OctoSource Privacy Policy

1. Who We Are

OctoSource Ltd. is a boutique headhunting and HR-tech company registered in Cyprus, operating globally via octosource.io. We provide:

• Recruitment, sourcing, and executive search services;
• Digital products such as books, guides, and courses;
• Technological tools and browser extensions for recruiters;
• Referral programs (“Friend Brings Friend”).

This Privacy Policy applies to candidates, clients, employers, referrers, newsletter subscribers, and users of our website and tools.

2. Categories of Personal Data We Collect

2.1 Information Provided Voluntarily

Candidates:

• Name, address, contact details;
• CV/resumé, employment history, education, skills;
• Salary expectations and work preferences;
• Links to LinkedIn, GitHub, portfolios and public profiles;
• Interview notes, internal assessments, and evaluation records.

Employers / Clients:

• Business contact details (name, role, email, phone);
• Job descriptions and requirements;
• Organizational structure data relevant to recruitment;
• Feedback on candidates and hiring decisions.

Purchasers (Books, Courses, Tools):

• Billing details and invoicing information;
• Purchase history and product usage events;
• Partial payment information – full card details are not stored by us and are processed only by PCI-DSS-compliant providers (e.g., Stripe, PayPal).

Referrers – “Friend Brings Friend”:

• Details and CVs of third parties you refer to us;
• By submitting their data, you confirm that you obtained their explicit consent for us to contact and process their details.

2.2 Information Collected Automatically

• IP address, device type, browser type, operating system;
• Pages visited, time on site, clickstream data;
• Cookies, pixels, and analytics tags;
• Usage data from courses, tools, and dashboards.

2.3 Information from Public Sources (OSINT)

For recruitment and sourcing, we may collect data from:

• LinkedIn and other professional networks;
• GitHub, StackOverflow, and technical communities;
• Company websites and public staff listings;
• Public CV databases and job boards.

2.4 AI-Processed Information

We use AI tools to:

• Parse CVs and extract structured data;
• Generate candidate summaries and fit indicators;
• Suggest messaging templates;
• Support sourcing and matching decisions.

AI does not replace human judgment. Final decisions are made by human recruiters and employers.

3. Purposes of Processing

• To evaluate candidate suitability and manage recruitment processes;
• To present candidates to employers and maintain a talent pool;
• To process purchases and deliver digital products and services;
• To operate referral programs and incentives;
• To send newsletters, job alerts, and professional updates (where permitted);
• To prevent fraud, misuse, or abuse of services;
• To comply with legal, tax, and regulatory obligations.

4. Legal Bases for Processing

• Contractual necessity – e.g., when you apply for a job or purchase a product;
• Explicit consent – e.g., newsletters, “Friend Brings Friend” referrals;
• Legitimate interest – recruitment activities, sourcing, improving tools;
• Legal obligation – tax records, invoices, regulatory compliance.

5. Sharing Data with Third Parties

We do not sell personal data. We share data only where necessary:

• Employers / Hiring Companies: candidate data shared strictly for recruitment and placement purposes.
• Service Providers: cloud hosting, payment processors, CRM, email tools, LMS platforms – all under Data Processing Agreements (DPAs).
• Legal Authorities: where required by law, subpoena, or to prevent harm.
• Corporate Transactions: in case of mergers or acquisitions, as part of business assets.

6. International Data Transfers

Data may be stored and processed in Cyprus, the EU, Israel, the United States or other jurisdictions. Transfers rely on:

• GDPR Standard Contractual Clauses (SCCs);
• EU adequacy decisions (e.g., Israel);
• Contractual and technical safeguards for non-EU regions.

By using our services, you acknowledge and consent to such transfers, subject to appropriate protections.

7. Data Security

We use industry-standard measures:

• SSL/TLS encryption;
• Firewalls and access controls;
• Role-based permissions;
• Security monitoring and audits.

No system can be guaranteed fully secure. We cannot be held liable for unauthorized access that occurs despite reasonable safeguards.

8. Data Retention

• CVs and candidate records: kept for future roles unless you request deletion;
• Interview notes and assessments: retained for service and compliance records;
• Invoices and transaction data: retained for statutory periods (typically 7 years);
• Inactive data: periodically anonymized or deleted.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access your personal data;
• Rectify inaccurate or incomplete data;
• Request deletion (“Right to be Forgotten”);
• Restrict or object to certain processing activities;
• Data portability, where applicable;
• Withdraw consent (for consent-based processing).

10. Cookies & Tracking Technologies

Our website and tools use cookies and similar technologies (such as pixels and tags) to operate, secure, and improve our services. A “cookie” is a small text file stored on your device.

10.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for basic functionality (security, login sessions, forms, checkout). These are essential and cannot be disabled via our systems.
• Analytics & Performance Cookies: Help us understand how users interact with the website (e.g., pages visited, time on site) so we can improve content and usability.
• Preference Cookies: Remember your settings (such as language, accessibility preferences, or saved filters).
• Marketing & Advertising Cookies: Used, where applicable, to measure campaigns and (in some regions) for remarketing or lookalike audiences – only where allowed by local law.

10.2 Legal Basis

For strictly necessary cookies, the legal basis is our legitimate interest in operating a secure, stable service. For analytics, marketing, or other non-essential cookies, we rely on your consent where required by applicable law (for example, in the EU).

10.3 Managing Cookies

• You may adjust your browser settings to block or delete cookies.
• Where a cookie banner or preference center is available, you can manage non-essential cookies directly through that interface.

Disabling certain cookies may impact the functionality of our website, including login, checkout, or access to digital products.

11. Use of AI & Automation

AI-generated summaries, scores, or recommendations are supporting tools only. They do not constitute final hiring decisions or legal advice. We are not responsible for employer or candidate decisions taken solely on the basis of AI outputs.

12. No Guarantee of Employment or Candidate Suitability

We do not guarantee that any candidate will receive an offer, that any role will be filled, or that any candidate is suitable for a given position. We are not responsible for the conduct, decisions, or actions of employers or candidates.

13. Indemnification

Users (candidates, employers, referrers, purchasers) agree to indemnify and hold harmless the Company from any claim, damage, or expense arising from:

• Submission of inaccurate or unlawful data;
• Referring third parties without consent;
• Employer misuse of candidate data;
• Violations of applicable law by Users;
• Reliance on information provided via the website or tools.

14. Changes to This Policy

We may update this Policy periodically. Where material changes occur, we will provide a prominent notice. Continued use of our services after changes constitutes acceptance of the updated Policy.

15. Contact Information