Privacy and Policy

Expanded Privacy Policy

1. Introduction

This Privacy Policy explains how CANARY TECH VENTURES S.R.L. ("GrooveCV") collects, uses, and protects personal data, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using GrooveCV, you agree to this Privacy Policy, which aims to provide transparency regarding how we handle your personal information and ensure your privacy is respected. We are committed to safeguarding your personal data and making sure your information is used responsibly.

2. Data We Collect

Personal Information: When you create an account, we collect personal data such as your name, email address, and password. This data is necessary to create and manage your account and provide access to our services. We may also use this information to contact you about important updates or changes to your account.
CV Information: We collect and store data that you input into the platform while creating CVs, cover letters, or other documents, such as employment history, education, and skills. This information helps us tailor our services to your professional needs and enhance your experience by providing personalized suggestions and improvements.
Payment Information: Payment details, including credit card information, are handled securely by Stripe. GrooveCV does not store payment information on its servers, ensuring your financial data is protected by industry-standard encryption. This means that your payment information remains secure throughout the transaction process
Automatically Collected Data: We automatically collect data such as IP addresses, device type, browser type, and interaction logs through cookies and similar tracking technologies. This information helps us understand user behavior and improve our platform's performance and security, ensuring that our services meet your needs efficiently.
Cookies and Tracking Technologies: We use cookies, pixel tags, and other technologies to analyze usage, improve functionality, and personalize your experience. You can manage your cookie preferences through your browser settings, although disabling certain cookies may affect your ability to use some features. Cookies help us understand how you interact with our platform and improve your overall experience.

3. How We Use Your Data

We use your data for the following purposes:

Service Delivery: To provide personalized CV-building services, including AI-generated content and subscription management. This ensures that you have access to the tools you need to create effective and professional documents.
Personalization: To tailor CV suggestions and platform features to your preferences, making your experience more relevant and efficient. Personalization helps you get the most out of our services, as content is customized to your professional goals.
Payment Processing: To securely process payments through Stripe. Your payment information is encrypted to protect against unauthorized access during transactions, ensuring a safe and reliable payment process.
Marketing and Communication: To send you promotional content and important updates (you may opt out of marketing communications at any time). This includes information about new features, updates, and exclusive offers that may be of interest to you.
Analytics and Performance: To monitor platform performance, user behavior, and conduct analytics using tools such as Google Analytics, Hotjar, and GTM. This helps us identify areas for improvement and optimize the user experience, ensuring that our platform is efficient and user-friendly.

4. Legal Basis for Processing Personal Data

Under GDPR, we process your personal data under the following legal bases:

Contract Performance: For delivering the services you have subscribed to, such as CV creation and account management. This is necessary for fulfilling our contractual obligations to you and ensuring that you can effectively use our platform.
Legitimate Interests: For platform improvement, fraud prevention, and ensuring platform security. These legitimate interests help us maintain a secure and efficient service, protecting both our users and our business.
Consent: For marketing communications, where you have provided consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. This allows you to have control over how your data is used.

5. Sharing of Data

Third-Party Service Providers: We share your data with trusted third-party providers to deliver the service:
- ‍Engaging in illegal activities using GrooveCV, such as harassment, fraud, copyright infringement, or breaking applicable laws.
- Scraping or using bots or automated systems to collect data from GrooveCV without permission.
- Attempting to hack, disrupt, or compromise the platform’s security or integrity.
- Uploading harmful content such as malware, viruses, or harmful code that could jeopardize platform security.
- Generating or distributing misleading or harmful AI-generated content that could harm others or mislead potential employers.
- Using GrooveCV to create CVs or documents for third parties unless you have a business account specifically designated for this purpose.

International Data Transfers: Some third-party service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that standard contractual clauses or other safeguards are in place to protect your personal data, in accordance with GDPR. These measures ensure that your data is handled securely regardless of its location, offering the same level of protection as it would within the EEA.

6. User Rights

Under GDPR, you have the following rights:

Right to Access: You can request access to the personal data we hold about you, including how it is used and who it is shared with.
Right to Rectification: You can correct or update your personal data if it is inaccurate or incomplete, ensuring that all your information is up to date.
Right to Erasure: You can request the deletion of your personal data, subject to legal and regulatory obligations. This is also known as the "right to be forgotten" and allows you to control your data when it is no longer necessary.
Right to Restriction: You can request restrictions on the processing of your data under certain circumstances, such as when you contest the accuracy of the data or object to its use.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format to be transferred to another service. This enables you to move your data to another provider easily.
Right to Object: You can object to the processing of your data for marketing purposes, and we will stop using your data for these purposes.
Right to Withdraw Consent: You can withdraw your consent for data processing at any time by contacting us at info@groovecv.com. Withdrawal of consent will not affect the legality of data processing based on consent before its withdrawal.

7. Cookies and Tracking Technologies

Types of Cookies:
- ‍Necessary Cookies: Required for the basic operation of the platform, such as login authentication and access to secure areas.
- Functional Cookies: To remember your preferences and enhance user experience by personalizing content and remembering settings.
- Analytics Cookies: To analyze user behavior and improve the platform (e.g., Google Analytics, Hotjar). These cookies provide insights into how users interact with the platform.
- Marketing Cookies: To provide relevant advertising and track browsing activity. These cookies help us show you ads that are most relevant to your interests.

Managing Cookies: You can manage and disable cookies through your browser settings. Disabling certain cookies may affect your ability to use certain features on the platform. We provide tools to help you easily manage your preferences and exercise control over how your data is used.

8. Data Retention

We retain your personal data for as long as your account is active. In the case of inactive accounts, we retain your data for up to six years for legal and regulatory purposes, such as tax or audit compliance. If you request deletion of your data, we will fulfill your request while ensuring that all legal obligations are met.

9. Data Security

We implement industry-standard security measures, including encryption, firewalls, and secure data storage. However, no system is entirely secure, and we cannot guarantee absolute protection against breaches, especially involving third-party services. Our security practices are regularly reviewed and updated to minimize vulnerabilities and protect your personal data.

10. Data Breach Notification

In the event of a data breach, we will notify you and the relevant authorities within 72 hours of becoming aware of the breach, as required by GDPR. We will also provide recommendations on the steps you should take to protect yourself and limit any potential damage.

11. Governing Law

This Privacy Policy is governed by the laws of Romania and the European Union (EU). Any disputes regarding data protection will be resolved in accordance with Romanian law, ensuring compliance with local and international data protection standards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a prominent notice on our platform. The latest version will always be available on our website, and we encourage users to review it regularly to stay informed about how we protect their privacy.

Privacy Policy