StaffFinder Privacy Policy

The platform may collect personal identification information including name, date of birth, nationality, gender, and location.

Contact information such as email address, phone number, and preferred communication method may be collected.

Professional data including employment history, job titles, employers, education, certifications, and skills may be processed.

Users may upload documents including CVs, certificates, reference letters, photos, and video recordings.

Employers may provide company information including legal company name, address, trade licence, website, and venue details.

Contact persons, hiring managers, and recruitment team members may also be registered on the platform.

The platform generates operational data including account creation date, verification status, profile updates, job invitations, hiring outcomes, and internal platform ratings.

Usage data including search history, login activity, and communication logs may also be recorded.

The platform records messages exchanged between employers and candidates through the internal messaging system.

Timestamps, participants, and message history may be stored for operational and compliance purposes.

The platform may collect IP addresses, browser type, device identifiers, operating system information, and login activity.

This information is used for security monitoring, fraud prevention, and service optimisation.

Personal data is processed to operate the platform, match candidates with employers, verify candidate profiles, process payments, and maintain platform security.

Data may also be used for service notifications, job alerts, interview confirmations, reminders, and operational communications.

We process personal data on the following lawful bases under the PDPL and applicable law:

• Contract performance: Processing necessary to provide the platform services you have registered for, including account creation, candidate-employer matching, profile hosting, and payment processing.
• Consent: Processing for optional features including job alert notifications, marketing communications, AI-assisted profile analysis, and advertising cookies. You may withdraw consent at any time via your account settings or by contacting admin@stafffinder.io.
• Legal obligation: Processing required to comply with applicable laws, including anti-fraud obligations, tax and financial record-keeping, and regulatory requirements.
• Legitimate interests: Processing for platform security, fraud prevention, analytics, and service improvement, where these interests are not overridden by your rights. You may object to processing on this basis as described in Section 16.

Recruitment profiles may contain data that is sensitive in nature or capable of revealing special category information. For example, nationality and photos may indirectly reveal ethnic or national origin; uploaded documents may reference health certifications or religious observance; and video recordings may reveal physical characteristics.

We do not actively solicit sensitive or special category data beyond what is necessary for recruitment matching. Where sensitive data is included in uploaded documents or profiles, it is processed only to the extent necessary for matching and verification purposes, and with your consent where explicitly required by applicable law. We apply heightened access controls and security measures to data that may be sensitive in nature.

If you do not wish sensitive data to be processed, you should not include it in your profile or uploaded documents. You may request deletion of specific data at any time via admin@stafffinder.io.

The platform may use artificial intelligence tools to analyse CVs, parse professional profiles, and assist with profile completion.

AI tools may process candidate documents and structured profile information for recruitment matching and verification purposes.

Where AI is used to rank, score, or match candidate profiles, this involves automated processing of professional data to identify relevant candidates for employer searches. The logic applied considers factors such as job title, experience, qualifications, location, and skills relative to employer search criteria. Verification status may also influence ranking.

We do not make solely automated decisions that produce legal or similarly significant effects on candidates without human oversight. Employers make independent hiring decisions based on the information presented. If you believe an automated process has produced an outcome that significantly affects you, you may request human review by contacting admin@stafffinder.io. We will respond within 30 days.

Payments are processed through secure third party providers including Stripe or similar payment processors.

The platform does not store full credit card numbers or security codes.

Platform infrastructure is hosted using AWS cloud services located in Frankfurt, Germany.

Database services are operated using Supabase.

Additional infrastructure providers may be used to support platform operations.

The platform may engage third party providers including hosting services, AI processing services, payment processors, analytics providers, messaging services, and communication platforms.

Examples may include AWS, Supabase, OpenAI, Anthropic, Convertio, Resend, Stripe, Meta messaging services, and Google Analytics.

Because the platform operates globally, personal data may be transferred to and processed in jurisdictions outside the UAE. The following categories of recipients and applicable transfer mechanisms apply:

• Cloud hosting and database providers (AWS Frankfurt, Germany; Supabase): Germany is within the EU, which is recognised as providing an adequate level of data protection. Transfers to AWS Frankfurt rely on this adequacy.
• AI service providers (OpenAI, Anthropic — United States): The United States does not currently hold a UAE adequacy designation. Transfers are carried out using standard contractual clauses or equivalent contractual safeguards approved under the PDPL and its Executive Regulations, or the providers' applicable data protection frameworks.
• Payment processors (Stripe — United States/EU): Transfers rely on standard contractual clauses or EU adequacy where processing occurs within the EU.
• Analytics and advertising providers (Google Analytics, Meta — United States): Transfers are subject to the providers' own data protection frameworks and standard contractual clauses. Users may manage consent for these providers via the cookie consent banner.

A full list of subprocessors and applicable transfer mechanisms is available on request by contacting admin@stafffinder.io.

The platform uses cookies and analytics technologies to improve user experience and measure platform performance.

Analytics tools such as Google Analytics may be used.

If a user deletes their account, personal data will be removed from platform systems within 48 hours unless retention is required by law.

Certain operational records may be retained for compliance, fraud prevention, or dispute resolution.

Under the UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL) and applicable law, you have the following rights in relation to your personal data:

• Right of Access: You may request a copy of the personal data we hold about you and information on how it is processed.
• Right to Rectification: You may request that inaccurate or incomplete personal data be corrected or updated.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other lawful basis applies.
• Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances, for example while a correction request is pending.
• Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to Human Review: Where you believe an automated process has significantly affected you, you may request human review as described in Section 9.
• Right to Complain: You have the right to lodge a complaint with the UAE Data Office (www.uaedataoffice.gov.ae) if you believe your personal data has been processed in breach of applicable law.

To exercise any of the above rights, please contact admin@stafffinder.io or use the relevant controls in your account settings. We will respond to your request within 30 days. In complex cases we may extend this by a further 30 days with notice. Some rights may be subject to limitations under applicable law.

The platform implements technical and organisational measures designed to protect personal data against unauthorised access, loss, or misuse. These include encryption in transit and at rest, access controls, regular security reviews, and secure cloud infrastructure.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected users and, where required by applicable law, the relevant regulatory authority (UAE Data Office) without undue delay. Notifications will include the nature of the breach, the data affected, and the steps taken or planned to address it.

The platform may update this Privacy Policy from time to time.

Updated versions will be published on the website.