Pynea Privacy Policy

1. Important information and who we are

   Welcome to Pynea Technology Limited's Privacy Policy ("Privacy Policy").

   Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it.

   At Pynea Technology Limited ("we", "us", or "our"), owned by Pynea Holdings, we are committed to protecting and respecting your privacy and Personal Data in compliance with applicable data protection laws including:

   1. EU: The Regulation (EU) 2016/679 General Data Protection Regulation ("GDPR")
   2. UK: the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.

   This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, and how the law protects you.

2. When this policy applies

   This Privacy Policy applies to your use of:

   • Pynea mobile application software ("App") hosted on the Apple App Store and Google Play, once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device ("Device").
   • Our website at www.pynea.com ("Site").
   • Any of the services accessible through the App or Site ("Services").

   This Privacy Policy applies to all Personal Data collected and processed at any time by us.

3. Your data controller and data protection officer

   Pynea Technology Limited ("Pynea") is your Data Controller and responsible for your Personal Data.

   We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Data please contact the DPO using the details set out below:

   Email: data@pynea.com
   Postal address: 3rd Floor 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom

   You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

   Pynea acts as a data controller in relation to your use of our App and Site, including but not limited to your profile/account data.

   Where you apply for roles through our Services, we may also process your Personal Data on behalf of recruiting organisations (such as employers or recruitment partners). In these cases, those organisations act as independent data controllers, and Pynea acts as a data processor in relation to specific processing activities carried out on their behalf. This may include the use of tools (including AI-based tools) to analyse or structure your application materials in accordance with the instructions of the relevant recruiting organisation.

   The recruiting organisation is responsible for how your Personal Data is ultimately used in the recruitment process. You should refer to their privacy information for further details on their processing activities.

1. Types of data / Privacy Policy scope

   "Personal Data" means any information about a living individual from which that person can be identified.

   We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. We have set out below what we collect and when we collect it from you:

   Profile/Identity Data

   This is data relating to your first name, last name, gender, date of birth, CV Data, audio submitted during sign-up / recruiting process; this may involve AI based tools which can summarise and score your responses for recruiters.

   Contact Data

   This is data relating to your phone number, addresses, email addresses, phone numbers.

   Services Data

   This is the personal data you voluntarily upload using our App or Site for example, when you post or when you use the messaging function such as photos and interests.

   Marketing and Communications Data

   This is your preferences in receiving marketing information and other information from us.

   Billing Data

   This is information relating to your debit and credit card information such as the name attached to your payment details and your billing address.

   Transactional Data

   This is information of details and records of all payments you have made for our Services including details of in-App purchases.

   Technical Data

   This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.

   Customer Support Data

   This includes feedback, bug reports and survey responses.

   Usage Data

   Information about how you use our App, Site or Services.

   Device Data

   Includes the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting. We will only collect this information with your consent through cookies, as per our Cookies Policy, below.

   Location Data

   We also use GPS technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.

   Please do not upload or share sensitive personal data on our platform, as this is not needed and will not be processed for applications.

   We also collect anonymized data and will aggregate personal data so that it can no longer be associated with you. Although this aggregated data may be based in part on Personal Data, it does not identify you personally.

   We use this information to help us understand our product and better serve you and others.

   We may also process what is known under the GDPR as special categories of Personal Data. We do not ask you to provide any special category data and may only process this via any content or information that you choose to upload via our Services.

2. The legal basis for collecting that data

   There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

   "Consent": Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or 'opt in' to a service.

   "Contractual Obligations": We may require certain information from you in order to fulfill our contractual obligations and provide you with the promised service.

   "Legal Compliance": We're required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.

   "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your name, so that we have a record of who to contact moving forwards.

1. Our data uses

   We will only use your Personal Data when the law allows us to.

   Set out below is a table containing the different types of Personal Data we collect and the lawful basis for processing that data. Please refer to section 2.2 for more information on the lawful basis listed in the table below.

   Purpose	Type of data	Lawful basis	Notes
   To administer and protect our business, the App and Site including troubleshooting, data analysis and system testing	Profile/Identity Data Services Data Contact Data Device Data	Legitimate Interest Our Contractual Obligations with you	For running our business, provision of administration and IT services, network security.
   To monitor trends so we can improve the App and Site	Profile/Identity Data Contact Data Marketing and Communications Data Usage Data	Legitimate Interest Consent (for non-essential activities, cookies, marketing)	—
   To develop our products/Services and grow our business. When you create or interact with content	Usage Data	Our Contractual Obligations with you	We collect and process product Usage Data through general usage of the App and Site in order to tailor the experience to you.
   To detect, investigate, and prevent fraudulent transactions and other illegal activities	Profile/Identity Data Billing Data Technical Data Device Data	Legitimate Interests Compliance with legal obligations (where applicable)	We do this to protect the rights, property, or safety of you and other users and Pynea.
   When you are referred to us through a contact	Profile/Identity Data Contact Data	Legitimate Interest	When you were invited by your contact. If you do not become a user, we will remove your details after 60 days.
   Providing you promotional or tailored content	Profile/Identity Data Contact Data Usage Data	Consent	When you opt-in to receive marketing materials
   Summarising your CV and audio responses to hiring questions	CV Data Answers to application questions	Legitimate Interest	When you apply for a position, your information is summarised and you may receive questions that have been tailored to you using AI software.

1. Your legal rights

   You may have the following rights under data protection laws in relation to your personal data:

   • Right to be informed. You have a right to be informed about our purposes for processing your personal data, how long we store it for, and who it will be shared with. We have provided this information to you in this policy.
   • Right of access.This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it (also known as a "data subject access request"). See section 4.5 below for more details on how you can make a data subject access request.
   • Right to rectification. You have a right to request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
   • Right to erasure. You have the right to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
   • Right to object. You can object to the processing of Personal Data we hold about you. This effectively allows you to stop or prevent us from processing your Personal Data. Note that this is not an absolute right and it only applies in certain circumstances, for example:
     1. Where we are processing your Personal Data for direct marketing purposes.
     2. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

     In some cases, we may continue processing your data if we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. This may also apply where processing involves sale or sharing of your Personal Data with third parties for their independent use, where provided for under applicable law.

   • Right to restrict processing. You have the right to request the restriction or suppression of their Personal Data. Note that this is not an absolute right and it only applies in certain circumstances:
     • If you want us to establish the data's accuracy.
     • Where our use of the data is unlawful but you do not want us to erase it.
     • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
     • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
   • Right to data portability. You have the right to request the transfer of your Personal Data to you or to a third party. If you make such a request, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

   If you wish to make a request under any of these rights, please contact us at data@pynea.com.

2. Your control over our use of your Personal Data

   You may delete your account at any time – this will remove your account page from our systems and our related software.

   You can access information associated with your account by logging into your account you created with us.

   Your account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or Device and by signing off after you have finished accessing your account.

   It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during our relationship with you. You can do this in your account.

3. How we protect customers' Personal Data

   We are concerned with keeping your data secure and protecting it from inappropriate disclosure. We implement a variety of security measures to ensure the security of your Personal Data on our systems. Your information is protected on secured servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology.

   We implement technical and organisational measures to ensure your data is protected, including but not limited to:

   • Encryption of Personal Data in transit and at rest;
   • Access controls and role-based access restrictions;
   • Pseudonymisation or data minimisation where appropriate;
   • Secure storage and transfer protocols;
   • Ongoing monitoring and assessment of recipient security practices;
   • Contractual obligations requiring confidentiality, security, and onward transfer restrictions; and
   • Internal policies and procedures governing data handling and incident response.
4. Opting out of marketing promotions

   You can ask us to stop sending you marketing messages at any time by emailing data@pynea.com or clicking the unsubscribe link present in marketing communications.

   Where you opt out of receiving these marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.

5. How to request your data and the process for obtaining it

   We may need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

1. Sharing your data with third parties

   We may share non-Personal Data with third parties. We may also share your Personal Data with the following categories of recipients:

   • Recruiting organisations, employers and recruitment partners, who act as independent data controllers in relation to recruitment processes;
   • Service providers who process data on our behalf, including cloud hosting providers, analytics providers, payment processors, and communication service providers, who are subject to confidentiality obligations and may only use your Personal Data in accordance with our instructions;
   • Affiliates and group companies within the Pynea group;
   • Professional advisors (such as legal, accounting, or audit advisors) where necessary; and
   • Third parties in connection with a business transaction, such as a merger, acquisition, sale of assets, or licensing of our technology.

   We may also disclose your Personal Data where required to do so by law, regulation, or legal process, or where necessary to enforce our terms, protect our rights, property or safety, or that of our users or others.

   If Pynea Technology Limited is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. In such cases, the acquiring entity's privacy policy may govern the further use of your Personal Data. In all other situations, your Personal Data will continue to be protected in accordance with this Privacy Policy.

We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for and for the duration of your account being open plus 24 months. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

You must not use our App or Services unless you are aged 18 or older. If you are under 18 and you access our App or Services by lying about your age, you must immediately stop using the App or Services.

The App is not intended for children and we do not knowingly collect data relating to children.

We may transfer your Personal Data to countries outside the United Kingdom ("UK") and European Economic Area ("EEA"), including to service providers and partners who support the operation of our Services. Where we do so, we ensure that appropriate safeguards are in place to protect your Personal Data and to ensure it is treated securely and in accordance with applicable data protection laws.

In particular, where Personal Data is transferred outside the UK or EEA, we rely on one or more of the following safeguards:

• Adequacy decisions: where the recipient country has been recognised by the UK or European Commission as providing an adequate level of data protection;
• Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) (or UK Addendum to the SCCs), approved by the relevant authorities, which contractually require recipients to protect Personal Data to equivalent standards;
• EU–US Data Privacy Framework (DPF) (and the UK Extension to the DPF), where applicable, for transfers to participating organisations in the United States.

Where required, we also implement supplementary technical and organisational measures to ensure an appropriate level of protection for transferred Personal Data. These may include:

• Encryption of Personal Data in transit and at rest;
• Access controls and role-based access restrictions;
• Pseudonymisation or data minimisation where appropriate;
• Secure storage and transfer protocols;
• Ongoing monitoring and assessment of recipient security practices;
• Contractual obligations requiring confidentiality, security, and onward transfer restrictions; and
• Internal policies and procedures governing data handling and incident response.

We assess transfers on a case-by-case basis and, where necessary, carry out transfer risk assessments to evaluate whether the laws and practices of the destination country may affect the level of protection afforded to your Personal Data.

If you would like further information about the safeguards we use when transferring Personal Data internationally, you may contact us using the details provided in this Privacy Policy.

We use cookies and similar technologies to ensure our App functions properly, to analyse usage, and to improve user experience.

We use the following categories of cookies:

• Strictly necessary cookies - required for the App to operate
• Analytics cookies - help us understand how users interact with the App
• Functional cookies - enable enhanced features and preferences

We use a cookie consent tool provided by Cookiebot.

When you first visit our App, you can choose which non-essential cookies to accept. You can change or withdraw your consent at any time by clicking the "Cookie Settings" link available in the footer.

For detailed information about the cookies we use, including their purpose, duration, and providers, please refer to the cookie banner.

We keep our Privacy Policy under review and will place any updates here and where necessary we will notify of any change by sending you an email with details of the change or notifying you of a change when you next start the App or access our Site. For questions or concerns, please contact us at dpo@pynea.com.

We use tools, including artificial intelligence (AI), to support recruitment processes carried out through our Services.

When you apply for a role, we may process information such as your CV, responses to application questions, audio submissions, and performance in any assessments, challenges, or events made available through the platform. These tools may be used to generate summaries of your application, identify relevant skills, experience or attributes, provide insights or indicators to assist recruiters in evaluating candidates, and support the presentation of candidate profiles within the platform. Where these activities are carried out in connection with a job application, the relevant recruiting organisation (such as an employer or recruitment partner) acts as the data controller and determines how your Personal Data is used in the recruitment process. In these cases, Pynea acts as a data processor, processing Personal Data on behalf of that organisation and in accordance with their instructions.

The insights generated by these tools are intended to support human decision-making and do not result in automated decision-making. Final decisions regarding candidates are made by the recruiting organisation.

We do not use your Personal Data to train or improve AI models unless you have provided your consent.