Home
NextSaaS
Get Hired Faster
Home - GDPR

General Data Protection Regulation

TheCV is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Statement explains how we meet our obligations as a data controller and processor, and how we protect the rights of our users.

We collect and process personal data transparently, lawfully, and fairly, ensuring that all processing activities are based on valid legal grounds and consistent with the principles of data minimization, accuracy, integrity, and confidentiality.

1. Legal Basis for Processing

All processing of personal data by TheCV is grounded in one or more legal bases under Article 6 of the GDPR, including: (a) performance of a contract (providing the Services), (b) legitimate interests (service improvement, fraud prevention), (c) compliance with legal obligations, and (d) consent where required (e.g., marketing or cookies).

2. Data Subject Rights

In accordance with GDPR, users have the right to access, rectify, erase, restrict, and object to processing of their personal data, as well as the right to data portability. Where processing is based on consent, users may withdraw consent at any time without affecting the lawfulness of prior processing.

Users may also lodge a complaint with their local supervisory authority. In Poland, the competent authority is the President of the Personal Data Protection Office (UODO).

3. Data Protection Principles

TheCV processes personal data in accordance with the principles of GDPR, including: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

4. Data Protection Officer

BrainCode Sp. z o.o., the operator of TheCV, has appointed a Data Protection Officer (DPO) responsible for monitoring GDPR compliance. You may contact our DPO at legal@braincode.xyz for any questions regarding data protection or the exercise of your rights.

5. Data Transfers

Where personal data is transferred outside the EU/EEA, TheCV ensures compliance with GDPR Chapter V by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms.

6. Data Protection Impact Assessments (DPIAs)

For high-risk processing activities, TheCV conducts Data Protection Impact Assessments (DPIAs) in accordance with GDPR Article 35 to evaluate and mitigate potential risks to the rights and freedoms of data subjects.

7. Security of Processing

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, secure hosting, access controls, monitoring, and incident response procedures.

8. Accountability and Documentation

TheCV maintains internal records of all processing activities, as required under GDPR Article 30. We review and update our compliance framework regularly to ensure ongoing alignment with GDPR and evolving best practices.

9. Updates to GDPR Compliance Statement

TheCV may update this GDPR Compliance Statement from time to time to reflect changes in legal requirements or our data processing practices. Users will be notified of material updates via the site or email.

Craft the perfect CV that matches each role effortlessly.

{% trans "Stop sending resumes that get no response and worrying before interviews — start standing out and feeling prepared." %}

Get started 🚀

  • Get Hired Faster

  • Improve your salary talks by 10%+