Privacy Policy
Last updated: 02-02-2026
We respect your privacy and are committed to protecting your personal information. This privacy policy ("Policy") applies to your use of www.brightermonday.co.rw (referred to as the "Site" or "Sites" depending on the context). This Policy sets out how we collect, process, store, guard, share and use any personal data that we may collect from you when you use or otherwise interact with the Platform or the services offered through our Sites. The Policy and our treatment of your personal data comply with the Rwanda Data Protection and Privacy Law of 2021 (as otherwise amended or varied from time to time).
As a recruitment platform, we use your data to facilitate employment connections. For Candidates, this involves professional profiling and matching within our Talent Pool. For Recruiting Organizations, we use data for business verification and service delivery. All processing is governed by the principles of lawfulness, purpose limitation, and data minimisation as required by the National Cyber Security Authority (NCSA).
Please review this Policy carefully to understand our practices.
This Site is not intended for children (i.e. under 18 years) and we do not knowingly collect data relating to children.
Terms
For ease of reference, the terms below as used in the Policy have the following meaning:
Account means the account you create when registering as a user on the Site to enable you to access some of the Services.
Group means any other business of Ringier One Africa Media Ltd operating in Rwanda or within the Ringier companies worldwide.
Personal data means information relating to you and which can identify you as an individual (whether on its own or taken with other information). It does not include aggregated or anonymised data, which is information that can no longer identify you.
Site means, together or individually as applicable, the BrighterMonday Rwanda website.
Services means such services made available, accessed, published or otherwise offered through the Site.
Data Controller
BrighterMonday Rwanda Ltd is the data controller and responsible for your personal data (referred to as "we", "us" or "our" in this Policy). If you have any questions about this Policy please send an email to privacy@brightermonday.co.rw.
Ringier One Africa Media Ltd is made up of different legal entities, details of which can be found here. This Policy is issued on behalf of Ringier One Africa Media Group ("Group") so when we mention "www.brightermonday.co.rw", "we", "us" or "our" in this Policy, we are referring to the relevant company in the Group responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us. BrighterMonday Rwanda Limited is the controller and responsible for this Site.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out above.
Data Collected
Depending on the Services you are obtaining or accessing, we may collect, store, use and transfer the following different types of information:
Identity Information: such as your first name, maiden name, last name, username or similar identifier, marital status, title, nationality, date of birth, or gender.
Contact Information: such as your billing address, delivery address, email address and telephone numbers, the name of your business, and/or physical location.
Professional & Employment Information: As a recruitment platform, we collect information contained in your Curriculum Vitae (CV), including your employment history, education qualifications, professional certifications, skills, and references.
Financial Information: such as bank account, payment card details, and/or monthly income. Details about monthly income are collected for users of www.brightermonday.co.rw only.
Verification Information: such as your government-issued national identification or passport, Rwanda Revenue Authority (RRA) TIN certificate, business permits, company incorporation certificates, and/or location.
Account Information: relating to the use of the Site including profile data such as your username, password, orders, interests, preferences, search history, survey responses, and/or feedback.
Technical & Automatic Information: information about your device including internet protocol (IP) address, login data, time zone setting, browser type and version, location, browser plug-in types and versions, operating system and platform, and/or other technology on the devices you use to access the Site. Note that this information is used to screen for potential risks and fraud, to improve and optimise the Site, and to carry out upgrades and data analysis.
Marketing and Communications Data: such as your preferences in receiving marketing from us and our third parties and your communication preferences.
Consent and Authorization Data: We collect records of the consents, permissions, and authorisations you provide to us. This includes the date and time of consent, the specific purpose for which consent was given (e.g., marketing, talent pool visibility, or background checks), and the method of consent (e.g., clicking a checkbox or signing a digital form).
Sensitive Personal Data: In accordance with the Rwanda Data Protection and Privacy Law, we may collect "Sensitive Personal Data" where necessary for specific services. This includes:
Gender.
Criminal Records: Where required by employers for specific job applications (subject to your explicit consent).
Health Information: Only if voluntarily provided by you (e.g., regarding disability status for workplace accommodations).
Aggregated and Statistical Data: We may collect and use statistical or demographic information for any purpose. This data is anonymous and it is not personal information as this data will not directly or indirectly reveal your identity. However, if we combine or connect statistical/demographic information with your personal data, we treat the resulting information as personal data and it will be used in accordance with this privacy policy.
Provision of Data: Requirements and Limitations
Where we need to collect personal data by law, or under the terms of a contract we have with you (such as our Terms of Use), and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
For Candidates (Talent Pool): Failure to provide mandatory identity, professional, or verification data will prevent you from creating a searchable profile, applying for jobs, or being matched with potential employers.
For Recruiting Organizations (Employers): Failure to provide business verification data (such as RRA TIN or Incorporation certificates) will result in the inability to post jobs, access the talent pool, or utilise recruitment tools.
Action Taken: In these cases, we may have to cancel or limit your access to a product or service you have with us, but we will notify you if this is the case at the time.
How Data Is Collected
We use different methods to collect data from and about you including through:
Direct Interactions: You provide us with your Identity, Contact, Professional, and Financial data by filling in forms on our Site, creating an account, uploading a CV, or by corresponding with us by post, phone, email, or other communication channels.
Automated Technologies or Interactions: As you interact with our Site, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, web beacons, and other similar technologies.
Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources as permitted by Rwandan law, including:
Recruiting Organizations: Feedback or status updates regarding your application or employment process.
Verification Services: Identity and background check providers to ensure the integrity of the Talent Pool.
Social media/Professional Networks: If you choose to link your BMR account with third-party platforms (e.g., LinkedIn or Google).
Technical Service Providers: Analytics providers (such as Google Analytics and Facebook Analytics) and hosting providers (such as Amazon Web Services).
Accuracy of the Data
It is important that the personal data we hold is accurate and current to enable us to deliver the Services. As such, please keep us informed if your personal data or any other information changes in the course of your use of the Site.
You guarantee and declare that you are the owner of the information you submit on the Site or share with us, or that you have the necessary rights to do so. You also guarantee and declare that it is exact, true and verified, and the use of the information is not contrary to this Policy or applicable laws and will not damage a third party's reputation. You accept full and complete liability for any information that is contrary to this Policy or any applicable laws.
How We Use Your Personal Data & Your Consent
We will only use your personal data when the law allows us to. Under Rwandan regulation, we process your information based on several lawful grounds, including the performance of a contract, legal obligation, and your explicit consent.
Service Delivery & Contractual Use
The primary reason we process your data is to deliver the recruitment services you have requested.
For Candidates (Talent Pool): We use your Identity, Contact, and Professional information to create your profile, include you in our searchable Talent Pool, and match your skills with potential employers.
For Recruiting Organizations: We use your Verification and Financial data to validate your business, process service payments, and enable you to identify and contact suitable talent.
For Both: We use Technical and Account data to maintain site security, prevent fraud, and optimise your user experience.
Our Use of Consent
While we often process data to fulfil our contract with you, certain activities require your explicit consent:
Talent Pool Visibility: By opting into the Talent Pool, you provide express consent for your professional data to be shared with registered Recruiting Organizations.
Third-Party Marketing: We will obtain your consent before sharing your personal data with any third party for their own direct marketing purposes (via email or SMS).
Cross-Border Transfers: By accepting this policy, you provide express consent for your personal and sensitive data to be transferred outside of Rwanda (to Group entities in South Africa or global service providers like AWS) for the purposes of storage and service delivery.
Your Right to Withdraw Consent
Consent is not permanent. In accordance with your legal rights in Rwanda, you may withdraw your consent at any time:
Marketing: You can opt out of marketing communications by following the "unsubscribe" links in any message we send or by contacting us directly.
Data Erasure: You may request the "Right to be Forgotten" by emailing privacy@brightermonday.co.rw to have your profile and associated data deleted from our systems.
Key Compliance Note: While we strive to honour all withdrawal requests, we may be unable to delete certain data where we have a separate legal or regulatory obligation to retain it (such as for contract, tax or accounting purposes). If this is the case, we will notify you at the time of your request.
Web Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Such use includes the "Google Analytics 4" mode of operation. This makes it possible, if a user is logged into a Google service, to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse the user's activities across such devices.
Google Analytics uses cookies. The non-personal information generated by such cookies about your use of our website is usually transferred to a Google server in the USA and stored there. However, the corresponding IP addresses are anonymised beforehand using IP anonymisation. The anonymised IP address transmitted by your browser under Google Analytics will not be merged with other Google data. Google will use this information on our behalf for the purposes of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet use.
If you wish to prevent the collection of data regarding your activity on our website by Google Analytics, you can use the Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout/. You can also prevent the storage of cookies by adjusting your browser software accordingly.
Cookie Policy
At BrighterMonday Rwanda, we believe in being clear and open about how we collect and use data related to you. This Cookie Policy applies to any BrighterMonday Rwanda product or service that links to this policy or incorporates it by reference.
This Cookie Policy explains how we use cookies and the choices you have.
By using our website (by clicking, navigating, or scrolling), you are consenting to our use of cookies in accordance with this Policy. If you do not agree to our use of cookies, you can prevent the installation of cookies through the settings of your browser or not use our website at all. However, if you disable the use of cookies, this might cause some parts of this website not to function properly for you and it may impact your user experience on this site.
What are Cookies?
Cookies are messages or small files that are placed on your web browser when you visit an internet site. Cookies are useful and do a lot of different things, including allowing a website to recognise a user's device, improving the online experience, etc.
How and Why do we Use Cookies?
We use cookies when you access our websites and our online products and services to make the site work better and to help us understand how you use our site.
Cookies enable us to offer tailored products and to understand the information we receive about you, including information about your use of other websites and apps, whether or not you have an account with us.
Cookies help us provide, protect and improve our products and services, by personalising, tailoring, and measuring the services and products we provide for a satisfactory and safe experience. We also use them to help authentication of users, assess the performance and functionality of our online products and services, and do analytical research.
We use two types of cookies: persistent cookies and session cookies. A persistent cookie lasts beyond the current session and is used for many purposes, such as recognising you as an existing user, so it's easier to return to BrighterMonday Rwanda and interact with our Services without signing in again. Since a persistent cookie stays in your browser, it will be read by BrighterMonday Rwanda when you return to one of our sites or visit a third-party site that uses our Services. Session cookies last only as long as the session (usually the current visit to a website or a browser session).
Data Security and Integrity
The security of your personal data is a priority for us. In accordance with the Rwanda Data Protection and Privacy Law, we have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.
Our Security Measures
We employ industry-standard safeguards, including:
Encryption: Use of secure protocols (SSL/TLS) for data in transit and encryption for sensitive data at rest.
Access Controls: Restricting access to personal data to authorised employees, agents, and contractors who have a business "need-to-know" and are subject to strict confidentiality obligations.
System Monitoring: Regular security audits and vulnerability assessments to identify and mitigate potential risks.
Your Responsibility
If you are a registered user, you play a vital role in keeping your data safe:
Credential Safety: You are entirely responsible for maintaining the confidentiality of your password and login name.
Account Activity: You are responsible for all activities that occur under your account.
Reporting: You must immediately notify us at privacy@brightermonday.co.rw of any unauthorised use of your login name or any other breach of security known to you.
Data Breach Notification
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach:
Regulatory Notification: We will notify the National Cyber Security Authority (NCSA) within 48 hours of becoming aware of the breach, as mandated by Law Nº 058/2021.
Subject Notification: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly (via email or account notice) without undue delay to allow you to take protective measures.
Limitation of Liability
To the extent permitted by Rwandan law, we disclaim liability for any security breaches that occur despite our implementation of appropriate technical and organisational measures. However, this does not waive our statutory obligations to protect your data and notify you of incidents as required by NCSA.
Disclosure and Transfer of Personal Data
Except as specified in this Policy, we will not disclose your personal data to third parties without your consent. We share your data with selected recipients who act as either Joint Controllers (e.g., Employers) or Data Processors (service providers acting on our instructions).
Categories of Recipients
Internal Third Parties: Companies within the Group acting as joint controllers or processors, primarily based in Rwanda and South Africa, who provide IT and system administration services and leadership reporting.
Recruiting Organizations (Employer End-Users): When you join the Talent Pool or apply for a vacancy, your professional data is disclosed to registered employers. These employers act as independent controllers once they receive your data.
External Service Providers (Processors): Specialised providers that help us deliver our services, including Cloud Infrastructure (Amazon Web Services), Communications & Marketing (Sailthru and HubSpot), and Analytics (Facebook Analytics and Google Analytics).
Regulators and Authorities: Including the Rwanda Revenue Authority (RRA) and law enforcement agencies where we are legally required to disclose information.
| Category of Third Party | Entities Identified | Purpose of Data Sharing |
|---|---|---|
| Government & Regulatory | Rwanda Revenue Authority (RRA), RSSB, Auditors, NCSC | Statutory tax/pension filing, financial auditing, and security compliance. |
| Cloud & Infrastructure | Amazon Web Services (AWS), OneSignal, Sailthru | Data hosting, storage, system logging, and automated communications. |
| Marketing & Analytics | Google, Facebook, Zoho | User analytics, lead generation, and internal recruitment management. |
| Financial Institutions | Local Banks | Processing employee payroll and supplier payments. |
| Cybersecurity & IT | Platform Engineering Teams, Security Researchers | Incident management, system monitoring, and vulnerability testing. |
| Recruitment Clients | Employer Clients | Connecting job seekers in the talent pool to specific job vacancies. |
Data Processor Requirements
In accordance with Article 37 of the Rwanda Data Protection Law, we ensure that all third-party processors:
Enter into a written Data Processing Agreement (Terms and Conditions) with us.
Implement technical and organisational measures to protect your data.
Process data only based on our documented instructions and not for their own independent purposes.
International Data Transfers (Outside Rwanda)
Your personal data may be stored and processed in countries outside of Rwanda (specifically South Africa for Group operations and Ireland for AWS cloud services). Under Articles 48 and 50 of the Rwanda Data Protection Law:
Adequacy & Safeguards: We only transfer data to jurisdictions that ensure an adequate level of protection or where we have put in place appropriate safeguards (such as Standard Contractual Clauses approved by the NCSA).
Express Consent: By using our Services and accepting this Policy, you provide express consent to the transfer of your personal and sensitive data outside of Rwanda for the purposes of storage and service delivery.
Authorization: Where required, we maintain valid authorisation from the National Cyber Security Authority (NCSA) for the transfer of data across borders.
| Destination Country | Associated Processing Activity | Lawful Basis for Transfer |
|---|---|---|
| South Africa | Employee Payroll, Finance Ops (Payables/Receivables) | Legal Obligation / Contractual necessity for group operations. |
| Ireland | Talent Acquisition (AWS Hosting), Website & Campaign Management | Contractual Obligation / Consent (Note: Requires NCSA Transfer Auth). |
| USA | Internal Recruitment (Zoho), Analytics (Google/Facebook), System Logging | Consent / Legitimate Interest / Legal Obligation. |
| Switzerland | Vulnerability Management (Bug Bounty platform) | Legitimate Interest for security testing. |
| Global | Cybersecurity Incident Management, Marketing Events | Legitimate Interest / Legal / Consent. |
Data Retention and Disposal
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
Determination of Retention Periods
To determine the appropriate retention period for personal data, we consider:
The amount, nature, and sensitivity of the personal data.
The potential risk of harm from unauthorised use or disclosure.
The purposes for which we process your personal data and whether we can achieve those purposes through other means.
Applicable legal requirements (such as Rwanda's tax and employment laws).
Retention Schedule
In accordance with our internal Record of Processing Activities, we apply the following specific retention periods:
| Processing Activity | Retention Period | Justification / Lawful Basis |
|---|---|---|
| Talent Acquisition (Client Pool) | 3 Years from last activity | Contractual obligation; ensuring profiles remain relevant for recruitment. |
| Talent Pool Notifications | 90 Days | Automated deletion of temporary notification data. |
| Internal Recruitment (Hiring) | 6 Months (for non-hires) | To allow for feedback and future vacancy considerations. |
| Employee Records (Payroll/Tax) | 10 Years | Statutory requirement under Rwanda tax and financial laws. |
| Cybersecurity Incident Management | Duration of investigation + Statutory limit | Necessary for the establishment or defence of legal claims. |
| Internal Finance (Payables/Receivables) | 10 Years | Compliance with RRA and financial auditing standards. |
Exceptions for Longer Retention
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to your relationship with us. In such cases, data will be archived securely and restricted from general processing until the legal matter is resolved.
Data Disposal
Once the retention period expires, we will securely delete, destroy, or anonymise your personal data so that it can no longer be associated with you. If data is anonymised, we may use this information indefinitely for statistical or research purposes without further notice to you.
Use of Artificial Intelligence (AI) and Automated Processing
The Company utilises Artificial Intelligence and Machine Learning to optimise the recruitment ecosystem for job seekers and employers. This section details our commitment to transparency, fairness, and data security in our AI operations.
How AI Supports Your Experience
We use AI tools (including Large Language Models and predictive algorithms) to perform the following core functions:
CV Parsing & Profile Structuring: Automatically extracting information from uploaded documents to build digital profiles.
Intelligent Matching & Scoring: Analysing job seeker skills against employer requirements to rank "fit".
Content Generation: Assisting employers in drafting job descriptions and assisting job seekers with career recommendations.
Inferred Insights: Predicting professional skills or seniority levels based on platform activity to improve recommendation accuracy.
AI Infrastructure & Data Security
To provide these features, we utilise a secure, ring-fenced infrastructure managed by Palantir Technologies.
The "Ring-Fence" Protocol: Your data is processed in a dedicated environment isolated from other Palantir clients and the public internet.
Third-Party Models: While we may utilise models from providers such as OpenAI, Anthropic, Meta, or Google, your personal data is never used by these providers to train their public models. Contractual safeguards ensure these providers act strictly as data sub-processors.
Data Sovereignty: All processing is conducted in compliance with applicable local laws regarding cross-border data transfers (including the Rwanda Data Protection Act, NDPA, and the Data Protection Acts of Kenya, Ghana, and Uganda).
Fairness, Bias, and Human Oversight
We are committed to the ethical use of AI, anchored by the principle that technology supports, but does not replace, human judgment.
No Autonomous Decision-Making: All decisions on our platform involve a human in the middle. Our AI does not make final "Hire" or "Reject" decisions; it serves exclusively as a recommendation engine to assist human users.
Human-in-the-Loop: All significant actions, such as shortlisting, interviewing, or contacting a candidate, are performed directly by human recruiters or employers.
Human-Led Verification: AI-generated matches and insights are presented as suggestions. Human users are responsible for verifying the accuracy of these outputs before taking action.
Bias Mitigation: We periodically audit our algorithms to identify and reduce potential biases related to protected characteristics to ensure fair outcomes for all users.
Legal Basis and User Rights
Contractual Necessity: The use of AI for matching and CV parsing is a core functional component of the services we provide. Without these automated processes, the platform cannot effectively connect job seekers with employers at scale.
Right to Review: Users have the right to contest any automated output that significantly affects them. You may contact our Data Protection Officer (DPO) to request a human review of AI-generated insights.
Account Deletion: Because our infrastructure is integrated with AI processing, users who object to all forms of AI-supported processing must request account deletion. Upon deletion, all personal data is purged in accordance with our Retention Policy.
Marketing and Advertising
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. In accordance with the Rwanda Data Protection Law, we ensure that our marketing practices are transparent and based on a valid, lawful basis.
Internal Marketing Communications: You will receive marketing communications from us if you have requested information from us, created a profile in our Talent Pool, or purchased services from us, provided you have not opted out of receiving such communications. We use your Identity, contact, and technical data to form a view on what we think you may want or need, or what may be of interest to you.
Third-Party Marketing: We will obtain your explicit opt-in consent before we share your personal data with any third party for their own marketing purposes. This applies to our partnerships with external organisations that may wish to offer you products or services outside of BrighterMonday's core recruitment offerings.
Marketing Events and Lead Generation: As recorded in our Record of Processing Activities (ROPA), we may collect your data (such as name, email, and job title) during physical or virtual Marketing Events (Webinars & Physical Events).
Consent at Events: We use physical entry signage or encrypted digital forms to obtain your consent for media coverage (photos/video) and follow-up communications.
Retention: Data collected for event-related lead generation is generally retained for three (3) years from the date of the event, unless you revoke your consent sooner.
Opting Out
You can ask third parties or us to stop sending you marketing messages at any time through the following methods:
Opt-out Links: Clicking the "unsubscribe" or "opt-out" links found at the bottom of any marketing email or SMS sent to you.
Direct Contact: Contacting our Data Protection Officer at privacy@brightermonday.co.rw.
Talent Pool Settings: Adjusting your communication preferences within your account dashboard.
Transactional Communications
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, service experience (such as job application confirmations), or other essential transactions. We will continue to send you non-marketing communications that are necessary for the performance of our contract with you.
Data Subject Rights
In accordance with Law Nº 058/2021 relating to the Protection of Personal Data and Privacy, you have specific rights regarding your personal information. BrighterMonday Rwanda is committed to facilitating these rights for both Candidates and Recruiting Organizations.
Summary of Your Rights
Right to be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights.
Right of Access: You can request a copy of the personal data we hold about you and check that we are lawfully processing it.
Right to Rectification: You have the right to have incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.
Right to Erasure (Right to be Forgotten): You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. Should you wish to completely delete your profile, send an email to privacy@brightermonday.co.rw with a clear Subject line, from the email that belongs to the profile which you wish to be deleted and at least a reason why you would want your profile deleted. Please refer to the article on How to delete your BrighterMonday account.
Right to Object: You may object to the processing of your data where we are relying on a legitimate interest or using your data for direct marketing (including profiling).
Right to Restriction of Processing: You can ask us to suspend the processing of your personal data in specific scenarios (e.g., if you want us to establish its accuracy).
Right to Data Portability: You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
Right not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
Right to Designate an Heir: You have the legal right to designate a person (heir) to manage or access your personal data in the event of your death.
How to Exercise Your Rights
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer (DPO) at privacy@brightermonday.co.rw.
No Fee Usually Required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
Response Timeline: In accordance with Rwandan law, we aim to respond to all legitimate requests within thirty (30) days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Right to Appeal: If you are not satisfied with our response, you have the right to lodge a complaint or appeal with the National Cyber Security Authority (NCSA).
Changes to the Privacy Policy
We regularly review and update this Policy to reflect changes in our internal data processing practices, for operational or legal reasons, and to remain in full compliance with the Rwanda Data Protection and Privacy Law.
Notification of Revisions: Any revisions to this Policy will be uploaded to our Site, and such upload will be deemed sufficient communication to you. For material changes that significantly alter how we process your personal data—such as a change in Transfer Destinations like Ireland or the USA, or new Categories of Recipients—we will take additional steps to notify you.
Registered Users: Where you are a registered user, we will notify you of any significant revision through a prominent notice on your account or via the email address associated with your profile.
Consent Tracking: In accordance with the gaps identified in our compliance audits, we are implementing measures to track the specific version of the Privacy Policy you have consented to. This ensures that your consent is granular and tied to the specific processing operations active at that time.
Review Schedule: This policy is subject to a regular review cycle, with major updates reviewed and approved by our Data Protection Officer (DPO) and documented in our internal Version and Update History.
