Privacy Notice for Applicants

This Privacy Notice for Applicants (“Privacy Notice”) describes how Pactum AI Inc. Group (“Pactum”, “we”, “us” or “our”) processes the personal data when you apply for a job with us or otherwise participate in our recruitment process. This notice applies to all applicants, including those who apply directly, through recruitment agencies, or via third-party job platforms.

1.CONTROLLER OF YOUR PERSONAL DATA

The controller of your personal data is the relevant Pactum entity responsible for managing the recruitment process related to your application.

Pactum AI Inc. 

Registry code: 7515312

Address: 800 West El Camino Real, Suite 180, Mountain View, California, 94040, USA 

E-mail: [email protected] 

 

Pactum AI OÜ

Registry code: 14809780

Address: Rotermanni 12, 10111 Tallinn, Estonia

E-mail: [email protected] 

2. PERSONAL DATA WE PROCESS

As your prospective employer, we collect and process your personal data in a variety of ways. The following provides the list of the types and sources of personal data that we may collect in the course of the application and recruitment process.

 

Category of personal data	Source of collection
Identification and contact details: name, personal identification code, home address, e-mail address, phone number, citizenship, gender, date and place of birth.	Collected when you apply for a position at Pactum or communicate with us during the recruitment process. May also be received from recruitment agencies.
Information contained in your application: level of education, educational institutions attended, previous work experience, qualifications, trainings, language skills, desired salary, relocation possibilities.	Collected when you apply for a position at Pactum. May also be received from recruitment agencies.
Recruitment process data: status of the recruitment process, communications about the recruitment process, requested and committed salary, information disclosed in recruitment interviews, voluntary personality tests, suitability tests/assignments (including home assignments), reference check information (including data on persons making the reference), rejection and reasons thereof.	Collected directly from you during the recruitment process. References may be collected from your referees, including via third-party service providers.
Reference check data: information concerning reference checks, including data on persons making the reference.	Collected from your referees with your consent, either directly or via third-party service providers. Please note that we expect you, as the applicant, to inform your referees that their personal data (such as name, contact information) may be shared with us for recruitment purposes.
Background check data (if applicable): criminal record, information concerning pending court cases.	Collected only if you apply to Pactum AI, Inc. via third-party service providers who perform background checks on our behalf.
Other personal information: any additional personal data you voluntarily provide during or after the recruitment process.	Collected directly from you.
Third-party information: personal information relevant to your application or potential employment obtained from public databases, recruitment portals, or other third parties, to the extent permitted by law.	Collected from public or third-party sources.

Sensitive data. Sensitive data (e.g., health information) is only processed as strictly necessary for legal obligations or with your explicit consent.

Note on External Recruitment Partners. If your application is submitted to Pactum through an external recruitment agency, we assume that you have provided your personal data directly to that agency for the purposes of participating in the recruitment process. In such cases, the agency shares your personal data with us as an intermediary. Please note that the agency may act as a separate data controller, and its processing of your personal data is subject to its own privacy notice. We expect that you have been informed by the agency about this data sharing, and we encourage you to review the agency’s privacy notice to understand how it processes your personal data.

3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

We process your personal data only when we have a legal basis to do so. Below is a summary of the purposes and corresponding legal bases:

Purpose of Processing	Processed Types of Information	Legal Basis	Explanation
Evaluate your application and suitability for the position of employment, including assessing interview data, home assignments, voluntary personality and suitability tests, and reference checks.	General personal data, application data, recruitment process data (interview information, test results, reference checks), background check data (if applicable).	Steps prior to entering into a contract; Legitimate interest	To select candidates best suited for the role through a fair and thorough evaluation process.
Contact you about your application and recruitment process, including scheduling interviews, requesting clarifications, and providing status updates.	Contact details, recruitment process data.	Steps prior to entering into a contract; Legitimate interest	To maintain effective communication and keep you informed throughout the recruitment process.
Establish, exercise, or defend any potential legal claims related to recruitment.	All personal information collected during the application and recruitment process.	Legitimate interest	To protect Pactum’s legal rights.
Internal analysis and management of our talent pool for potential future vacancies.	All personal information collected during the recruitment process.	Legitimate interest; Consent	To build and maintain a qualified talent pool for future recruitment needs.
Comply with legal obligations, including conducting background checks where required by law.	Background check data, Third-party information.	Compliance with a legal obligation	To satisfy legal requirements and ensure compliance with applicable laws.
Assess candidate suitability to fulfill contractual obligations with clients or partners related to hiring.	Reference check data (provided with your consent).	Consent; Legitimate interest	To ensure candidates meet the company’s standards and contractual obligations towards clients or partners regarding recruitment.
Prepare an employment contract if you are offered and accept employment.	General personal data, contact details, application data, recruitment process data.	Steps prior to entering into a contract	To finalize and formalize employment arrangements.
Contact you about any vacant future positions for which you may be suitable.	Contact details, Information contained in your application.	Consent	To inform you about potential future employment opportunities if you have agreed to be contacted.
Evaluate your suitability based on voluntary personality tests.	Voluntary personality test results.	Consent; Legitimate interest	To better understand your fit for specific roles when you voluntarily provide this information.

Reliance on Legitimate Interest. Where Pactum processes your personal data based on legitimate interest, we ensure that such processing is necessary and proportionate to achieve our business purposes without overriding your fundamental rights and freedoms. We conduct a thorough assessment to balance our interests with your privacy rights, taking appropriate safeguards to protect your data. 

Reliance on Consent. When Pactum processes your personal data based on your consent, this means you have freely given clear and informed permission for a specific purpose. We ensure that you receive detailed information about the purpose of processing, the types of data involved, and your rights before you provide your consent. 

We do not rely on automated decision-making with legal or similarly significant effects without human review.

4. RECIPIENTS OF YOUR PERSONAL DATA

4.1 General

We may disclose your personal data to recipients within the Pactum group of companies for internal administrative purposes, including the management of recruitment databases, shared IT infrastructure, and HR operations. These disclosures are based on our legitimate interest in ensuring secure and efficient internal operations across our corporate structure.

We take appropriate measures to safeguard your data and require all employees and partners who access personal data to adhere to strict confidentiality and data security standards.

4.2 Disclosures to Third Parties

Your personal data may also be shared with the following third parties:

• External recruitment partners: If your application is submitted to us through a third-party recruitment agency or platform, we may receive your personal data from them. We consider this data as having been provided to us by you. Likewise, your data may be shared with such recruitment partners if they are involved in managing or coordinating the recruitment process.
• Trusted service providers: We may engage third-party service providers (e.g., applicant tracking system providers, personality/suitability test platforms, background check agencies, IT infrastructure providers) who process personal data on our behalf and under our instructions. Such processing is safeguarded by appropriate contracts to ensure legal compliance and data security.
• Legal obligations or rights: We may disclose personal data where required or permitted by applicable laws and regulations, including to courts, law enforcement agencies, or other authorities. This may also include responding to legal claims or complying with audit requirements.
• Corporate transactions: In the event of a merger, acquisition, corporate restructuring, or transfer of assets, your personal data may be disclosed to prospective or actual buyers, subject to confidentiality obligations and applicable data protection requirements.
• Protection and compliance: Where necessary, we may disclose personal data to enforce our rights, investigate fraud, or protect the rights, safety, and property of Pactum or others.

 

4.3 CCPA Notice (if applicable):

While Pactum is not subject to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”) in most cases due to the nature of our business, we wish to clarify that we do not sell applicants’ personal data, nor do we share it for cross-context behavioral advertising purposes as defined under the CCPA and similar laws. If this ever changes, we will inform you and seek your consent where required.

5. TRANSFERS OUTSIDE THE EEA

Some of our group companies, recruitment platforms, or service providers may be located outside the European Economic Area (EEA), including in the following countries:

• United States

• Canada
• United Kingdom
• Switzerland

Pactum ensures that any such international data transfers are carried out in compliance with applicable data protection laws. These transfers are based on appropriate safeguards, such as:

• Adequacy decisions issued by the European Commission, or
• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary by additional technical, contractual, or organizational measures to ensure an essentially equivalent level of protection.

Where applicable, we also assess the legal framework of the third country to determine whether the transfer poses any additional risks to the rights and freedoms of individuals.

6. RETENTION OF YOUR PERSONAL DATA

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice or to comply with legal obligations. Where necessary, we may retain personal data for longer periods to comply with legal, regulatory, tax, or accounting obligations imposed by legislation, regulators, or other government authorities.

When determining the appropriate retention period, we consider factors such as the nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, whether our objectives can be achieved by other means, and applicable legal requirements.

Once your personal data is no longer needed for the purposes described above, we will either securely delete it or anonymize it so it can no longer be linked to you. If deletion or anonymization is not immediately possible (for example, because the data is stored in backup archives), we will securely isolate the data from any further processing until deletion or anonymization is feasible.

If you are selected and enter into an employment contract with us, your personal data will then be processed and retained in accordance with the Pactum Employee Privacy Notice. Relevant details about this processing will be made available to you at that time.

7. SECURITY MEASURES

We implement appropriate technical, physical, and organizational security measures designed to protect your personal data against unauthorized access, loss, destruction, misuse, or disclosure. These measures include, but are not limited to, access controls, encryption, secure storage, and regular security assessments.

However, please be aware that despite our best efforts and reasonable safeguards, no system or method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your personal data. You can learn more about our security measures here: https://pactum.com/security/. 

8. APPLICANT’S RIGHTS

Depending on your location and subject to the conditions set out in applicable data protection laws, you may have the following rights as a data subject:

• To request access to your personal data;
• To request rectification of your personal data;
• To request erasure of your personal data. However, please note that certain information is strictly necessary to fulfil the purposes defined in this Privacy Notice and may also be required by law. Thus, we may not erase all of your personal data;
• To request restriction of the processing of your personal data;
• To object to the processing of your personal data, where the legal basis for processing is the legitimate interest;
• To request transmission of your personal data to another controller (right to data portability), where the legal basis for processing is your consent or an agreement entered into between us, where technically feasible;

To withdraw your consent regarding processing of personal data where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before withdrawal.

If you have any concerns or interests regarding how we handle your personal data, you have the right to lodge a complaint with a relevant data protection authority or seek judicial remedy. For individuals located within the European Economic Area (EEA), this includes the competent supervisory authority in your member state. In Estonia, the competent authority is the Estonian Data Protection Inspectorate (www.aki.ee).

We encourage you to first contact us with any concerns or questions, though you have no obligation to do so. You may also exercise your data subject rights directly through our recruitment platform Teamtailor, which serves as our official applicant tracking system and is the preferred channel for managing such requests. More information is available here.

We usually respond to data requests within one month. If more time is needed, we’ll let you know and explain why.

9. UPDATES TO THIS PRIVACY NOTICE

From time to time, we may update this Privacy Notice in order to adapt it to any updates that might arise. In such a case, we will notify you via e-mail and/or through Pactum’s other communication channels that are used for communicating updates to applicable company policies or processes, e.g. the job site. This Privacy Notice was last updated as of the “Last updated” date shown above.