Privacy Policy

Privacy Policy

PRIVACY NOTICE

Last Updated: 03.11.2024

This Privacy Notice describes how Cortx AI Limited (“Cortx,” “Company,” “we,” “us,” or “our”) collects, uses, and protects your personal data in connection with our websites, applications, and AI-based CV grading platform (collectively, the “Services”).

Cortx AI Limited is a limited company registered in England and Wales (Company No. 15284483) with its registered office at Sutton Vale Country Club, Vale Road, Dover, England, CT15 5DH. By uploading your CV or otherwise providing personal data to us, and by clicking “Agree,” you acknowledge and consent to the data practices described in this Privacy Notice, including transfer to our AWS servers in London. We maintain SOC certifications and follow GDPR best practices to help ensure your data’s security.

1. WHO WE ARE

1.1 Corporate Identity

  • Name: Cortx AI Limited

  • Company Number: 15284483

  • Registered Office Address: Sutton Vale Country Club, Vale Road, Dover, England, CT15 5DH

1.2 Our Services
We provide AI-driven solutions that assist recruiters and employers in evaluating CVs against specific job requirements in a fair, unbiased manner. Cortx does not make final hiring decisions; instead, we generate AI-based scores and summaries to help recruiters identify potentially suitable candidates.

1.3 Audience
Our Services are intended for individuals aged 18+ (or the age of majority in your jurisdiction). By uploading a CV, you confirm that you meet these age requirements.

2. SCOPE OF THIS PRIVACY NOTICE

2.1 Application
This Privacy Notice applies to all personal data processed by Cortx in relation to our Services, including data collected via our websites, portals, AI-based CV grading tools, or any other means through which you interact with us.

2.2 Third-Party Policies
We are not responsible for the data practices of third-party entities (such as recruiters, employers, or external sites). If you submit data to those entities, their own privacy notices will apply. We encourage you to review the privacy policies of any third party before sharing your personal information.

2.3 Consent & Legal Basis

  • By uploading your CV and clicking “Agree,” you consent to our collection, processing, and transfer of your data as described here.

  • We may also rely on legitimate interests (e.g., for security, analytics) or legal obligations (e.g., regulatory compliance).

2.4 Acceptance & Non-Acceptance

  • If you do not agree to this Privacy Notice, do not upload your CV or provide personal data.

  • If you are acting on behalf of someone else (e.g., you upload a CV on behalf of another individual), you must ensure you have full legal authority to do so.

3. DATA WE COLLECT

3.1 CV Data

  • What We Collect: CVs, cover letters, or supporting documents you provide (e.g., job history, educational background, skills, references).

  • Purpose: To generate AI-based scores, insights, and summaries of your qualifications against specific job requirements.

3.2 Personally Identifiable Information (PII)

  • Encryption & Masking: Any PII (like name, address, contact details) is encrypted or masked so that our AI cannot infer or be biased based on these attributes.

  • No Demographic Profiling: Our AI is designed not to assess personal characteristics such as race, gender, age, or other protected traits.

3.3 Other Data

  • Emails or Contact Forms: If you contact us via email or web form, we collect the data you provide (e.g., name, email, message).

  • Log Data: IP address, browser type, pages viewed, timestamps, etc.

  • Cookies & Similar Technologies: We and certain third-party analytics tools use cookies or similar technologies to enhance your user experience, subject to your consent where required by law.

3.4 No Special Categories (Unless Provided by You)
We do not intentionally collect sensitive data (e.g., health, religion, union membership) unless you voluntarily include it in your CV. If you choose to provide such information, you do so at your own discretion, and it may be subject to additional protections under applicable laws.

4. HOW WE USE YOUR DATA

4.1 AI Scoring & Summaries

  • Fair Assessment: Our AI system reviews the content of your CV to identify relevant qualifications and experiences.

  • Score Out of 100%: We generate a numerical score reflecting how well your CV aligns with the job criteria.

  • Recruiter Summary: The recruiter receives a summary highlighting strengths and weaknesses relative to the job description, not personal traits.

  • AI Training: The AI is trained by recruiters and continuously updated to improve contextual understanding of CV data.

4.2 Data Security & No Bias

  • Encryption: PII is encrypted or masked to prevent bias in the AI grading process.

  • No Individual Profiling: We do not create personal profiles or track your identity across multiple roles.

4.3 Service Provision & Communication
We may use your data to:

  • Respond to inquiries or support requests.

  • Send updates about our Services or improvements.

  • Maintain legal, security, or compliance obligations.

4.4 Legal Obligations & Compliance
We may process data when required by law, court order, or other legal processes. This includes cooperating with authorities to investigate fraud or illegal activity, or to protect our rights and safety.

4.5 Aggregated Data
We may aggregate or anonymize data (e.g., usage statistics) for analytics, improvements, or commercial insights. Aggregated data does not reveal your identity.

5. LEGAL BASES FOR PROCESSING

In most cases, our legal bases include:

  1. Consent: Where you upload a CV and click “Agree,” providing explicit consent to AI-driven processing.

  2. Legitimate Interests: For security, analytics, service improvements.

  3. Legal Obligations: For compliance with laws, responding to lawful requests.

  4. Contractual Necessity: If our Services form part of a contract with a recruiter or with you.

Where processing is based on consent, you can withdraw consent at any time (see Section 9 on Your Rights). However, withdrawal of consent does not affect prior lawful processing.

6. DISCLOSURE OF YOUR DATA

6.1 Internal Access
Only employees or contractors with a need to know have access to personal data. They are bound by strict confidentiality agreements.

6.2 Third-Party Processors
We use Amazon Web Services (AWS) in London for hosting. We may also engage other sub-processors (e.g., analytics, IT services) who are contractually obligated to protect your data.

6.3 Legal Requirements & Safety
We may share personal data if required to:

  • Comply with a legal obligation or a lawful request from law enforcement.

  • Protect our rights, property, or safety, or that of our users or the public.

6.4 Corporate Transactions
If Cortx is involved in a merger, acquisition, or asset sale, your data may be transferred to the new entity. Such entity must continue to adhere to this Privacy Notice or provide you with notice of changes.

6.5 No Selling of Personal Data
We do not sell or rent your personal information to third parties for direct marketing or other profit-based purposes.

7. INTERNATIONAL DATA TRANSFERS

7.1 AWS in London
Your data is primarily stored and processed in London (UK) via AWS. We utilize robust security measures aligned with GDPR and SOC certifications.

7.2 Non-EEA Transfers
Where data may be accessed from outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent frameworks to protect your rights.

7.3 Local Laws
If you reside outside the UK or EEA, your data may be transferred, processed, and stored in jurisdictions with data protection laws different from your own. By submitting data, you consent to such transfers.

8. DATA RETENTION

8.1 Retention Period
We keep your data only as long as necessary to fulfill the purposes described in this Notice, unless a longer retention is required by law or for legitimate business needs.

8.2 Deletion or De-Identification
Upon request or once the data is no longer needed, we will securely delete or anonymize it, subject to any legal obligations (e.g., maintaining records for regulatory reasons).

8.3 Impact of Deletion
If you request deletion of your CV while a recruiter is still considering your application, that recruiter may not be able to see your AI-based score or CV details going forward, which could affect your candidacy.

9. YOUR RIGHTS (GDPR & CCPA)

We uphold the GDPR for individuals in the EEA/UK and the CCPA for individuals in California. We extend similar data protection rights globally where possible.

9.1 Right to Be Forgotten
You may request that we erase your personal data, subject to legal and contractual limitations.

9.2 Right to Access & Rectification
You can ask for a copy of your data and request corrections if inaccuracies exist.

9.3 Right to Withdraw Consent
You can withdraw consent at any time; however, withdrawal does not affect prior lawful processing.

9.4 Right to Object
You may object to certain processing activities, particularly where we rely on legitimate interests.

9.5 Right to Data Portability
If technically feasible, you can request a machine-readable copy of your data.

9.6 CCPA-Specific Rights

  • Right to Non-Discrimination: We do not discriminate against users who exercise their rights.

  • Limit Use and Disclosure of Sensitive Personal Information: You may request that we limit processing to only what is necessary for our Services.

9.7 How to Exercise
Contact us at privacy@cortx.co. We may require proof of identity to ensure data security.

10. SECURITY MEASURES

10.1 Technical & Organizational Measures
We implement industry-standard encryption, access controls, firewalls, and monitoring to safeguard your data. Our environment is SOC certified and adheres to GDPR security obligations.

10.2 AI Fairness & Security

  • Encryption: Personally identifiable details in your CV are encrypted so the AI cannot use them.

  • Bias Prevention: We continuously monitor and refine AI models to avoid discriminatory outcomes.

10.3 No Absolute Guarantee
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. By using our Services, you acknowledge and accept this inherent risk.

11. LIABILITY & DISCLAIMERS

11.1 Accuracy of AI Score
Our AI-based grading is informational only. Cortx does not guarantee that the AI score or summary will be error-free or fully aligned with any recruiter’s ultimate assessment. You acknowledge that final hiring decisions rest solely with the recruiter/employer.

11.2 User Responsibilities

  • Lawful Submissions: You represent that any CV or data you upload is accurate and lawfully obtained.

  • No Unauthorized Data: You must not upload personal data about others (e.g., references) without their permission.

  • Compliance: You are responsible for complying with local laws and for the legality of the data you provide.

11.3 Third-Party Reliance
Recruiters or employers may rely on AI summaries in part, but they must use human judgment in hiring decisions. Cortx is not liable for how recruiters or employers use or interpret AI scores.

11.4 Exclusion of Certain Damages
To the maximum extent permitted by law, Cortx disclaims liability for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Services, including but not limited to lost profits, loss of data, or business interruption.

11.5 Force Majeure
We are not responsible for any failure to perform due to unforeseen events beyond our control (e.g., natural disasters, cyberattacks, or internet outages).

12. CHILDREN’S PRIVACY

Our Services are not directed to children under 18 (or the age of majority in your jurisdiction). If we learn that we have inadvertently processed the personal data of a minor without proper consent, we will take steps to erase such data promptly.

13. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes in our data practices or legal obligations. If we make substantial changes, we will post a prominent notice on our website. We encourage you to review this page periodically for the latest information on our privacy practices.

14. CONTACT INFORMATION & COMPLAINTS

14.1 Contact Us
If you have questions or concerns about this Privacy Notice or our data practices, please contact us:

  • Email: privacy@cortx.co

  • Address: Sutton Vale Country Club, Vale Road, Dover, England, CT15 5DH

14.2 Regulatory Authorities
If you believe we have not addressed your concerns adequately, you have the right to contact the appropriate data protection authority, such as the UK’s Information Commissioner’s Office (ICO) or the relevant authority in your jurisdiction.

15. ACCEPTANCE & AGREEMENT

By clicking “Agree,” uploading your CV, or otherwise using our Services, you:

  1. Confirm you have read and understood this Privacy Notice.

  2. Consent to the collection, processing, and transfer of your personal data (including AI-based grading) as described herein.

  3. Acknowledge that any final employment decisions rest with the recruiter/employer and not with Cortx.

  4. Recognize that all personal data is hosted on AWS servers in London and protected by SOC and GDPR best practices, yet no system is entirely immune to risk.

If you do not consent, do not provide your personal data or use our Services.

©