Loading
Loading...
Loading...
Loading...
Loading...

Privacy Policy

  • Purpose
  • Definitions
  • The Information We Collect
  • Purpose of Data Collection and Processing
  • Legal Basis for Processing
  • Our Role Regarding Your Data
  • Data Security and Confidentiality
  • Cross-Border Data Transfers
  • Data Retention
  • Data Subject Rights
  • Privacy and Transparency
  • Updates to the Privacy Policy
  • Legal Jurisdiction
  • Language Disclaimer

Purpose

Bayt.com (“Bayt”, “We”, “Us”, “Our”, “Ours”) has drafted this Privacy Policy (“Privacy Policy”, “Policy”) to help users (“Users”, “You”, “Your”, “Yours”) understand Our data security practices and policies as applicable to the use of the Talentera product.

Talentera is an Applicant Tracking and Employee Onboarding System that facilitates the management of recruitment processes including (but not limited to) job posting, candidate management and communication. The product serves as a tool for organizations to efficiently conduct their talent management activities.

Users include:

i. Employees from organizations that use the product to post and fill job roles, and process candidate applications to manage the hiring and talent management process

ii. Job seekers/candidates who apply to these roles

This Privacy Policy describes the types of information We collect, how We use the information, who We share it with, and the choices You can make about Our collection, use and disclosure of Your information. We also describe the measures We take to protect the security of Your Personal Data and how You can contact Us about Our privacy practices.

This Privacy Policy may be posted on one of the websites that We run for a customer (“Site”, “Sites”). On a customer Site, Bayt collects, shares, and uses Your Personal Data on behalf of Our customer. In all such cases, the customer acts as the Data Controller and has authority over how they collect, use and share Your Personal Data.

Subject to the foregoing, this Privacy Policy describes how Bayt generally uses data in connection with the typical customer Site.

A customer Site may also enable You to interact with third parties (“Third Party”, “Third Parties”). In this event, Your Personal Data may be collected, used and shared by the Third Party according to any terms established between the customer and the Third Party, as well as the policies of the Third Party and Your own choices and settings. The relationship with Third Parties is managed by Our customers and not Us.

This Privacy Policy incorporates by reference the Terms of Use for the Sites which apply to this Privacy Policy. When You visit the Sites or provide Us with information, You consent to the use and disclosure of the information We collect or receive as described in this Privacy Policy and agree to be bound by the Policy.

We encourage You to review this Privacy Policy periodically as We may update it from time to time to reflect changes in Our data practices.

Definitions

Data Controller means the entity that determines the purposes and means of the Processing of Personal Data.

Data Processor means the entity that Processes Personal Data on behalf of the Data Controller.

Data Subject means an individual to whom the Personal Data relates, including, but not limited to, candidates applying for jobs, employees of Bayt customers, contractors, or any other individuals whose Personal Data is Processed by the Data Processor on behalf of the Data Controller.

Personal Data means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Process means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, storage, use, disclosure, or deletion.

Site is a career portal that Bayt builds and maintains for a customer using the Talentera platform. Customers use it to manage their recruitment processes such as posting jobs and fielding candidate applications.

Sub-processor means any Third Party appointed by the Data Processor to Process Personal Data on behalf of the Data Controller.

The Information We Collect

We collect and Process various types of Personal Data submitted by job seekers, employees, interviewers, and other Users (collectively referred to as "Data Subjects") involved in the recruitment and talent management processes.

Personal Data collected on the platform may include:

Personally Identifiable Information (PII) including, names, email addresses, phone numbers, birthdays, job titles, physical addresses, photographic images, and other identifiers.

Demographic Information such as gender, country and city of stay, nationality, marital status, years of work experience, skills, industries, certifications, degrees, etc.

Anonymous Information such as pages visited and time spent on the Sites. We do this in order to understand how Users are engaging with the Sites and how We can provide a better experience to Our Users.

Preference Information such as preferred time zone or whether to show a dialog on Your next visit. We do this to personalize Your experience on the Sites.

Sensitive Information such as:

i. Bank account information collected for facilitating the Data Controller’s administration of payroll, reimbursement, financial record-keeping or other employment-related processes

ii. Salary information including current or past salary details and salary expectations

iii. Interview feedback and assessments including notes from recruiters and/or interviewers regarding a candidate's interview performance, suitability for a certain position and their performance on assessments administered during and after the recruitment process

iv. Employment contracts such as employment offers and agreements shared during or after the recruitment process

v. Documents shared by Users such as resumes, cover letters, certifications, diplomas, identification documents (passports, national IDs, etc.), or any other files uploaded by the Users

vi. Other Personal Data such as work authorizations, visa statuses, references, or any other details requested by the Data Controller

Behavioral and Usage Data that is automatically collected, such as IP addresses, browser types, usage logs, access times, activity history, and interactions with the platform.

Additional Data which Data Controllers may choose to collect by defining custom data fields using Talentera based on their specific recruitment and/or organizational needs*.

If You choose to log into the Sites using Your Bayt, LinkedIn, Google, Facebook or any other supported Third Party profile, We collect information stored in that profile to log You in. In some cases, basic information is collected from Your profile (e.g. Your name, date of birth, etc.) to pre-populate Your candidate profile.

The login options can be configured based on the requirements of the Data Controller, and they are responsible for ensuring that all Personal Data collected and pre-populate candidate profiles complies with applicable laws and regulations.

Job postings and candidate resumes created on customer Sites may be shared with Bayt.com’s job and CV databases respectively. This data sharing enables increased visibility for job postings and candidates. Users should review the Site owner’s (i.e. Our customer’s) privacy policy for specific details on data sharing.

*Disclaimer: While Bayt provides Our customers with the flexibility to define custom data fields, it is the sole responsibility of the customers to ensure that the data they choose to collect complies with applicable laws, including data protection and privacy regulations. We advise customers to avoid soliciting excessive, unnecessary, or irrelevant Personal Data from Data Subjects. As such, Bayt is not responsible for the Personal Data the Data Controller chooses to collect from Data Subjects using custom fields.

Purpose of Data Collection and Processing

All data collected by Bayt is Processed on behalf of the Data Controllers, who determine the purpose and means of data Processing.

Below are the specific purposes for which Personal Data may be collected and Processed:

1. Job Applications and Recruitment

To facilitate candidate applications, interviews, assessments, and other recruitment-related processes

To maintain a record of the jobs Our customers post, candidate profiles they collect and review, and the candidates they contact

To enable interactions between employers and candidates as part of the recruitment process

2. Employee Management and Talent Development

To support employee onboarding, performance evaluations, internal mobility processes, and other talent management activities

3. Account Management and Notifications

To create, manage, and maintain Your account on the Talentera platform

To notify You about platform activities, such as new job applications or updates, based on Your notification preferences

4. Platform Maintenance and Improvement

To ensure the Talentera platform operates efficiently, securely, and in compliance with regulatory requirements

To operate, evaluate, and improve Our business and the products and services We offer

5. Reporting and Analytics

To provide reporting and analytics features that help Our customers manage recruitment and employee management processes effectively

To analyze trends, statistics, and User behavior on the Talentera platform, such as the jobs viewed or applied for, in order to enhance services

6. Customer Support and Communication

To provide administrative notices or communications applicable to Your use of the platform

7. Compliance and Legal Requirements

To comply with applicable laws, regulations, industry standards, regulatory requirements and policies

To enforce Our platform’s Terms of Use and handle any legal or contractual obligations

Legal Basis for Processing

In accordance with Articles 5-7 of the General Data Protection Regulation (GDPR) (EU) 2016/679, Article 5 of the KSA Personal Data Protection Law (PDPL) M/19, and Article 4 of the Federal Decree Law No. 45 of 2021, UAE, We have identified Our legal bases for Processing Your data as based on Contractual Obligation, Consent, Legitimate Interest or Legal Obligation.

Contractual Obligation

We Process Your Personal Data to fulfill Our responsibilities under the contractual obligation We have to Our customers. This includes the Processing of candidate profiles, employee profiles, job posts, assessments, questionnaires, among other data.

Your Consent

With Your consent, We use Your Personal Data as detailed in this Privacy Policy. This Consent is explicitly requested and obtained at the time You create an account on the Site(s). You have the right to withdraw this consent at any time without providing a reason.

Legitimate Interest

We Process Personal Data under the basis of Legitimate Interest to ensure the security, functionality, and continuous improvement of the Talentera platform. This includes safeguarding system integrity, analyzing data for operational insights, and preventing unauthorized access or misuse.

Such Processing is conducted within the scope of our role as a Data Processor, adhering to applicable data protection laws and respecting the rights and interests of Data Subjects.

Legal Obligation

We may Process Your Personal Data to comply with legal obligations, such as responding to authority requests during investigations. We are required to Process and retain data to fulfill these legal obligations.

Our Role Regarding Your Data

Bayt acts a Data Processor (as defined in Article 4 of the General Data Protection Regulation (GDPR) (EU) 2016/679, Article 1 of the KSA Personal Data Protection Law (PDPL) M/19, and Federal Decree Law No. 45 of 2021, UAE) when We store, manage, and serve Your data on Your behalf to Our customers. This is done in accordance with Our contractual obligations to Our customers and based on Your consent.

Our customers are Data Controllers and are solely responsible for determining the purposes and means of Processing Personal Data.

We Process Your personal information on behalf of the customer (the Data Controller) You register with. The data We collect and Process pertains to the purposes defined by the customer, which entrusts Us with handling Your information.

To support delivery of the Talentera platform and its associated services (such as cloud infrastructure, analytics, communications, and feedback tools), We engage select Sub-processors. These Sub-processors Process Personal Data solely under Our instruction and are contractually bound to implement strict technical and organizational safeguards consistent with the personal data protection laws and other applicable regulations of the regions We and Our customers operate in.

Each Sub-processor is subject to a written agreement that requires them to:

Process Personal Data only for the specific purpose for which they were engaged

Operate under strict confidentiality and security obligations

Assist Data Controllers in responding to Data Subject rights requests

Notify Us in the event of any data breach or incident involving Personal Data

Where international data transfers occur, We ensure that such transfers comply with relevant regulations under the personal data protection laws of the regions We and Our customers operate in, including implementation of appropriate safeguards, such as contractual commitments and assessments of the recipient country’s data protection standards.

A current list of Sub-processors engaged by Us is maintained and published at https://www.talentera.com/subprocessors/. This list includes the categories of services provided and the country of operation for each Sub-processor.

If You have concerns about the way Your Personal Data is processed by any of these Sub-processors, You may choose to exercise Your rights using the Data Subject Access Requests (DSAR) form on Our website. If, for any reason, You are not able to exercise Your rights through the DSAR form, You may alternatively choose to email Us at info@talentera.com with the header “Data Subject Access Request” and include the email address related to the Personal Data for which you would like to exercise your rights.

Bayt is not responsible for the actions, omissions, or misuse of Your Personal Data by the Data Controller (Our customers) or any third parties they interact with. Any disputes regarding the handling of Your Personal Data by the Data Controller should be directed to them and not Us.

Data Security and Confidentiality

Bayt implements robust security measures for its Talentera platform, including, but not limited to:

Encryption: Personal Data is encrypted in transit and at rest.

Access Control: Access to Personal Data is restricted to authorized personnel based on role-based permissions.

Security Audits: Regular internal and external audits are conducted to ensure compliance with security and privacy best practices.

While Bayt employs robust security measures, no electronic transmission or storage system is completely secure. Users are encouraged to safeguard their account credentials and log out after use. Bayt is not liable for unauthorized access due to User negligence.

In the event of a data breach, Bayt will notify the Data Controller promptly and assist in taking necessary steps to mitigate the breach.

Cross-Border Data Transfers

Where data is transferred outside of the applicable area of jurisdiction (i.e. the country where the Data Controller is registered), Talentera ensures appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) where applicable.

Data Retention

Bayt processes and retains Personal Data for as long as directed by our customers (Data Controllers) or as required by applicable data protection laws. The Data Controller is responsible for defining the retention period and managing data deletion in accordance with the purpose of collection and legal requirements

Where retention is no longer necessary for the original purpose, Bayt will support the Controller in ensuring that such data is securely destroyed, unless retention is required:

By applicable law, or

Due to an ongoing legal or regulatory obligation, including matters under judicial review.

Data Subject Rights

Bayt assists Data Controllers in responding to Data Subject access rights requests, including:

Access: Data Subjects can request a copy of their Personal Data

Correction: Data Subjects can request corrections to their personal information

Deletion: Data Subjects can request the deletion of their data when it is no longer necessary for the purposes for which it was collected

Objection: Data Subjects may object to the processing of their Personal Data

Withdrawal of Consent: Where processing is based on consent, Data Subjects may withdraw their consent at any time

Privacy and Transparency

At Bayt, We are committed to maintaining the highest standards of confidentiality, privacy, and transparency in the handling of Personal Data. We recognize the importance of protecting the rights of individuals and ensuring the responsible use of data entrusted to us by our customers and users. Our privacy practices are designed to comply with applicable data protection laws and to reflect our dedication to secure, ethical, and transparent data processing.

Updates to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in Our data practices, regulatory requirements, or other operational needs.

When significant updates are made, We will post the revised Privacy Policy on the applicable Sites and, where required by law, notify You by additional means such as email or on-screen notifications. The revised Privacy Policy will include the date of the most recent update.

We encourage You to review this Privacy Policy periodically to remain informed about how We are protecting Your Personal Data.

Legal Jurisdiction

This Privacy Policy and any dispute or claim arising out of or in connection with it shall be governed by, and construed in accordance with, the laws of the United Arab Emirates for Data Controllers registered in the United Arab Emirates, and the laws of the Kingdom of Saudi Arabia for Data Controllers registered in the Kingdom of Saudi Arabia.

All such disputes or claims shall fall under the exclusive jurisdiction of the competent courts of the respective country.

Language Disclaimer

For Data Controllers registered in the Kingdom of Saudi Arabia, this Privacy Policy may be made available in both English and Arabic.

In the event of any discrepancy or conflict between the two versions, the Arabic version shall prevail and be considered the legally binding version in accordance with the requirements of the Saudi Personal Data Protection Law (PDPL).