Privacy Policy

(1) This Privacy Policy explains how DoviLearn Global Education Ltd, a company incorporated in England and Wales with company number 15697688 ("we", "us", "our", or "CVSense"), collects, uses, and protects your personal information when you use our website at cvsense.co.uk and related services.

(2) This policy applies to all users ("you" or "your") of the CVSense platform, including Job Seekers who use our CV creation, SmartMatch, Apply Assist, and Browser Extension services, and Recruiters who use our recruitment, CV screening, candidate management, and job posting services.

(3) Where this policy refers to "Users", it applies to both Job Seekers and Recruiters unless otherwise specified. Where provisions apply only to one category of user, this is clearly indicated.

Job Seeker Services:

(A) CVSense is an online platform that enables users to create personalised CVs using Artificial Intelligence (AI), including Large Language Models (LLMs) and Natural Language Processing (NLP).

(B) CVSense provides multiple services including a browser extension for creating personalised job applications, SmartMatch for tailoring CVs to specific jobs with instant feedback, Apply Assist for job application support, and the Expert Apply Assist Service through which CVSense applies for jobs on behalf of enrolled Job Seekers.

Recruiter Services:

(B1) CVSense for Recruiters enables recruitment professionals and organisations to post job vacancies, screen candidate CVs using AI-powered analysis, score and rank applicants, manage applications, shortlist candidates, and communicate with candidates through the Platform.

(B2) Recruiter services include bulk CV upload and screening projects, AI-powered candidate matching and scoring, candidate shortlisting tools, application management, screening question configuration, email communications to candidates, and a credit-based system for accessing premium recruitment features.

(C) The provision of these services requires the Data Controller to collect, process, and store personal data of users.

(D) The Data Controller may transfer or have personal data handled by partners located in high-risk countries, with appropriate data processing agreements in place.

(E) This privacy policy governs the collection, processing, storage, and transfer of personal data in accordance with the UK General Data Protection Regulation and Data Protection Act 2018.

(F) We are committed to protecting your privacy rights and ensuring transparent data processing practices.

1.1. Apply Assist means the CVSense services that assist users in applying for jobs, including self-service application tools and the Expert Apply Assist Service.

1.1A. Expert Apply Assist Service means the managed job application service through which CVSense applies for jobs and pursues career opportunities on behalf of enrolled Job Seekers, including the creation and management of email addresses used for this purpose.

1.2. Browser Extension means the CVSense browser extension software that helps users create personalised job applications online.

1.3. Data Controller means DoviLearn Global Education Ltd in its capacity as the entity determining the purposes and means of processing Personal Data.

1.4. Data Processing Agreement means any agreement entered into between the Data Controller and third parties governing the processing of Personal Data.

1.5. Data Subject means any identified or identifiable natural person whose Personal Data is processed under this agreement.

1.6. High-Risk Countries means countries that do not provide an adequate level of data protection as determined by UK data protection law.

1.7. Personal Data means any information relating to an identified or identifiable natural person as defined under UK GDPR.

1.8. Platform means the CVSense online platform and all associated websites, applications, and services.

1.9. Services means collectively the Platform, Browser Extension, SmartMatch, and Apply Assist services provided by the Data Controller.

1.10. SmartMatch means the CVSense service that tailors user CVs to specific job opportunities and provides instant feedback.

1.11. CVSense means the suite of CV creation and job application services operated by the Data Controller.

1.12. UK GDPR means the UK General Data Protection Regulation and the Data Protection Act 2018.

1.13. Recruiter means any individual or organisation that registers for and uses the CVSense for Recruiters services, including job posting, CV screening, candidate management, and related recruitment tools.

1.14. Job Seeker means any individual who uses the CVSense platform for CV creation, job applications, SmartMatch, Apply Assist, or Browser Extension services.

1.15. Organisation means a corporate entity, recruitment agency, or business registered on the Platform by a Recruiter for the purposes of managing recruitment activities.

1.16. Screening Project means a bulk CV upload and analysis project created by a Recruiter for the purpose of evaluating multiple candidate CVs against specific job criteria.

1.17. Candidate Data means any Personal Data relating to job applicants or candidates that is uploaded, submitted, or processed by Recruiters through the Platform, including CV content, application materials, and screening results.

1.18. Credits means the digital units purchased by Recruiters to access premium recruitment features on the Platform, including CV screening and AI analysis services.

2.2. For the provision of core Services including CV creation, SmartMatch, and Apply Assist, the Data Controller relies on contract as the legal basis for processing Personal Data necessary to deliver these services.

2.3. For the Browser Extension functionality, website analytics, service improvement, and security measures, the Data Controller relies on legitimate interests as the legal basis, having conducted balancing tests to ensure Data Subject rights are not overridden.

2.4. For marketing communications, non-essential cookies, and optional features, the Data Controller obtains explicit consent from Data Subjects, which may be withdrawn at any time.

2.5. Where Personal Data reveals special categories of information as defined in Article 9 of the UK GDPR, the Data Controller will obtain explicit consent or rely on other lawful grounds specified in Article 9.

2.6. The Data Controller will clearly inform Data Subjects of the specific legal basis being relied upon for each processing activity at the point of data collection.

Additional Legal Bases for Recruiter Services:

2.7. For the provision of Recruiter Services including job posting, CV screening, candidate scoring, and application management, the Data Controller relies on contract as the legal basis for processing Recruiter account data necessary to deliver these services.

2.8. For the processing of Candidate Data uploaded by Recruiters through Screening Projects, the Data Controller acts as a Data Processor on behalf of the Recruiter (who acts as a Data Controller for such data). The legal basis for this processing is the legitimate interest of the Recruiter in evaluating candidates for employment, or consent where obtained by the Recruiter from the candidate.

2.9. For the processing of application data submitted by Job Seekers through Recruiter-posted job vacancies on the Platform, the Data Controller processes such data on the basis of the Job Seeker's consent and the Recruiter's legitimate interest in evaluating candidates.

2.10. For credit-based billing, payment processing, and transaction records associated with Recruiter accounts, the Data Controller relies on contract performance and legal obligations (including accounting and tax requirements).

4.1. We process your Personal Data to provide the Services, including creating and maintaining your personalised CV through our Platform's AI-powered tools, including Large Language Models (LLMs) and Natural Language Processing (NLP).

4.2. We use your Personal Data to operate the Browser Extension, enabling you to create personalised job applications across various online platforms and career websites.

4.3. We process your Personal Data through SmartMatch to analyse and tailor your CV content to specific job opportunities and provide instant feedback on compatibility and improvements.

4.4. We use your Personal Data for Apply Assist services to support your job applications, including automated application submissions and application tracking on your behalf.

4.4A. Where you have enrolled in the Expert Apply Assist Service, we process your Personal Data to identify suitable job opportunities, prepare and tailor applications on your behalf, create and manage email addresses and third-party accounts necessary for application submissions, and communicate with prospective employers on your behalf. This processing is carried out using the CVSense platform and AI Technology, and is based on your express consent provided at the point of enrolment.

4.5. We process your Personal Data to train, improve, and enhance our Artificial Intelligence (AI) algorithms, Large Language Models (LLMs), Natural Language Processing (NLP) capabilities, and machine learning models used across all Services.

4.7. We process your Personal Data to comply with legal obligations, including data protection laws, employment regulations, and anti-money laundering requirements.

4.8. We use your Personal Data for security purposes, including detecting and preventing fraud, unauthorised access, and other harmful activities.

4.9. We process your Personal Data to analyse usage patterns and improve the functionality, performance, and user experience of our Services.

4.10. Where you have provided consent, we may use your Personal Data for marketing communications about our Services and related offerings.

4.11. We may process your Personal Data through our partners in High-Risk Countries in accordance with appropriate Data Processing Agreements to deliver certain aspects of the Services.

How We Use Recruiter Data:

4.12. We process Recruiter account data to provide and manage the CVSense for Recruiters services, including account administration, authentication, Organisation management, and team member access controls.

4.13. We process job posting data to publish and manage job vacancies on the Platform, including validating job descriptions through AI-powered quality checks to ensure compliance with employment regulations and Platform standards.

4.14. We process Candidate Data uploaded through Screening Projects to perform AI-powered CV analysis, including extracting candidate information, matching candidate qualifications against job criteria, generating match scores and suitability rankings, and producing candidate summaries.

4.15. We process application data submitted by Job Seekers to Recruiter-posted jobs to facilitate the application review process, including delivering applications, cover letters, and screening question responses to the relevant Recruiter.

4.16. We process Recruiter billing data to manage the credit-based payment system, including credit purchases, usage tracking, balance management, and transaction history.

4.17. We process shortlisting and candidate management data to enable Recruiters to track, rate, and manage candidates across jobs and Screening Projects.

4.18. We may use aggregated and anonymised Recruiter data for analytics, service improvement, and benchmarking purposes, provided such data does not identify individual Recruiters or candidates.

6.1. The Data Controller may transfer your Personal Data to countries outside the United Kingdom, including to High-Risk Countries, where such transfers are necessary for the provision of the Services.

6.5. You have the right to obtain information about the specific safeguards applied to international transfers of your Personal Data by contacting the Data Controller using the details provided in this privacy policy.

6.6. You may object to the transfer of your Personal Data to High-Risk Countries, though this may limit the Data Controller's ability to provide certain Services.

7.1. The Data Controller shall retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law.

7.2. Account Data: Personal Data associated with user accounts shall be retained for the duration of the account's active status and for a period of three (3) years following account closure or deletion.

7.3. CV and Application Data: CV content, job preferences, and application materials created through the Platform shall be retained for five (5) years from the date of last user activity on the relevant data.

7.4. Usage and Analytics Data: Technical data, including usage patterns, SmartMatch results, and Browser Extension activity logs, shall be retained for two (2) years from the date of collection.

7.5. Communication Records: Customer support communications and correspondence shall be retained for three (3) years from the date of the last communication.

7.7. Upon expiry of the applicable retention period, Personal Data shall be securely deleted or anonymised unless retention is required under clause 7.6.

7.8. Data Subjects may request early deletion of their Personal Data in accordance with their rights under the UK GDPR, subject to the Data Controller's legal obligations and legitimate interests.

Recruiter Data Retention:

7.9. Recruiter Account Data: Personal Data associated with Recruiter accounts shall be retained for the duration of the account's active status and for a period of three (3) years following account closure or deletion, subject to applicable legal and accounting obligations.

7.10. Candidate Data from Screening Projects: Candidate Data uploaded by Recruiters through Screening Projects shall be retained for two (2) years from the date of upload, after which it shall be securely deleted unless the Recruiter requests earlier deletion or longer retention is required by law.

7.11. Job Posting Data: Job vacancy data and associated application records shall be retained for three (3) years from the closing date of the vacancy.

7.12. Credit and Billing Records: Credit purchase records, transaction history, and billing data shall be retained for seven (7) years from the date of the transaction in accordance with UK accounting and tax obligations.

7.13. AI-Generated Analysis Data: Match scores, candidate summaries, and other AI-generated recruitment analytics shall be retained for the same period as the associated Candidate Data or job posting, whichever is longer.

8.1. You may request deletion of your personal data at any time by contacting us using the details provided in this privacy policy.

8.3. We will process deletion requests within 30 days of receipt, subject to our legal obligations and legitimate interests.

8.4. Some data may be retained where required by law, for the establishment of legal claims, or for legitimate business purposes as outlined in our retention policy.

8.5. Upon successful deletion, we will confirm the action via email, though some data may remain in backup systems for up to 90 days before permanent removal.

8.6. Personal Data processed by partners in High-Risk Countries shall be subject to equivalent retention periods as specified in relevant Data Processing Agreements.

8.7. Recruiter Deletion Requests: Recruiters may request deletion of their account and associated Organisation data. Upon such request, Recruiter account data will be deleted, but Candidate Data processed through Screening Projects may be retained in anonymised form for service improvement unless the Recruiter specifically requests deletion of all associated data.

8.8. Candidate Data Deletion by Recruiters: Recruiters may delete individual candidate records, entire Screening Projects, or job postings and associated application data through their dashboard. Deletion requests for Candidate Data will be processed within 30 days.

8A.1. For the purposes of Recruiter Services, the respective data protection roles are as follows:

8A.2. Recruiters warrant that they have obtained all necessary consents, permissions, and lawful bases required to upload and process Candidate Data through the Platform, and that they have provided appropriate privacy notices to the relevant Data Subjects.

8A.3. CVSense will process Candidate Data only in accordance with the Recruiter's documented instructions, subject to applicable law. Where CVSense is required by law to process data beyond the Recruiter's instructions, CVSense will inform the Recruiter of such requirement unless prohibited from doing so.

8A.4. CVSense will assist Recruiters in fulfilling their obligations to respond to Data Subject requests (including access, rectification, erasure, and portability requests) in respect of Candidate Data processed through the Platform.

9.1. You have the right to request access to your Personal Data and receive information about how the Data Controller processes it, including the purposes, categories of data, recipients, and retention periods.

9.2. You have the right to request rectification of inaccurate Personal Data and completion of incomplete Personal Data without undue delay.

9.4. You have the right to request restriction of processing where you contest the accuracy of Personal Data, processing is unlawful but you oppose erasure, the Data Controller no longer needs the data but you require it for legal claims, or you have objected to processing pending verification of overriding legitimate grounds.

9.5. You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit such data to another controller where processing is based on consent or contract and carried out by automated means.

9.6. You have the right to object to processing of Personal Data based on legitimate interests, including profiling, unless the Data Controller demonstrates compelling legitimate grounds that override your interests, rights, and freedoms.

9.7. You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you, except where such processing is necessary for contract performance, authorised by law, or based on explicit consent.

9.8. Where processing is based on consent, you have the right to withdraw such consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

9.9. To exercise any of these rights, you may contact the Data Controller using the details provided in this agreement.

9.10. You have the right to lodge a complaint with the Information Commissioner's Office if you believe your Personal Data has been processed unlawfully.

10.1. The Data Controller uses cookies and similar tracking technologies on the Platform and through the Browser Extension to enhance user experience and provide the Services effectively.

10.2. Cookies are small text files stored on your device that help the Platform remember information about your visit and preferences.

10.5. Third-party cookies may be placed by service providers and partners who assist in delivering the Services, including those located in High-Risk Countries.

10.6. You can manage cookie preferences through your browser settings, though disabling certain cookies may limit Platform functionality.

10.7. Disabling essential cookies will prevent access to core features of CVSense including CV creation and SmartMatch services.

10.8. The Data Controller will obtain your consent for non-essential cookies in accordance with UK GDPR requirements.

11.1. The Data Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing Personal Data.

11.4. All third-party service providers and partners are required to implement equivalent security measures through contractual obligations, including those in High-Risk Countries covered by Data Processing Agreements.

11.5. The Data Controller maintains incident response procedures to detect, investigate, and respond to potential data breaches in accordance with UK GDPR requirements.

11.6. Data Subjects will be notified of any data breach that is likely to result in a high risk to their rights and freedoms within 72 hours of the Data Controller becoming aware of the breach.

11.7. While the Data Controller implements robust security measures, no system can guarantee absolute security, and Data Subjects acknowledge that internet transmission of data carries inherent risks.