Privacy Policy – Applicants

1.1 What Is Personal Data?

The General Data Protection Regulation (GDPR) states that personal data is any information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to this person.

1.2 What Is Personal Information?

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) defines “personal information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

1.3 About Us

AiFi Inc. (“AiFi”), a Delaware corporation with its principal place of business located at 888 Airport Blvd, Burlingame, California 94010, USA is the data controller in the sense of the GDPR for the data we receive from you during your application.

We only process your personal data for carefully determined purposes. Below you will find more information about the different purposes.

2.1 For a Responsible, Effective, and Efficient Recruitment and Selection Process.

For this purpose, we process your contact details (such as name, address, email address, and telephone number), the personal data from your CV and your motivation letter, but also the outcomes of the assessment (intelligence and personality) that we ask you to do during the application process and in some cases the data that AiFi collects from calling the references you have provided.

We send your CV and motivation letter to the hiring manager, other employees who participate in job interviews, HR/recruiter and (if necessary) IT admin. They retain this access until the application process for you ends. The application process can end by rejection based on your letter or a conversation, or by offering an employment contract. In the latter case, the phase of your employment begins.

This personal data is standardly kept until 4 weeks after the closing date of the vacancy. In this way, we can still speak to you in detail if you have questions about the outcome of your application during this period. If the application leads to employment, the personal data is kept in accordance with our retention policy. The legal basis is AiFi's legitimate interest in the efficient execution of the recruitment and selection process (Article 6 paragraph 1 sub f GDPR).

2.2 Retention of Your CV for Suitable Vacancies in the Future.

If you have sent an open application and we currently don’t have a suitable position for you, or that we have unfortunately chosen someone else during the recruitment process, then we could ask for your consent to retain your information. If you give your consent to keep your data longer, then we retain your CV, motivation letter, and contact details for an additional 12 months in our system to contact you in the future if we think we have a vacancy that could be interesting for you. If your details change during those 12 months, we kindly ask you to inform us of any changes.

The legal basis for this is your consent (article 6, paragraph 1, sub a) GDPR). You always have the right to withdraw your consent. You can easily do that by sending an email to people@aifi.com. In that case, we will remove your data from our systems as soon as possible and will no longer use it for this purpose.

You have the right to be well-informed about what we do with your data and why we need your data. We provide this information through this privacy statement. In addition to the right to be transparently informed, you have the following rights:

• Right to access (if you want to know what data we collect from you)
• Right to rectification (we are happy to correct any data that is no longer correct)
• Right to be forgotten (in some cases, you can ask us to delete your data)
• Right to restrict processing (in some cases, you can ask us to restrict the processing of your data)
• Right to data portability (if you wish, we can pass your data on to another party or give you a copy of your data)
• Right to object (in some cases, you can object to the use of your data)

If you wish to exercise any of your rights, you can contact us by emailing dpo@aifi.com. We always respond to your request within a month.

AiFi does not sell or trade your personal data to a third party. AiFi may share certain personal data with a supplier or a service organization that requires use or recording of your personal data for the purposes described above in this privacy statement and in compliance with relevant legislation.

Transferring a (limited) part of the personal data you provide may be necessary for organizing (external) recruitment events for which AiFi can approach candidates. Or, for example, for conducting the assessment or forwarding CVs internally to a manager who is looking for candidates for an open position for which you have not applied.

In these limited cases, a specific supplier or service organization may have access to your personal data. Before AiFi shares your data with such a third party, AiFi will ensure that this party is subject to strict security standards.

AiFi may be required to provide certain personal data to third parties, such as government agencies, in accordance with relevant legislation. It may also be necessary for AiFi to transfer your personal data to protect AiFi’s lawful rights, again in accordance with relevant legislation.

We (where necessary) conclude processing agreements with parties that process personal data on our behalf (the so-called 'processors'). We do this so that when we provide data to them, it is well recorded, among other things, that they also secure this data well and they must notify us in time in case of a (suspected) data breach.

We keep your data for as long as necessary for the purpose for which we use your data and/or as long as the law requires us to keep the data. How long that is, varies. From a few months during the recruitment and selection process to a maximum of 12 months if you have given us permission for that.

Under Article 32 of the GDPR, we are obliged to take appropriate technical and organizational measures to prevent the loss of personal data or unlawful processing. The security of your personal data is well arranged with us through physical, administrative, organizational, and technical measures.

Only employees who have received authorization from us have access to the data. They have also signed a confidentiality agreement. We, therefore, have an appropriate level of protection. We also adjust this protection level periodically when necessary.
Our organization is set up in such a way that we do everything possible to prevent breaches of security, a so-called data breach. If there is a data breach, we will act according to our Data Breach Protocol.

6.1 Notice to California Residents

This notice to California residents is provided under the CPRA.
We collect the following categories of personal information: identifiers/contact information (such as name, address, email address, and telephone number). See the description of personal data above for more information. We collect this information from the sources and for the purposes more fully described above. We do not sell your personal information to third parties.

You have the following rights under CPRA with respect to your personal information:

• The right to know about the personal information that we collect about you and to know how it is used and shared;
• The right to delete personal information collected from you consistent with applicable law;
• We do not sell your personal information to third parties, but you have the right to opt-out of the sale or sharing of your personal information;
• The right to non-discrimination in exercising your rights;
• The right to correct inaccurate personal information that we have about you; and
• We do not collect sensitive personal information (as that term is defined in the CPRA).

6.2 Making Access and Deletion Requests

To make an access or deletion request, please email us at dpo@aifi.com. Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.

6.3 Instructions for Authorized Agents Making Access and Deletion Requests

You may also use an authorized agent to submit an access or deletion request on your behalf.  Authorized agents may submit access and deletion requests by emailing us at compliance@aifi.com. Before completing requests from authorized agents, we may contact you directly to confirm you’ve given your permission and/or to verify your identity.

If you have questions or comments about this Privacy Statement, please contact us at:

AiFi, Inc.
888 Airport Boulevard

Burlingame, California

DPO at dpo@aifi.com

Compliance contact: compliance@aifi.com

US Toll Free Phone Number: +1 650-446-4708

EU Toll Free Phone Number: +31 800-0223-304

If you have complaints about, for example, the way we use your data or how we respond to privacy-related questions, you can file a complaint with the Data Protection Authority or the California Privacy Protection Agency.