PRIVACY POLICY

We process your personal data for the specific, legitimate, and transparent purposes outlined below, in strict compliance with the General Data Protection Regulation (GDPR) of the European Union, California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), the Digital Personal Data Protection (DPDP) Act, 2023 of India and other applicable data protection laws globally. Our processing activities are guided by the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity and confidentiality.

We process your personal data based on the following legal grounds, in accordance with applicable data protection laws globally, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Digital Personal Data Protection Act, 2023 (DPDPA) of India:

• Consent: Where required by law, we will obtain your freely given, specific, informed, and unambiguous consent before processing your personal data for specific purposes. You have the right to withdraw your consent at any time, and we will make this process easy to exercise. When seeking consent, we will provide clear and plain language information about the data we are processing and the purposes for which it will be used.
• Contractual Necessity: We may process your personal data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing necessary for providing our services, such as job matching, communication, fulfilling orders, and managing your account.
• Compliance with Legal Obligations: We may process your personal data to comply with applicable laws, regulations, court orders, or other legal obligations imposed by governmental authorities or regulatory bodies in various jurisdictions. This may include obligations related to taxation, financial reporting, law enforcement, or responding to legal requests.
• Legitimate Interests: We may process your personal data when we have a legitimate interest in doing so, provided that such interests do not override your fundamental rights and freedoms. We will carefully balance our legitimate interests with your rights and, where required, conduct a legitimate interest assessment. These legitimate interests may include:
  • Ensuring the security and integrity of our systems, networks, and data.
  • Preventing fraud, unauthorized access, and other illegal activities.
  • Improving our services, developing new features, and personalizing your experience, where permitted by law.
  • Direct marketing activities will only be undertaken upon the receipt of explicit client approval, documented within the governing contract, Statement of Work (SOW), or via formal written email confirmation.
  • Internal research and analysis to enhance our operations and offerings.
  • Protecting our legal rights and interests.
• Other Lawful Bases: We may also process your personal data based on other lawful bases as permitted under applicable data protection laws, such as for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

To deliver essential services and maintain the security of your data, we may share it with carefully selected third-party providers. These providers are bound by contractual obligations and comply with stringent data protection standards, including those mandated by the United States law. The services include:

• Secure Cloud Infrastructure, Advanced Security Measures, and Service Analytics:
  • We utilize third-party services to store your data securely, implement robust security protocols, and analyse service usage to enhance your experience. These partners are committed to protecting your data and adhere to relevant privacy regulations.
  • Analytics and Performance Monitoring: We use Google Analytics 4 (GA4) and Dynatrace to collect aggregated performance and diagnostic data. Google and Dynatrace act as processors under data protection agreements. GA4 data sharing is governed by Standard Contractual Clauses (SCCs) and does not collect IP addresses by default when configured correctly. Dynatrace session monitoring is restricted to anonymized behavior metrics unless you provide explicit consent.
• Trusted Recruitment Partners: For users seeking employment opportunities, we may share relevant information with job providers, ensuring your data is handled responsibly and in accordance with applicable privacy laws.
• Legal Compliance and Law Enforcement: We will disclose information when legally obligated to do so, including responding to valid legal requests from Indian authorities.
• Business Restructuring: In the event of a merger, acquisition, or other business transfer, user data may be part of the transferred assets. You will be informed of such changes and have the opportunity to review the updated privacy practices.

Our Commitment to Your Privacy:

• We have a strict policy against selling user data to third parties.
• We conduct regular audits and assessments to ensure our third-party partners adhere to our privacy standards and applicable data protection laws.
• Our Privacy Policy provides detailed information about how we handle your data and your rights, including your rights under Indian law.

International data transfers are subject to stringent legal requirements to protect personal data. To meet these obligations and ensure the security of data crossing borders, we implement a comprehensive suite of safeguards:

• Legal Framework through Standard Contractual Clauses (SCCs): We establish a legally sound basis for data transfers by implementing SCCs. These contractual clauses are designed to ensure that data transferred outside of the originating jurisdiction is subject to data protection principles and safeguards equivalent to those mandated by applicable laws, such as GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), CPRA (California Privacy Rights Act) or other relevant regulations.
• Compliance through Binding Corporate Rules (BCRs): We ensure compliance through reliance on BCRs adopted by our third-party providers. These rules, approved by data protection authorities, demonstrate the provider's commitment to upholding data protection standards across their global network, providing a legally recognized mechanism for intra-group data transfers.
• Technical and Organizational Measures: Beyond contractual and organizational measures, we implement technical and organizational measures such as encryption, pseudonymization, and strict access controls. These measures are critical for maintaining the security and confidentiality of data during international transfers, aligning with the requirements of data protection laws and minimizing the risk of unauthorized access or disclosure.
• Google Analytics and Dynatrace may process data on servers located in jurisdictions outside your own, including the United States. We ensure such transfers are protected by Standard Contractual Clauses (SCCs) and other mechanisms in accordance with GDPR, DPDP, and other applicable data privacy laws.

Depending on your jurisdiction, you possess specific rights concerning your personal data. These rights are enshrined in various data protection regulations worldwide, aiming to empower individuals and ensure the lawful and ethical handling of their information. Here's a comprehensive overview of common data rights, along with considerations for different regions, including General Data Protection Regulations (GDPR) and India under the Digital Personal Data Protection (DPDP) Act, 2023:

Universal Data Privacy Rights:

These rights are commonly found in many data protection laws globally, including GDPR (Europe), CCPA/CPRA (California), DPDP Act (India), and increasingly in other jurisdictions:

• Right to Be Informed: You are entitled to receive clear, transparent, and easily accessible information about how your personal data is collected, used, and processed. This includes the purposes of processing, categories of data, recipients of the data, data retention periods, and contact details of the data controller.
• Right to Access: You have the right to request confirmation as to whether your personal data is being processed and, if so, to obtain access to that data along with supplementary information. This allows you to verify the accuracy of your data and understand its usage.
• Right to Rectification: If the personal data held about you is inaccurate or incomplete, you have the right to request its correction or completion without undue delay.
• Right to Erasure (Right to be Forgotten): Under certain conditions, you can request the deletion of your personal data. These conditions often include instances where the data is no longer necessary for the purpose it was collected, you withdraw your consent, or the processing is unlawful.
• Right to Object: You have the right to object to the processing of your personal data for specific purposes, such as direct marketing, profiling, or processing based on legitimate interests. The data controller must then cease processing unless they demonstrate compelling legitimate grounds that override your interests.
• Right to Data Portability: You have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance, where technically feasible.
• Right to Restrict Processing: In certain circumstances, you can request the restriction of processing your personal data. This may apply while the accuracy of the data is being contested, the processing is unlawful, or the data controller no longer needs the data but you require it for legal claims.

Region-Specific Rights and Considerations:

• Europe (GDPR): The GDPR provides a comprehensive set of rights, including those listed above, and places significant obligations on organizations processing personal data of EU residents, regardless of where the organization is located.
• California (CCPA & CPRA): California residents have specific rights, including the right to opt-out of the sale or sharing of their personal data, the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising their privacy rights.
• India (DPDP Act, 2023): Right to Nominate: The DPDP Act introduces a significant right allowing individuals to nominate another person to exercise their data protection rights on their behalf, particularly in cases of incapacity. This ensures continued protection of rights even when the individual cannot act for themselves.
• Other Jurisdictions: Many other countries have implemented or are in the process of implementing data protection laws. These laws often share common principles but may have unique aspects and requirements. It's crucial to be aware of the specific regulations applicable to your location and the locations where your data is processed.

The organization implements AI-driven tools as part of its recruitment and job matching processes, with the objective of enhancing efficiency and optimizing candidate placement in accordance with applicable legal frameworks.

• Talent Arbor Platform: AI-Powered Inclusive Hiring Support. This platform utilizes AI algorithms designed to support inclusive hiring practices. It aims to mitigate biases in the recruitment process, potentially by analysing job descriptions for inclusive language, anonymizing candidate information, and identifying diverse talent pools. Given the focus on inclusivity, it's crucial to ensure this platform adheres to the principles of fairness and non-discrimination, especially considering the legal framework in India that prohibits discrimination in employment based on various factors.
• Chat Arbor AI Assistant: Job Search Guidance and Support. This AI assistant provides job seekers and other users who visit our website for guidance and support throughout their job search journey. It can answer questions, provide information about job openings, and assist with application processes. It's important that this assistant operates in a fair and unbiased manner, providing equitable support to all users regardless of their background or characteristics. For system maintenance, quality assurance, and to continuously improve Chat Arbor's performance, authorized administrators access and periodically review previous user conversations. This access is controlled and used for model training, identifying areas for enhancement, and ensuring the assistant's effectiveness. While administrators have access, stringent security measures protect user data confidentiality. We are committed to respecting user privacy and adhering to data protection principles, aiming to minimize the collection of personally identifiable information. By using Chat Arbor, you acknowledge and consent to this data handling for system improvement.
• Job Alignment Indicator (JAI): Accessibility Analysis for Neurodivergent Talent. The JAI tool uses AI to analyse job requirements and assess their accessibility for neurodivergent individuals. This is a positive step towards creating more inclusive workplaces. It's important to ensure that the AI driving the JAI is well-tested and validated to accurately assess accessibility and avoid perpetuating stereotypes or biases related to neurodiversity.
• AI-Driven Resume Assistance: Automated Resume Optimization. This feature uses AI to help candidates optimize their resumes. While this can be beneficial, it's important to be transparent about how the AI assists with optimization and to ensure that it doesn't inadvertently disadvantage candidates who may not have access to or be familiar with such tools. It's also crucial that the AI doesn't promote a narrow definition of what constitutes a "good" resume, potentially overlooking qualified candidates with diverse backgrounds and experiences.

You have the right to request a human review of any decision made through automated means. To exercise this right, please email us at privacy@rangam.com with the subject line "AI AUTOMATED DECISION REVIEW."

We understand the importance of safeguarding your data and are committed to maintaining its security in compliance with global data privacy regulations. Our approach to data storage and security is as follows:

• Hosting and Data Transfer: While our primary hosting infrastructure is located on Amazon Web Services (AWS) in the United States, we recognize the global nature of our user base and the diverse legal landscapes governing data protection. We implement mechanisms to ensure that any transfer of personal data across borders, including transfers from India, adheres to applicable data protection laws. This includes leveraging Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to ensure an adequate level of data protection when data is transferred outside of its originating jurisdiction. We are also mindful of data localization requirements and are committed to complying with the provisions of the Indian Digital Personal Data Protection (DPDP) Act, 2023, regarding cross-border data transfers and data storage within India as mandated.
• Robust Security Measures: We employ industry-leading security measures to protect your data from unauthorized access, loss, misuse, or alteration. These measures include:
  • Encryption: We use industry-standard encryption techniques (both in transit and at rest) to protect the confidentiality of your data.
  • Access Controls: We implement strict access controls, including role-based access and multi-factor authentication, to limit access to personal data to authorized personnel only.
  • Fraud Prevention: We utilize sophisticated fraud prevention mechanisms to detect and prevent unauthorized access and potential data breaches.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to ensure the ongoing effectiveness of our security measures and to identify and address any potential weaknesses.
• Data Retention Policy: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing our services to you, complying with our legal and regulatory obligations (including those under Indian law, GDPR, CCPA, and other applicable regulations), resolving disputes, and enforcing our agreements. We have established clear data retention schedules to ensure that data is not kept for longer than necessary.
• Secure Data Disposal and Anonymization: When personal data is no longer required, we ensure its secure disposal through methods such as permanent deletion and data anonymization. Anonymization techniques are used to render data non-identifiable, allowing us to retain data for analytical purposes while protecting individual privacy, in accordance with global privacy standards. We maintain comprehensive audit logs of data processing activities to ensure compliance and accountability.
• Commitment to Global Data Privacy: We are committed to upholding the principles of data privacy and security as outlined in global regulations. We continuously monitor and adapt our practices to comply with evolving legal requirements and industry best practices. Our goal is to provide a secure and transparent environment for all our users, regardless of their location.

How We Use Cookies: Empowering Your Choices

We utilize cookies and similar tracking technologies to enhance your experience and provide essential functionalities. These technologies help us in the following ways:

• Essential Functionality: These cookies are crucial for the basic operation of our services, enabling features such as authentication, security measures, and site navigation. Without these cookies, certain parts of our service may not function correctly.
• Analytics & Performance: We use cookies to gather insights into user behaviour and how our services are being used. This information helps us to improve performance, understand user preferences, and optimize our platform.
• Personalization: Cookies allow us to remember your preferences, such as language settings and region, and to tailor content and advertisements to better suit your interests.

Your Rights and Control:

We are committed to respecting your privacy and empowering you to manage your cookie preferences. You have the right to control which cookies are used.

• Cookie Management Page: You can manage your cookie settings and preferences at any time through our dedicated Cookie Management Page: [Insert Link]. This page provides you with granular control over the different types of cookies we use.
• Global Privacy Standards: We adhere to global data privacy regulations, including the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection (DPDP) Act (India), ensuring that your choices regarding cookies are respected and implemented.
• Transparency: We aim to be transparent about our use of cookies and the information we collect. This policy provides you with a clear overview, and our Cookie Management Page offers further details.

By using our services, you consent to the use of cookies as described in this policy. However, you can withdraw or modify your consent at any time through our Cookie Management Page ( ADD HYPERLINK TO PAGE).

We are committed to maintaining the highest standards of data privacy and security. As such, we may update this policy to reflect evolving regulatory requirements, including those of the DPDP Act in India and other global data privacy laws. We will make reasonable efforts to notify you of significant updates, typically via email, and may also provide notifications through our platform. We recommend that you periodically review this policy to stay informed about our data practice.

If you have any inquiries regarding this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer (DPO) or privacy team via:

• Email: privacy@rangam.com
• Phone: 908-704-8843
• Mail: 270 Davidson Avenue, Suite 103, Somerset, NJ 08873

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to our data processing practices.