows us to identify risks to personal data, and our data pipelines are carefully engineered to ensure that data is processed according to our specifications. We have taken measures to protect you against unauthorized access, loss, theft, alteration, unauthorized disclosure, transmission, storage or processing. Our DPO is responsible for managing breaches, communicating with executives and the security team at hand.

Response

Given a breach is detected via our network and system logging and monitoring or by direct communication of a concerned party, the DPO is informed at once and investigation into the incident begins with an aim to identify and resolve the issue immediately. Once the cause and scope of the breach are determined, the affected persons are informed via email with the risks involved and if any action is required on their part.

Your Rights

At Elevatus, you own your data and have the choice to modify or delete your data completely at any moment except when subject to legal obligations. We would like to give you an overview of your rights to your personal data:

Right of access

You have the right to obtain access to your personal data and to get a copy of the personal data undergoing processing.

Right to rectification

You have the right to rectify inaccurate personal data or to append information. You can do so by logging in to your profile and making the necessary modifications. Your applications to job posts can be edited unless rejected.

Right to erasure

You have the right to request erasure of your profile for any reason. We assure you that all your information will be purged. You can do so by logging in to your profile, navigating to your account settings and requesting deletion from there.

Right to erasure of cold backups

We keep a cold backup of your data stored for up to one year (varies with regional data protection regulations and laws). After which will be automatically deleted. You can explicitly request deletion of your backups by logging in to your profile, by sending us an email with your request to dpo@elevatus.io. Upon which you will be connected to one of our team members to help you.

Right to data portability

You have the right to receive your personal data in a structured, commonly-used and machine-readable format as confirmed in [GDPR, Chapter 3, Article 20]

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2753-1-1

Right to restriction of processing

You can prevent Elevatus from processing your personal data unless your request does not align with the specification in [GDPR, Chapter 3, Article 18].

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2700-1-1

Right to object

You have the right to object to the processing if you doubt our legitimate interests in processing your personal data as specified in [GDPR, Chapter 4, Article 21].

As per [GDPR, Chapter 4, Article 22], Elevatus does not perform any solely automated decision-making process. While much of our technology aids in decision-making, any profiling-based technology, such as psychometric assessments, no ranking of any kind is performed. Our services are anti-discriminatory, and suggestive.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2838-1-1

Right to lodge a complaint

You have the right to lodge a complaint with your local Data Protection Authority as per [GDPR, Chapter 8, Article 77] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e6101-1-1

Identity Confirmation

We may need to confirm your identity, before we can deal with your enquiry. Please note that some of the rights are also subject to restrictions. Where your request has been rejected, we will provide you with relevant reasons.