Terms & Conditions of Service

For the purposes of these Terms and Conditions, the following definitions shall apply:

2.1. These Terms determine the strict legal procedure for interaction between the Operator and the User during the collection, processing, and protection of information transmitted through the Portal. Data processing is carried out based on the principles of legality, transparency, confidentiality, and strict purpose limitation.

2.2. The User freely, of their own free will and in their own interest, gives full and informed consent to the Operator for the automated and non-automated processing of the following categories of personal data:

• Identification data: surname, first name, patronymic (if any), contact phone number, valid email address.
• Professional data: information on education, academic performance, qualifications, certificates, employment history, curriculum vitae (CV), and other documents uploaded by the User to the Portal.
• Technical data: network IP address, cookies, information about the user's device, operating system, browser type, and geolocation data.

2.3. Purposes of processing general data: Ensuring the comprehensive and seamless functioning of the Hireke Portal, providing the User with access to their personal account, administering verified online testing procedures, evaluating results, compiling competency reports, and organizing interaction regarding potential employment.

3.1. Based on the technological and commercial specificities of the Hireke Portal, the core function of which is to conduct strictly controlled and trusted testing, the collection and processing of biometric personal data are recognized as a critically mandatory condition of service (Condition of Service). This measure is aimed solely at preventing academic fraud, excluding the passing of tests by third parties (anti-fraud monitoring), and continuous verification of the test-taker's identity (liveness check).

3.2. Registration, authorization, and access to test materials without fulfilling the condition of providing biometric data are technically and legally not provided for by the business model and security architecture of the Portal.

3.3. Composition of processed biometric data: Processed biometrics include photographic images of the User's face (including selfies), video recordings of the testing process (liveness check), as well as mathematically generated algorithmic facial patterns (face embeddings) used exclusively for automated identification and verification of identity matches.

3.4. Security guarantees during biometric processing:

• Biometric data of Users is strictly prohibited from being used for marketing, advertising, or commercial purposes, as well as for profiling and decision-making by automated systems not related to account verification.
• The Operator undertakes to apply industry-standard asymmetric and symmetric cryptographic encryption of biometric templates.
• Mathematical patterns (embeddings) are not subject to reverse engineering (i.e., reconstruction of the original graphic image of the face from the digital code).
• The retention period of biometric data is strictly limited to the time required to perform KYC (Know Your Candidate / Identity Verification) procedures and evaluate the correctness of passing the test.
• The original media files (photos and videos) are subject to irrevocable and irreversible destruction immediately upon completion of the verification, unless otherwise established by mandatory norms of applicable national legislation.

4.1. The User provides the Operator with direct, conscious, and unambiguous consent to the cross-border transfer of their personal (including biometric) data to servers, cloud infrastructures, and databases located outside the country of their permanent residence. The transfer of biometrics and general data is carried out to specialized international identification service providers (Clerk, Vercel, Convex).

4.2. Protection guarantees based on Standard Contractual Clauses (SCC): To ensure the protection of data subjects' rights during international data exchange, the Operator guarantees that any cross-border transfer (especially of biometric parameters) to foreign Data Processors is implemented exclusively on the basis of signed Standard Contractual Clauses (SCC).

4.3. The applicable legal modules of the SCC include the following mandatory obligations:

• The obligation of the foreign Processor to implement and maintain technical and organizational data protection measures corresponding to global-level information security standards (Tier-1 / Big 4), including encryption of data transmission channels using protocols not lower than TLS 1.2, as well as mandatory encryption of stored arrays of biometric personal data (Data-at-Rest) using international cryptographic protection standards.
• A categorical prohibition for the Processor to transfer, disclose, or provide access to biometric data to any third parties or subcontractors without the prior written consent of the Operator and the execution of a similar SCC agreement with the subcontractor.
• The obligation of the Processor to immediately, but in any event no later than 72 hours from the moment of detection, notify the Operator of any security incidents resulting in a data breach, compromise, or unauthorized access to personal data (Data Breach).
• Ensuring the unhindered exercise of all rights of the Data Subject provided by applicable international law, even within the national jurisdiction of the foreign Processor.

5.1. Within the framework of the applicable national legislation of the CCA countries and international law, the User possesses the following inherent rights:

• Right of Access: The User has the right to request from the Operator confirmation of the fact of processing, information on the purposes, methods, and sources of obtaining data, the composition of processed PD (including biometric patterns), as well as a list of persons to whom the data was transferred as part of cross-border exchange.
• Right to be Forgotten / Destruction: The User is entitled to demand the complete removal and destruction of their general and biometric data from the Operator's servers, as well as by all foreign Processors bound by the terms of the SCC, in the absence of other legal grounds for their retention.
• Right to Withdraw Consent: The User may withdraw this consent at any time by sending an official written request to the Operator's email address.

5.2. Important legal consequence: Since the processing of PD and biometrics is an inherent and mandatory condition of service (Condition of Service), the withdrawal of consent by the User or their refusal to undergo biometric verification entails the automatic and immediate termination of these Terms, blocking of the account, and the inability to further use the Hireke Portal and pass tests.

6.1. Foreign Processors bear independent liability for compliance with technical and organizational security measures when processing data transferred to them in accordance with the terms of the signed Standard Contractual Clauses (SCC). The Operator shall not be liable for unforeseen information security incidents that occurred on the side of the Processors (including hacker attacks, force majeure circumstances, or intentional unlawful actions of third parties), provided that the Operator took standard measures to verify the legal status and compliance of the data protection systems of the said Processors upon concluding the contract.

6.2. The Operator is obliged to regularly perform internal control and technical audits of the compliance of the Processors' security systems with the requirements of applicable law. Dispute resolution mechanisms concerning a breach of confidentiality are governed by the substantive law specified in the main User Agreement of the Portal.

7.1. The placement of an interactive mark (checkmark) by the User in the corresponding checkbox in the Portal's interface is recognized as an analog of the User's handwritten electronic signature and signifies the expression of their full, informed, and unconditional consent to all provisions of this document.

7.2. Below is the approved layout for integration into the digital interface of the Hireke Portal: