General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

1. Introduction

Artha Job Board (“Artha,” “Company,” “we,” “us,” or “our”), operated by Knovator Technologies Pvt. Ltd., is committed to protecting the privacy and security of personal data. This GDPR Compliance Policy outlines how we collect, process, store, and protect data in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

2. Scope

This policy applies to all users, job seekers, employers, and partners interacting with our platform, applications, and services. It covers:

  • Data collection and processing practices.
  • User rights regarding their personal data.
  • Security measures implemented to safeguard data.
  • Procedures for handling data breaches.
  • Third-party processors involved in data processing.
  • Data retention and deletion policies.

3. Data Collection & Processing

Types of Data Collected:

  • Personal Information: Name, email, phone, address, date of birth, location, and IP address.
  • Professional Details: Resume/CV, job preferences, employer details, skills, employment history.
  • Usage Data: IP address, browser type, device information, activity logs, navigation patterns.
  • Technical Data: Cookies, API logs, error reports, session tracking.
  • Communication Data: Messages exchanged within the platform.
  • Financial Data: Payment transactions, billing details, subscription information.
  • Third-Party Data: Information from social media logins and integrations like LinkedIn.

Legal Basis for Processing Data:

  • Consent (Article 6(1)(a)) – When users voluntarily provide data.
  • Contractual necessity (Article 6(1)(b)) – Processing needed to provide services.
  • Legal obligations (Article 6(1)(c)) – Compliance with legal and regulatory requirements.
  • Legitimate interests (Article 6(1)(f)) – Business operations, fraud prevention, and platform security.

4. Data Protection & Security Measures

  • Access Controls: Role-based access, strong authentication mechanisms, and logging of access activities.
  • Encryption: Data encrypted at rest and in transit using industry-standard cryptographic techniques.
  • Network Security: Firewalls, intrusion detection systems, secure VPNs.
  • Regular Audits: Periodic security assessments, vulnerability testing, compliance reviews.
  • Data Minimization: Collecting only necessary data and ensuring data anonymization where possible.

5. Data Retention & Deletion Policy

  • Retention Periods:
    • User activity logs: 6–12 months.
    • Customer data: Retained during active subscription and deleted within 30–90 days post-termination.
    • Backups: Retained for 30–90 days.
  • Deletion Process:
    • Users can request data deletion via the user interface or support.
    • Data is securely erased from live systems within 90 days.
    • Backup data is purged within the same retention period.

6. Data Transfers & International Compliance

  • Artha Job Board stores data in India, utilizing Microsoft Azure cloud services.
  • Where data is transferred outside the EU, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and ISO 27001 compliance.

7. Data Subject Rights

Under GDPR, individuals have the right to:

  • Right to Access (Article 15): Request a copy of personal data held.
  • Right to Rectification (Article 16): Correct inaccuracies in personal data.
  • Right to Erasure (Article 17): Request deletion of personal data.
  • Right to Restriction of Processing (Article 18): Limit processing under certain conditions.
  • Right to Data Portability (Article 20): Request transfer of data to another provider.
  • Right to Object (Article 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Users can withdraw consent at any time.
  • Right to Lodge a Complaint: File complaints with the relevant Data Protection Authority.

8. Third-Party Processors & Sub-Processors

We work with the following service providers for processing personal data securely:

  • Microsoft Azure – Cloud hosting services.
  • Zepto (Zoho) – Email communication services.
  • AWS S3 – File storage services.
  • CloudFront – Content distribution for speed and performance.
  • Stripe, Razorpay, PayPal – Payment processing.
  • Firebase – Cross-platform mobile application development.
  • Amplitude – User behavior tracking and analytics.
  • Google Apps (Calendar, Analytics, Tag Manager) – Scheduling, tracking, and performance analysis.
  • Facebook Ads (FCP), Google Ads (GCP) – Advertisement tracking.
  • Twilio – SMS notifications and OTP services.

8. Data Breach Response Plan

  • Detection & Containment: Immediate identification of breaches and containment measures.
  • Regulatory Reporting: Notification to affected users and regulators within 72 hours.
  • Investigation & Remediation: Root cause analysis, resolution, and future mitigation strategies.

10. Cookie & Tracking Policy

We use cookies for essential functionality, performance analytics, and marketing. Users can manage preferences via browser settings or opt-out mechanisms.

11. Payment & Transaction Processing

  • Artha processes payments securely through third-party payment providers.
  • Users can review pricing details before purchasing services.
  • All transactions comply with PCI-DSS security standards.

12. Contact Information

For any data protection inquiries, please contact our Data Protection Officer (DPO):

DPO Contact Details:

  • Name: Sagar Modhwaniya
  • Email: legal@arthajobboard.com
  • Phone: +1 305 600 0455
  • Mailing Address: First Floor, B/45-46, RamKrishna Society, Lambe Hanuman Rd, near Ram Krushna School, Surat, Gujarat 395006

This policy is reviewed periodically to ensure compliance with GDPR and relevant regulations. Users will be notified of significant updates.