E
evaluate.hrBack to Home

Privacy Policy

Last updated: February 11, 2026

1. Introduction

At evaluate.hr, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

As a recruitment and HR platform, we handle sensitive personal information including candidate CVs, contact details, and assessment data. We take our responsibility as a data processor and controller very seriously.

2. Data Controller

evaluate.hr acts as both a data controller and processor, depending on the context:

  • As a Controller: For your account information, usage data, and platform analytics
  • As a Processor: For candidate data uploaded by HR teams and organizations using our platform

3. Information We Collect

3.1 Account Information

  • Email address
  • Full name
  • Role and permissions
  • Organization details
  • Authentication credentials

3.2 Candidate Data (Processed on Your Behalf)

  • CVs and resumes (PDF, DOC, DOCX formats)
  • Names, email addresses, phone numbers
  • Work experience and educational background
  • Skills and qualifications
  • AI-generated scores and assessments
  • Interview scores and notes

3.3 Usage Data

  • Platform activity and feature usage
  • Job creation and management data
  • System logs and error reports
  • Performance and analytics data

4. How We Use Your Data

We process personal data for the following purposes:

  • Service Delivery: To provide recruitment and candidate assessment services
  • AI Processing: To analyze CVs and generate candidate rankings using AI algorithms
  • Account Management: To manage your account, authenticate users, and provide support
  • Communication: To send service updates, notifications, and respond to inquiries
  • Compliance: To comply with legal obligations and enforce our terms
  • Platform Improvement: To analyze usage patterns and improve our services

5. Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on the following lawful grounds:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interest: For platform improvement, security, and fraud prevention
  • Legal Obligation: When required by law or regulatory requirements
  • Consent: Where you have explicitly provided consent for specific processing activities

For candidate data, the primary legal basis is typically contract performance (to provide recruitment services) and legitimate interest (for the recruitment process).

6. Data Retention

We retain personal data only as long as necessary:

  • Account Data: Retained while your account is active and for 90 days after closure
  • Candidate CVs: Retained according to your organization's retention policy or job completion (you control deletion)
  • Assessment Data: Retained for the duration of the recruitment process unless deleted by you
  • Usage Logs: Retained for 12 months for security and audit purposes

You have full control to delete candidate data, jobs, and associated files at any time through the platform.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted both during transfer and while stored, using industry-standard methods
  • Access Controls: Your data is restricted so only authorized team members can view it, based on their role
  • Authentication: Secure login through trusted providers like Google, with session protection
  • Infrastructure: Hosted on secure, independently audited cloud infrastructure
  • File Storage: CVs stored in private, access-controlled cloud storage
  • Regular Audits: Security assessments and vulnerability testing
  • Monitoring: Real-time threat detection and logging

8. Data Sharing and Third Parties

We do not sell or rent your personal data. We only share data with trusted third parties who help us deliver our services:

  • Cloud Database Provider: Secure data storage and user authentication (GDPR compliant)
  • AI Processing Provider: AI analysis and candidate scoring — used only when you activate scoring
  • Hosting Provider: Website hosting and global content delivery
  • Analytics: Aggregated, anonymized usage data (no personally identifiable information shared)

All third-party service providers are carefully vetted and legally required to protect your data under formal agreements that meet GDPR standards.

9. International Data Transfers

Your data may be processed in the European Union, United States, or other jurisdictions where our service providers operate. For transfers outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at privacy@evaluate.hr

11. Rights for Job Candidates

If you are a job candidate whose CV was uploaded to our platform:

  • You have the same GDPR rights listed above
  • You can request information about how your data is being processed
  • You can request deletion of your CV and associated data
  • You can object to AI-based processing and request human review

Please contact the organization that uploaded your CV, or reach us directly at privacy@evaluate.hr

12. AI and Automated Decision-Making

Our platform uses AI to analyze CVs and rank candidates. Under GDPR Article 22, you have the right to:

  • Be informed about the logic involved in automated decision-making
  • Request human intervention and review of AI-generated scores
  • Challenge and contest automated decisions

Important: AI scores are meant to assist HR professionals, not replace human judgment. Final hiring decisions are always made by humans.

13. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Platform functionality

We do not use advertising or tracking cookies. Analytics data is aggregated and anonymized.

14. Children's Privacy

evaluate.hr is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions, data subject requests, or concerns:

Email: privacy@evaluate.hr

Data Protection Officer: dpo@evaluate.hr

We aim to respond to all requests within 30 days as required by GDPR.

17. Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities can be found at https://edpb.europa.eu.

Back to Home