PRIVACY NOTICE

Policy version: 12.03.2024

We, at Vinter AI (“Vinter AI”, “we”, “us” or “our”), respect your privacy and recognize the importance of providing a secure environment for your personal data. We are committed to transparency in the collection and processing of your personal data.

Vinter AI specializes in assisting companies with talent and interview management, integrating assessment tools powered by artificial intelligence. Whether you are visiting our website, using our services, or participating in our events, we may process your personal data in various ways.

This privacy notice (“Privacy Notice”) explains how and why we collect, store, use and/or share your personal information, when you visit our website at https://www.vinter.me (“Website”), engage with, and use our services (“Services”) or attend our events.

SUMMARY OF KEY POINTS

This summary highlights key points from our Privacy Notice. You can find out more details about any of these topics by clicking the link below or by using our table of contents to locate the section you are looking for.

• We collect personal information based on how you interact with our Services, the choices you make, and the features you use.
• If you are a job candidate (“Candidate”) or employee (“Employee”) using our Services on behalf of our customer ("Customer"), we collect your personal data on behalf of our Customers in accordance with the agreements we have with them. In such cases, we act as a data processor, collecting and processing your personal information on their behalf and in accordance with their instructions. The types of information typically collected are described in detail in the section below. For further information about how your personal data is processed, you should contact the relevant Customer or refer to that Customer’s Privacy Notice.
• If you attend or register to attend Vinter AI -sponsored events or other events at which Vinter AI (and/or its representatives) participate, we may process your personal data. Learn more.
• You can access the Turkish version of the Privacy Notice here. / Privacy Notice metninin Türkçe versiyonuna buradan ulaşabilirsiniz.

TABLE OF CONTENTS

• What types of Personal Data do we process and how do we collect it?
• For what purpose do we process your data?
• On which legal basis do we process your Personal Data
• Cookies and similar tracking technology
• With whom do we share your Personal Data?
• Transferring your Personal Data out of the UK and EEA
• How do we protect your Personal Data
• Your Rights
• Keeping your Personal Data secure
• Changes to this Privacy Notice
• How to contact us

1. What Types of Personal Data Do We Process and How Do We Collect It?

When You Browse Our Website:

You may provide us with certain information, including:

• Information related to your request: When you reach out to our customer support team, we may collect information about your request, identity (name surname) and your contact details (such as name, email address, telephone number, and company details). We may also collect details of your feedback purchase and/or demo requests regarding our Services, and customer survey details.

We may automatically collect your certain information, including:

• Browser and Device Information: such as the type and version of the browser or device, internet service information, certain browser settings like language, time, time zone, and Internet Protocol (IP) address.
• Unique Online Identifiers: if available, identifiers that enable us to recognize a browser or device across different content, such as device IDs, and cookie IDs.
• Usage information: information about activity on the digital content visited, such as visited pages, searches, or links clicked.

Some of this personal data may be collected through the use of cookies and similar tracking technologies, as detailed in our Cookie Notice.

We may collect your information from third parties, including:

• Your Consent String: When you visit our Website, our consent management platform (CMP) provider obtains your consent for our processing activities. The CMP provides us with your consent string, indicating your preferences on our respective processing activities.
• Interest Segments: (e.g., interest information reflecting your interests as may be derived from your behaviour, such as your internet activity).

When You Access and/or Use Our Services:

If you've created a candidate account (Candidate) or if you've created a company account as an employee of our Customer (Employee) and are using our Services on their behalf, we may collect and process your personal data. In such cases, we act as a data processor and collect your personal data on behalf of our Customer and based on their instructions.

• Interview Details: If you participate in a job interview via our Services, we may collect personal data such as employment history, qualifications, experiences, abilities, work style, certifications & courses, and other responses to questions created by our Customer, as well as submissions in various media formats, including video/audio interviews. This may also include recording of audio and video during the interview process. In this category, we act as a data processor in terms of personal data.

The cases in which we act as a data controller are as follows:

You may provide us with certain information, including:

• Account information: If you are an Employee and create an account on behalf of the Customer to access our Services, we collect your login data, including your name, email address, password, and professional details such as title, job, and division. Additionally, if you are a Candidate and you’ve been invited to Vinter AI by our Customer and wish to participate in the interview process by creating an account, we process your personal data such as your full name, email address, and social media links.
• Contact Details: When you reach out to our customer support team, we may collect information about your request and your contract details (such as name, email address, telephone number, and company details).

We may automatically collect your certain information, including:

• Browser and device information: such as the type and version of the browser or device (device brand and model), internet service information (e.g., internet service provider used by you), certain browser settings like language, time, time zone, and Internet Protocol (IP) address.
• Unique Online Identifiers: if available, identifiers that enable us to recognize a browser or device across different content, such as mobile ad identifiers, device IDs, and cookie IDs, Apple IDFA, and Android Advertising ID.
• General Geographic Location: precise geographic location, if available from the device.
• Usage information: information about activity on the digital content visited, such as visited pages, searches, or links clicked.

Some of this personal data may be collected through the use of cookies and similar tracking technologies, as detailed in our Cookie Notice.

When You Attend or Register to Attend Events:

We may process personal information from attendees who provide their information to Vinter or its representatives when they attend or register for Vinter-sponsored events or other events in which Vinter (and/or its representatives) participates.

You may provide us with certain information, including:

• Attendee Information: We may ask for and collect personal information such as your name, address, phone number and email address when you register for, or attend a sponsored event or other events at which Vinter (and/or its representatives) participates.

2. For what purposes do we process your data?

We process your personal information for various purposes, which vary based on your interactions with our Services. To ensure transparency and enhance understanding, we have categorized the types of data collected through our Services, our Website, and events.

Provision and improvement of our Services

• • to provide our Services.
  • to allow you to use our Services.
  • to manage the sales and post-sales support service processes.
  • to conduct membership, registration, activation, and user verification processes.
  • to contact with you regarding account activation and password management.
  • to match the Employee who makes a purchase request with the Customer.
  • to contact you for administrative purposes: Managing our business operations/audit.
  • to provide technical / customer service support and respond to your requests.
  • To manage customer relations processes.
  • To conduct customer satisfaction activities.
  • to operate, maintain, enhance, and provide all the features within the Website and Services.
  • to improve the way the Website and Services work.
  • to manage the training processes related to the subscription package provided to the Customer and the Services included within this scope.
  • to create new features and functionality.
  • to monitor and analyse the effectiveness of the application and evaluation activities.
  • to remember you for your next visit to our Website, so you will not have to re-enter your information during your visit or the next time.

Personalization of your experience

• • to personalize the Website and Services based on your preferences and interests.
  • to send emails related to the Services that we believe may be of interest to you, provided it aligns with your preferences. In this scenario, you will have the option to opt out of receiving such communications or update your preferences through the Services.
  • to provide marketing communications to you: Depending on your settings, we will share marketing communications with you.
  • to notify you of any upcoming marketing, training or other events that we think may be of interest to you based on your preferences and previous interactions.

Compliance with our legal or regulatory obligations

• to comply with applicable laws.
• to enforce our terms and conditions.
• to protect our rights, privacy, safety, and/or that of our Website visitors, users, attendees and others.

If you're a Candidate or Employee and we collect your personal data via the Services, it's on behalf of our Customers, as outlined in our Subscription Agreement with them. For details on why Customers process your data (purpose of processing), please reach out to the relevant Customer (Employer) or refer to their privacy notice.

In addition, we may use the information we collect from Attendees for the following purposes:

• to send commercial communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, and events about us; and send other news or information about us and our partners.

3. On which legal bases do we process your Personal Data

Under data protection law, we can only use your personal data if we have proper legal grounds. When we act as a data controller, we process your personal data for the purposes described in this Privacy Notice, based on the following legal grounds:

• Consent: We process your personal data if you have provided consent via a consent management platform available on our Website for a specific purpose. You have the right to withdraw your consent at any time, for example, by adjusting your privacy settings.
• Contractual necessity: We process your personal data for the performance of a contract with you or to take steps before entering into a contract to which you are a party.
• Legal obligations: In some cases, we may process your personal data to comply with legal or regulatory obligations, such as tax and accounting requirements or legal disputes.
• Legitimate interests: We process your personal data when it is necessary for our legitimate interests, provided that this processing is balanced against your rights and interests, with appropriate safeguards in place to protect your privacy.

If you are a Customer's Employee and/or an Attendee, Vinter AI may send you commercial communications based on your communication preferences. Vinter AI may also send service-related communications. You can manage your receipt of commercial communications by clicking on the “unsubscribe” link located at the bottom of such emails, through your account settings if you have a Vinter AI account, or by sending a request to [email protected].

4. Cookies and similar tracking technology

A cookie is a small text file placed onto your device (such as a computer, smartphone, or other electronic device) when you use our Website. We utilize cookies and other tracking technologies, such as web beacons, action tags, and single-pixel gifs, to help us recognize you and your device, and to store certain information about your preferences or past actions.

For more details regarding cookies and similar technologies, our utilization of cookies, instances where we will seek your consent before placing them, and instructions on how to disable them, please refer to our Cookie Notice.

5. With whom do we share your Personal Data?

In order to provide you with the best service and to carry out the purposes described in this Privacy Notice, your data may be transferred:

• to Customers,
• to law enforcement, body, regulatory, government authorities or courts
• to a cloud based storage providers

As stated above, if you are a Candidate or Employee and we are collecting your personal data through the Services, we will be collecting it on behalf of our Customers, in accordance with the agreements that we have with them. For further information about how your personal data is shared with third parties, you should contact the relevant Employer or refer to that Employer’s Privacy Policy/Notice.

6. Transferring your Personal Data outside of the UK / EEA

We want to make sure that your personal data are stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK / European Economic Area (EEA) where it is in line with applicable law, and we will require that there is an adequate level of protection for your personal data, and that appropriate security measures are in place.

In such cases where your personal data is transferred outside of the UK / EEA we will require that the following safeguards are observed:

• The laws of the country to which your personal data is transferred ensure an adequate level of data protection;
• By way of data transfer agreement, incorporating the standard data protection contractual clauses (SCC’s) approved by the European Commission or International Data Transfer Agreement (IDTA) approved by the UK Government; or
• Any other applicable appropriate safeguards under the DPA 2018 / GDPR 2018.

To ensure that your personal data receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal data is treated by those third parties in a way that is consistent with, and which respects the law on data protection.

7. How do we protect your Personal Data

We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We update and test our security standards on an ongoing basis. In addition, we take reasonable steps to assure that third parties to whom we transfer your personal data provide sufficient protection of personal data.

8. Do we collect data from minors?

Our services are intended to be appropriate for general audiences. Therefore, we do not intentionally collect and/or categorize personal data from children. In the event that we learn we have collected personal data from a minor under 16 years of age within the scope of the Services explained in this Privacy Notice, we will delete that data as quickly as possible. If you believe that a minor use our Services, please contact our support team.

9. How long do we store your Personal Data?

We will not retain your personal data longer than necessary to fulfil the purposes for which the data was collected or to fulfil our legal obligations or necessary for the establishment, exercise of defence of legal claims or resolving disputes. Afterwards, we will delete or anonymize your personal data. Additional information on how long your personal data is stored by our service partners can be found in the respective third-party.

When collecting personal data only on behalf of our Customers, we will store this information in line with our Subscription Agreement with them and any instructions they provide.

10. Your Rights

To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your personal data:

• Access the personal data we hold about you, including information such as, for example, the source and categories of data, the processing purposes, the recipients (or categories thereof) and the respective retention period.
• Request an update or correction of your personal data so that it is always accurate.
• Receive your personal data in a structured, commonly used and machine-readable format, including the right to transfer your personal data to another data controller.
• Request the deletion of your personal data if you believe that retention is no longer necessary for the purposes indicated above.
• Restrict the processing of your personal data for example, if you have contested the accuracy of your Personal Data, and for a period of time that is sufficient to allow us to verify its accuracy.
• Withdraw your consent at any time if your personal data is processed with your consent. Please note that this will not affect the lawfulness of data processing based on consent granted prior to its withdrawal.
• Object to the processing on specific grounds relating to your particular situation, in the event and to the extent that we process your personal data based on our legitimate interests. In such cases we will no longer process your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:

• provide enough information to identify yourself (e.g., your full name, address, Customer and job details) and any additional identity information we may reasonably request from you, and
• let us know which right(s) you want to exercise and the information to which your request relates.

In order to determine whether the applicant is the relevant person, we may request additional information from them, and ask questions related to their application to clarify the issues mentioned in the application.

Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have. You also have the right to lodge a complaint with a competent data protection authority, for example, the Information Commissioner’s Officer (ICO) in the United Kingdom.

For a list of EEA data protection supervisory authorities and their contact details see here.

11. Changes to this Privacy Notice

We regularly review and update this Privacy Notice. When there is an important change that will have a relevant impact on the processing of your personal data, we will inform you by email if we have your email address. If we do not have your email address, for example because you did not create an account, we will inform you with a banner on our Website.

12. How to contact us

Individuals in the UK

You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this Privacy Notice or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Individuals in the EEA

We have appointed Sedef Yücer Tan to be our data protection representative within the EEA. Their contact details are as follows: e-mail: [email protected], address: Senica International Holding BV, Computerweg 22, 3542 DR Utrecht, The Netherlands
Individuals within the EEA can contact us direct (see above) or contact our European representative.