GDPR Compliance Policy
Important Notice: Our services primarily target users in the United States, with data storage and processing mainly occurring within the US. While we may allow users from other regions to access our services, we do not actively target or provide personalized services or marketing to users in the European Union or United Kingdom. This GDPR policy is provided as additional information for any EU/UK users who may access our services.
Last Updated: April 3, 2025
1. Introduction
At CVNio ("we," "our," or "us"), we're committed to protecting your personal data and respecting your privacy rights. This GDPR Compliance Policy explains how we collect, use, and protect personal data of users from the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).
This policy complements our Privacy Policy and applies specifically to users located in territories where GDPR is applicable.
2. Data Controller Information
CVNio is the data controller for personal data collected through our website and services. Our contact information is:
CVNio
30 N Gould St Ste R
Sheridan, WY 82801
United States
Email: privacy@cvnio.com
3. Personal Data We Collect
We may collect the following categories of personal data about you:
- Identity and Contact Data: Name, email address, postal address, phone number
- Account Data: Username, password, account preferences
- Profile Data: Resume content, professional history, skills, education, career goals
- Usage Data: Information about how you use our website and services
- Technical Data: IP address, browser type and version, operating system, device information
- Marketing Data: Preferences for receiving marketing communications from us
3.1 Special Categories of Personal Data
We do not intentionally collect any Special Categories of Personal Data (such as details about race, ethnicity, religious beliefs, health information, or biometric data). If you include such information in your resume or profile, you do so at your own discretion.
4. Legal Basis for Processing
We process your personal data on the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation and service provision | Performance of a contract |
| Customer support | Legitimate interests |
| Product improvement and analytics | Legitimate interests |
| Marketing communications | Consent (where required) or legitimate interests |
| Compliance with legal obligations | Legal obligation |
Where we rely on legitimate interests, we have carefully balanced these against your rights and freedoms. Our legitimate interests include improving our services, preventing fraud, and promoting our business.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process your personal data
- Whether we can achieve those purposes through other means
- Legal requirements
When your account is inactive for more than 24 months, we may archive or delete your personal data. You can request deletion of your personal data at any time.
6. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of your personal data we hold.
- Right to Rectification: You can request correction of inaccurate or incomplete personal data.
- Right to Erasure: You can request deletion of your personal data in certain circumstances.
- Right to Restrict Processing: You can request restriction of processing of your personal data in certain circumstances.
- Right to Data Portability: You can request transfer of your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You can object to processing of your personal data in certain circumstances, particularly for direct marketing.
- Right to Withdraw Consent: Where we rely on consent as the legal basis, you can withdraw this consent at any time.
- Rights Related to Automated Decision Making: You have rights related to automated decision-making, including profiling.
6.1 How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@cvnio.com. We will respond to your request within one month. This period may be extended by up to two additional months if necessary, considering the complexity and number of requests.
6.2 Fees
You will not have to pay a fee to access your personal data or exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
6.3 Identity Verification
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise other rights. This is a security measure to ensure personal data is not disclosed to unauthorized persons.
7. International Data Transfers
Our services are primarily hosted in the United States. When you use our services, your data may be transferred to and stored in the US, which may have data protection laws different from those in your country.
For transfers from the EEA to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other legally approved mechanisms to ensure your personal data is protected.
8. Cookies and Similar Technologies
Our website uses cookies and similar technologies to distinguish you from other users. This helps us provide you with a good experience when browsing and allows us to improve our site. For detailed information on the cookies we use and purposes for which we use them, see our Cookie Policy.
9. Security of Your Personal Data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Supervisory Authority
If you are a resident of the European Union or EEA and are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority. However, we would appreciate the chance to address your concerns before you approach the authority, so please contact us in the first instance.
11. Changes to This Policy
We may update this GDPR Compliance Policy from time to time. When we make significant changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date.
We encourage you to review this policy periodically to stay informed about how we protect your personal data.
12. Contact Us
If you have any questions about this GDPR Compliance Policy or our data practices, please contact us at:
Email: privacy@cvnio.com
Postal Address:
CVNio
30 N Gould St Ste R
Sheridan, WY 82801
United States
This GDPR Compliance Policy is effective as of April 3, 2025.