The Administration of the commercial portal Hireke (hereinafter referred to as the "Portal", "We", "Our", or "Us") recognizes the paramount importance of confidentiality, privacy, and security regarding the Personal Data of its Users. This Privacy Policy (hereinafter referred to as the "Policy") establishes the comprehensive framework for the collection, utilization, storage, cross-border transfer, and protection of information obtained from individuals (candidates, examinees) during their engagement with online assessment, verification, and proctoring services.
1. General Provisions and Scope
- 1.1. Consent to Processing: The utilization of the Hireke Portal services—including account registration, execution of qualification testing, and participation in video interviews—constitutes the User's explicit, unconditional, and legally binding consent to this Policy and the terms of personal data processing specified herein.
- 1.2. Compulsory Nature of Data Provision: In the event of disagreement with any terms set forth in this Policy, the User must immediately cease using the functionality of the Portal. Since the execution of verified testing and qualification assessments strictly requires robust identity verification, a refusal to provide the requisite categories of data shall render the provision of services by the Portal technically and legally impossible.
2. Applicable Legislation and Regulatory Framework
The Hireke Portal ensures a high standard of personal data protection in strict accordance with international legal standards and the national legislation of the jurisdictions where personnel evaluation and assessment services are actively rendered:
| Country / Jurisdiction | Applicable Legal Act / Regulatory Instrument |
|---|---|
| Republic of Kazakhstan | Law "On Personal Data and their Protection" No. 94-V dated May 21, 2013. |
| Republic of Uzbekistan | Law "On Personal Data" No. LRU-547 dated July 2, 2019. |
| Kyrgyz Republic | Law "On Personal Information" No. 58 dated April 14, 2008. |
| Republic of Armenia | Law "On Personal Data Protection" No. ZR-49-N dated July 1, 2015. |
| Georgia | Law "On Personal Data Protection" No. 3144-XI dated June 14, 2023. |
| Republic of Azerbaijan | Law "On Personal Data" No. 998-IIQ dated May 11, 2010. |
| International Standards (EU) | Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR) regarding the regulation of secure cross-border data flows. |
3. Categories of Processed Data
In alignment with the principle of data minimization, the Portal strictly collects and processes only those specific categories of data necessary for the high-quality execution of online assessments, identity verification, and system security against fraudulent behavior:
| Data Category | Detailed Composition of Collected Information |
|---|---|
| Registration Data | Surname, first name, patronymic (where applicable); electronic mail (email) address; contact telephone number; and the user-created password, which is stored securely in an encrypted format. |
| Professional Data (Profile) | Details regarding educational background, professional qualifications, specialized expertise, occupational history, curriculum vitae (CV), and any supplementary documents or information spontaneously uploaded by the User to present to prospective employers. |
| Assessment Results | Scores achieved, individual responses to testing metrics, analytical competence matrices, logical and quantitative performance indicators generated systematically upon the conclusion of testing. |
| Digital and Technical Data | Internet Protocol (IP) address, operating system specifications, web browser type, cookie files, timestamp logs of Portal access, and behavioral telemetry (including tracking page navigation and instances of minimizing or switching the test window). |
| Biometric Data (Proctoring) | Photographic snapshots of the face, continuous video recordings captured during the examination session via webcam, and algorithmic digital facial descriptors (facial templates). These elements are utilized exclusively for genuine identity validation (liveness check) and anti-cheating prevention. This processing is strictly subject to Section 3 of the Portal's Terms of Service. |
4. Purposes of Personal Data Processing
The Portal Administration processes personal data strictly for explicit, legitimate, and predefined professional purposes:
- Facilitating registration, user authentication, and ensuring the stable operational performance of the User’s personal account dashboard;
- Technical administration, coordination, and execution of online examinations, competency surveys, and asynchronous video interviews;
- Disclosing and transmitting assessment reports, profiles, and professional resumes to the specific Employer (testing client/sponsor) upon whose formal assignment or instruction the User undergoes the evaluation;
- Enforcing academic and professional integrity via proctoring control, including the prompt detection and prevention of fraudulent activities (such as impersonation, unauthorized external materials, or third-party collusion);
- Providing technical support, managing user inquiries, gathering qualitative feedback, and optimizing the platform interface.
5. Data Transfer to Third Parties and Cross-Border Exchange
- 5.1. Employer Access: The User hereby acknowledges and agrees that their specific testing diagnostics, scores, and associated profile metrics shall be made fully accessible to the designated Employer who initiated the assessment request via the Portal. In this context, the Portal operates strictly in the legal capacity of a Data Processor acting on behalf of and pursuant to the instructions of the respective Employer (who serves as the Data Controller).
- 5.2. Cross-Border Biometric Transfer: For the execution of advanced facial recognition and automated anti-fraud validation (liveness checks), the Portal may perform the cross-border transfer of biometric indicators and identity profiles to specialized international KYC (Know Your Customer) service providers. Such transmissions are executed exclusively under executed Standard Contractual Clauses (SCCs), which legally bind external counterparties to employ state-of-the-art cryptographic methods and enforce data security standards equivalent to the GDPR.
- 5.3. Prohibition of Commercialization: Under no circumstances shall the Portal sell, lease, transfer, or otherwise disclose the personal information of Users to any third-party entities for promotional, marketing, or commercial advertising initiatives.
6. Automated Assessment and Human Intervention
The proprietary algorithms embedded within the Hireke Portal systematically compute raw scores for completed assessments and log behavioral anomalies via webcam monitoring (proctoring controls). However, the Portal does not possess the authority to make automated decisions that produce legal or significant employment effects concerning the User. All final determinations regarding hiring suitability, test passage benchmarks, or candidate disqualification are exercised exclusively by authorized human resource personnel on the side of the Employer.
7. Retention Periods and Secure Information Destruction
- 7.1. Profile Data Longevity: Core User information (comprising the profile, credentials, and cumulative test history) is retained on the Portal throughout the operational lifecycle of the User's active account to preserve their eligibility for multiple ongoing or future employer recruitment cycles.
- 7.2. Proctoring Media Purging: Video recordings and snapshots captured via webcam during proctoring sessions are automatically and irreversibly expunged from the active systems within 30 to 90 days following the definitive validation of assessment results, unless a prolonged duration is mandated by specific safety regulations or compliance directives of a particular Employer-customer within the limits of applicable law.
- 7.3. Right to Erasure Execution: Upon the receipt of a formal account deletion request from the User, all personal information relating to that individual shall undergo thorough, irreversible erasure and wiping from the primary systems of the Portal and its associated partner servers within 30 calendar days.
8. User Rights as a Data Subject
Every individual utilizing the Portal is guaranteed the exercise of the following data subject rights:
- Right of Access: To obtain confirmation regarding what specific personal data are held on the Portal and to request a structured data export or transparency regarding the information transfer chain;
- Right to Rectification: To demand the immediate correction or update of inaccurate, incomplete, or obsolete personal data within their personal profile;
- Right to Erasure (Right to be Forgotten): To revoke consent to personal data processing at any time and request the complete, permanent deletion of their account registry;
- Right to Lodge a Complaint: To initiate formal proceedings with supervisory state authorities or data protection offices if the User reasonably believes their privacy rights have been infringed.
9. Data Protection Officer and Contact Information
For any inquiries, requests for modification, deletion, withdrawal of consent, or concerns relating to the technical and organizational protection of personal information on the Hireke platform, Users are invited to submit a formal request to the Information Security and Data Protection Service at the following email address: