Image for facebook

Privacy Policy

Privacy Policy – Neohunter s. r. o.

1. Scope

  • This Privacy Policy explains how Neohunter s. r. o. and its affiliates (“we” or “Neohunter”) collect, use, store and share personal data of job candidates, temporary workers, clients, suppliers and website visitors. It covers all recruitment, head‑hunting, Recruitment‑as‑a‑Service (RaaS) and training services provided by Neohunter (including the Neohunter Training Academy) and all websites and apps operated by us, such as neohunter.io, neohunter.academy.
  • Additional notices (e.g. cookie policy, consent forms, just‑in‑time notices) may supplement these principles for specific services. In case of conflict, those notices prevail for the relevant processing. This policy does not form part of any employment or service contract and may be updated at any time.

2. Controller and Contact

  • Controller: Neohunter s. r. o., Vajnorská 100A, 831 04 Bratislava, Slovak Republic, is the controller of personal data processed for our own purposes.
  • Processor role: When we deliver recruitment projects on behalf of clients, we act as a processor and process data according to the client’s documented instructions under a Data Processing Agreement (DPA).
  • Privacy contact: hello@neohunter.io (please write “GDPR request” in the subject). Telephone: +421 905 381 917. Our offices are at Myhive Tower 1, Vajnorská 100A, 831 04 Bratislava, Slovakia.
  • Supervisory authority: You have the right to lodge a complaint with the Slovak supervisory authority (Úrad na ochranu osobných údajov, https://dataprotection.gov.sk). If a Data Protection Officer is appointed, their details will be published here; otherwise, please contact the privacy lead at the email above.

3. Sources and Categories of Personal Data

We collect personal data from various sources and limit our collection to what is necessary for recruitment, workforce management, contract performance, marketing and other purposes described below.

Sources

  • Directly from you: applications, CVs/resumés, interviews, online forms and surveys (e.g. Typeform, Gogle Form, Beehiiv), assessments, personality or psychometric tests, calls and emails, social media interactions, chatbots and information you voluntarily provide.
  • Public sources: professional networks (e.g. LinkedIn), job boards (e.g. Profesia), publicly available social‑media posts, professional directories, government registers and open‑source databases.
  • Referrals and references: individuals who recommend you or provide a reference about you; please provide their data only with their consent.
  • Third‑party services: employment screening and background‑check agencies, immigration authorities, educational institutions, credentialing bodies, credit reference agencies and other suppliers to the extent permitted by law.
  • Our clients and vendors: data provided by clients for roles, interview panels or workforce management, and data generated via vendors that assist us with communication, assessments, analytics, training, payroll or marketing.

Categories

  • Identification and contact data: name, title, date and place of birth, age, nationality and citizenship, addresses, email, phone numbers, social‑media handles, languages spoken, digital signature, passport or ID number, visa or permit details and other identifiers necessary to verify identity and right to work.
  • Professional data: CV/resumé details (work history, qualifications, skills, licences, professional memberships, languages), expected compensation, career preferences and roles of interest.
  • Compensation and financial data: current compensation and benefits (salary, bonus, allowances), bank account or payroll information, tax identifiers, national insurance or social‑security numbers where required by law.
  • Right‑to‑work and immigration data: passport or ID copies, work permits, residency permits, citizenship or nationality documents and results of right‑to‑work checks.
  • Interaction data: interview notes, availability, communications, meeting schedules, call logs, participation in training, time‑and‑attendance logs and visitor registration data (e.g. car‑plate numbers and access logs when visiting our offices).
  • Audio/video data: recordings and transcripts of interviews, digital interviews or training sessions, video footage from events and conference calls (recorded with notice/consent).
  • Evaluation and assessment data: scores, recruiter notes, AI‑generated summaries, coding or psychometric test results, personality and motivation assessments, feedback from interviewers, and results of skill or aptitude tests.
  • Background check and vetting data: results of criminal record checks, credit checks, financial sanctions screenings, right‑to‑work verifications, drug tests (if applicable) and verification of professional licences.
  • Diversity and special‑category data: information relating to gender, race or ethnicity, disability, veteran status or other protected characteristics. We collect such data only when required by law or voluntarily provided for equal opportunities monitoring and diversity reporting.
  • Technical and usage data: IP address, device and browser type, operating system, cookie identifiers, weblogs, timestamps, user journey and other usage data from our websites and applications. We may process IP addresses to identify what companies (not individuals) interact with our website and to tailor content.
  • Other data you choose to share: emergency or family contact information, photographs, surveys and feedback, or any additional personal data you voluntarily provide.

Candidate responsibilities

You are responsible for ensuring that the information you provide is complete, accurate and up to date. Notify us promptly of any changes during the recruitment process. If you provide information about referees or contacts, you must ensure that they have consented to such disclosure. Failure to provide necessary information (e.g., proof of qualifications, right to work, or requested vetting documentation) may limit our ability to consider you for roles.

4. Purposes and Legal Bases

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Slovak Act No. 18/2018 Coll. on the Protection of Personal Data, and other applicable Slovak and EU legislation. Based on these laws, the primary purposes and lawful bases for our processing are as follows:
  1. Recruitment delivery and pre‑contractual steps (Art. 6(1)(b)) – to source, screen and present candidates, schedule interviews, provide feedback and undertake other steps at your request prior to entering into an employment or service contract.
  2. Pre‑employment screening and due diligence (Art. 6(1)(b) or Art. 6(1)(f)) – to verify your identity, right to work, qualifications, professional licences, criminal or financial history and sanctions status where permitted by law. We inform you of any checks in advance and rely on your consent or our legitimate interests as required by local law.
  3. Workforce solutions, talent management and HR services (Art. 6(1)(b)) – for temporary workers or associates, to provide payroll, benefits administration, timesheets, travel expenses, performance management and other HR services.
  4. Career coaching, training and professional development (Art. 6(1)(b) or Art. 6(1)(f)) – to provide guidance, feedback, reskilling options and training through Neohunter Training Academy and external providers.
  5. Client and supplier management and contractual performance (Art. 6(1)(b)) – to communicate with clients and suppliers, manage contracts, payments, invoicing and deliver services.
  6. Business development and B2B marketing (Art. 6(1)(f)) – to promote our services to existing or potential clients, partners and vendors. We may obtain contact information from public sources (e.g., professional platforms) and send communications based on our legitimate interests. Individuals can opt‑out at any time.
  7. Talent pool (Art. 6(1)(a)) – with your explicit consent, to retain your data for future roles and contact you about relevant opportunities. You may withdraw consent at any time by contacting us.
  8. Service improvement, analytics, fraud detection and security (Art. 6(1)(f)) – to analyse aggregated or anonymised data, improve our services, detect and prevent fraud, maintain the security of our networks and systems, tailor content and resources, and understand how people use our website.
  9. Training and quality assurance (Art. 6(1)(f)) – to review interview recordings, transcripts and communications for training and quality purposes.
  10. Diversity and equal opportunities monitoring (Art. 6(1)(c) and Art. 9(2)(b)/(g)) – where required by law or under client contracts, to collect optional diversity data and report anonymised statistics.
  11. Legal and regulatory compliance (Art. 6(1)(c)) – to meet labour, tax, accounting, social security, immigration and other legal obligations, and to defend or exercise legal claims.
  12. Facilities, security and contingency planning (Art. 6(1)(f) or Art. 6(1)(c)) – to safeguard our offices, systems and people, including building access management, health and safety requirements and contingency planning.
  13. Corporate transactions (Art. 6(1)(f)) – to support potential mergers, acquisitions, reorganisations, or divestments. Personal data may be disclosed to prospective parties under confidentiality obligations.
  14. Marketing communications (Art. 6(1)(a) or (f)) – to send newsletters, updates, event invitations and promotional materials. We will only send marketing communications to individuals if they have consented, or, for existing business contacts, where we rely on legitimate interests. Communications may include web beacons and analytics to assess engagement. You can opt out at any time.
  15. Data analytics and AI/ML training (Art. 6(1)(f)) – to analyse platform usage, match candidates to opportunities, assess individual performance, identify skill shortages and train our AI models using de‑identified or aggregated data. We implement mitigating measures such as de‑identification and opt‑out mechanisms.
We do not use personal data for unrelated profiling or cross‑context behavioural advertising and we do not sell personal data.

5. Retention Schedule

We retain personal data for no longer than necessary for the purpose for which it was collected. Retention periods may vary by jurisdiction and contract. Unless law requires longer storage, we apply the following schedules:
  • Active recruitment projects: duration of the recruitment project plus up to 6 months.
  • Talent pool (with consent): up to 24 months from the last contact; we may request renewed consent to extend this period.
  • Temporary workers and associates: personal data (excluding pay data) is retained for 5 years from the last day you worked on an assignment. Pay‑related and financial information is retained for 7 years to comply with tax and accounting laws.
  • Contact‑form and marketing‑subscription data: 2 years after our last contact or until you unsubscribe, consistent with industry practice.
  • IP addresses for company identification and troubleshooting: 14 days.
  • Interview recordings and transcripts (Leexi): up to 12 months.
  • AI outputs (OpenAI): operational logs are retained up to 30 days in accordance with OpenAI’s Data Processing Addendum.
  • Client and contractual documentation: 5 years (or longer if required by accounting, tax or immigration law).
  • System backups: retained on rolling cycles; restricted access and deleted on rotation.
  • Evaluation, assessment and psychometric data: retained for up to 24 months from creation or until removal from the talent pool; aggregated insights may be retained without personal identifiers.
  • Pre‑employment screening results and right‑to‑work evidence: retained only as long as necessary to demonstrate compliance, typically up to the end of employment plus statutory limitation periods.
  • Dispute resolution: in the event of actual or potential disputes, we may retain personal data until the dispute is resolved or to fulfil legal obligations.

6. Recipients of Personal Data

We share personal data only when necessary for the purposes described above and with appropriate safeguards. Recipients include:
  • Clients (prospective employers): to assess your suitability for positions and manage assignments.
  • Our processors: technology and service providers acting on our instructions, including applicant tracking systems, AI transcription tools, AI language models, sourcing automation platforms, newsletter/email platforms, survey and feedback providers, data analytics services, payroll and benefits providers, IT support and hosting providers. We require processors to agree to data processing terms and confidentiality and do not permit them to use data for their own purposes.
  • Background‑check and vetting providers: to verify identity, qualifications, right to work, criminal or credit history.
  • Professional advisers: lawyers, auditors, accountants and consultants who advise us.
  • Third‑party partners and service providers:g. training and coaching providers, reference collection services, tree‑planting initiatives linked to placements, travel and visa agencies, event organisers, or benefit providers. Partners receive only the data necessary to provide the service and may contact you directly in relation to that service.
  • Group companies: within Neohunter or our corporate group, for internal administrative, analytics or business development purposes.
  • Government or regulatory authorities: courts, tax, labour, immigration or social‑security authorities when required by law or to defend legal claims.
  • Corporate transaction parties: prospective purchasers, merger partners or investors under confidentiality obligations.
We do not sell personal data or disclose it to third parties for cross‑context behavioural advertising.

7. International Data Transfers

Some of our processors and partners are located outside the European Union/EEA, particularly in the United States. When personal data is transferred to a third country, we rely on appropriate safeguards, such as European Commission Standard Contractual Clauses, UK International Data Transfer Agreements, or adequacy decisions. We may also use group‑wide agreements. Where necessary, we perform Transfer Impact Assessments and implement supplementary measures (e.g. encryption). You may request a copy of the relevant safeguards.

8. Processors and Key Tools

We engage a variety of tools to deliver our services. Each processor is vetted, is subject to a DPA and implements adequate security measures. Below is a non‑exhaustive list.
  • RecruitCRM (EU/India) – Applicant Tracking System (ATS) for candidate management, email integration and task assignment. Processes identification, contact, professional and interaction data. Transfers are governed by Standard Contractual Clauses; retention aligned with our schedule.
  • Leexi (Belgium/EU) – Meeting transcription and analysis tool for Google Meet. Processes audio/video data, speaker metadata and keywords. Retention up to 12 months; no routine transfers outside the EU.
  • OpenAI (USA) – Language models for transcription, summarisation, drafting assessments and communication assistance. We submit anonymised or pseudonymised prompts; logs retained for up to 30 days; Standard Contractual Clauses apply; we disable model training. Human recruiters review AI outputs.
  • LinkedIn Recruiter (USA/EU) – Professional networking platform and automation tool used for sourcing and outreach. Processes public profile information and campaign metadata. Transfers rely on SCCs and LinkedIn’s own DPA. Campaign data retained per our marketing retention settings.
  • Typeform (EU) – Online forms and surveys used for applications, feedback and event registrations. Processes identification, contact and survey responses. Data stored in EU; DPA in place; retention in line with our schedules.
  • Beehiiv (USA/EU) – Newsletter platform for managing subscriptions and sending newsletters. Stores email addresses, names (if provided) and campaign analytics. Retention until unsubscribe or inactivity; suppression lists retained to honour opt‑outs.
  • Profesia (Slovakia/EU) – Job board and candidate database. When you apply through Profesia, your data is shared with us and processed according to this policy. Profesia acts as a separate controller for its own purposes.
  • Google Workspace, Google Meet and Google Cloud (USA/EU) – Communication, email and productivity suite. Processes contact details, communications and files. Data hosted in the EU where possible; transfers secured by SCCs; retention governed by our internal policies.
  • Slack (USA/EU) – Internal collaboration tool used by our employees. Processes communications metadata and limited personal data. Transfers secured by SCCs; data deleted per our retention policies.
  • Microsoft Clarity and Microsoft Advertising (USA/EU) – Behavioural analytics and advertising services used on our website to capture usage metrics, session replays and heatmaps to improve user experience. Data captured via cookies and tracking technologies and may be used for fraud/security detection and advertising. For more information see Microsoft Privacy Statement. We implement consent management and DPAs.
  • Google Analytics 4 (USA/EU) – Web analytics service to understand visitor interactions and improve content. Data is aggregated and IP addresses are anonymised. Transfers rely on SCCs; retention per Google’s settings and our consent configuration.
  • Other processors: We may engage additional providers for IT support, hosting, payroll, benefits administration, background checks or analytics. A current list of sub‑processors is available on request.

9. Artificial Intelligence and Automated Decision Making

We use artificial intelligence (AI) and machine‑learning (ML) solutions to enhance our recruitment services. Examples include automated CV parsing, candidate matching algorithms, chatbots for collecting information, transcription and summarisation of interviews, scoring of competencies and drafting of interview questions. We conduct risk assessments of our AI solutions and use human oversight to ensure that no automated decisions are made that produce legal or similarly significant effects. Key principles:
  • AI is used to support, not replace, human recruiters. Final decisions about candidate suitability are always made by people.
  • We routinely audit AI and ML models for fairness and bias, calibrate scoring methods, de‑identify data used for training and offer our team training on responsible AI use.
  • Candidates may object to AI‑assisted processing and request human review at any time. We will explain the reasoning behind decisions upon request.
  • When AI is used as part of a service (e.g. chatbots or matching algorithms), a just‑in‑time notice will explain the purpose, logic and impact, and will offer an opt‑out where feasible.

10. Web Analytics and Advertising Technologies

We use cookies, pixels and similar technologies to operate our websites, understand how visitors interact with our content and improve our services. We categorise cookies as necessary, preferences, analytics and marketing. Necessary cookies enable core functionality; preference cookies remember your choices; analytics cookies help us improve performance; marketing cookies are used for audience targeting and advertising. Examples of analytics and advertising technologies we use include Microsoft Clarity and Microsoft Advertising (for behavioural metrics, heatmaps, session replays and advertising effectiveness) and Google Analytics 4. These services may collect your IP address, device and browser information and usage patterns. Data is aggregated and does not identify individuals. We manage cookies through a consent‑management platform compliant with the IAB Transparency & Consent Framework v2.2. Without your consent, we operate in restricted mode and collect only non‑identifying signals. Our marketing emails may include web beacons or similar technologies to track open and click‑through rates. We use this information to improve our communications; you can opt out by unsubscribing. You can control cookies via our cookie banner or by adjusting your browser settings. See our Cookie Policy for details.

11. Cookies

Cookies are small text files stored on your device. We use session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or are deleted). You can manage your preferences via our cookie banner or your browser settings. Disabling some cookies may affect website functionality.

12. Your Rights

You have the following rights regarding your personal data under the GDPR and applicable data‑protection laws:
  • Right to be informed: to receive transparent information about how we process your data.
  • Right of access: to obtain confirmation of whether we process your data and a copy of your personal data.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”): to request deletion of your data when there is no legal basis for us to retain it.
  • Right to restriction: to request that we suspend processing of your data under certain circumstances. If processing is restricted, we may store your data but not use it further.
  • Right to data portability: to receive your personal data in a structured, commonly used and machine‑readable format and transmit it to another controller.
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to opt out of marketing communications at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to solely automated decisions: to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects on you.
  • Right to non‑discrimination: to not be discriminated against or retaliated against for exercising your privacy rights.
You may exercise your rights by contacting us at hello@neohunter.io. We may ask you to verify your identity. We respond within one month or inform you if additional time is needed. You also have the right to lodge a complaint with the Slovak supervisory authority.

13. Security and Incident Response

We implement a range of technical and organisational measures designed to protect personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. Measures include:
  • Encryption of data in transit and at rest using industry‑standard algorithms and appropriate key lengths.
  • Strong user authentication, multi‑factor authentication and role‑based access controls.
  • Network monitoring, event logging, hardened infrastructure and separation of production and testing environments.
  • Physical security controls at our premises and at those of our hosting providers.
  • Business continuity and disaster‑recovery plans with regular testing.
  • Incident‑management policies and processes, including defined escalation paths and breach‑notification procedures.
  • Regular vulnerability assessments, penetration testing and third‑party security reviews.
  • Mandatory employee privacy and security training and awareness programmes.
  • Vendor due diligence, privacy and security assessments and robust contractual commitments.
  • Processes for data minimisation, purpose limitation, data quality, accountability and retention management.
We maintain an incident response plan and will notify the supervisory authorities and affected individuals of data breaches as required by law.

14. Equality and Non‑Discrimination

Neohunter is committed to fair and inclusive recruitment. We make hiring decisions based on relevant skills, qualifications and organisational fit and do not discriminate on the basis of gender, race, age, disability, religion, sexual orientation or other protected characteristics. We may collect optional diversity data to monitor the fairness of our processes, comply with equal‑opportunity legislation and produce anonymised statistics. This data is processed separately, accessible only to authorised staff and does not influence hiring decisions.

15. Governance and Impact Assessments

We maintain up‑to‑date records of processing activities (RoPA) and conduct Data Protection Impact Assessments (DPIAs) for new or high‑risk processing, including the implementation of new AI tools or session recording. For international transfers, we perform Transfer Impact Assessments and implement supplementary measures as needed. We regularly review our vendors and conduct due diligence before onboarding new processors. Legitimate Interests Assessments are completed where we rely on legitimate interests as a legal basis. Compliance audits are part of our governance framework.

16. Voluntary vs. Mandatory Information

Providing personal data is generally voluntary. However, if you choose not to supply information necessary for recruitment, employment or compliance (e.g. contact details, qualifications, right‑to‑work evidence, tax information), we may not be able to assess your suitability, complete contractual documentation or comply with legal obligations. Where we request your consent (e.g. to join our talent pool, to receive marketing communications, to record interviews or to collect optional diversity data), you may refuse or withdraw consent at any time. Refusal will not affect your application but may limit certain services.

17. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in law, technology or our services. Significant changes will be notified on our website or, where appropriate, by direct communication. The date of the latest update appears at the top of this document. We encourage you to review this policy regularly.