Introduction and GDPR Roles

This privacy policy aims to inform you about how BESTLOG (hereinafter "CVREADERPRO" or "the Provider") collects, uses and protects your personal data in connection with the operation of the API platform cvreaderpro.com.

The Provider acts in two distinct roles:

• Data Controller: Customer data (subscription, billing, login).
• Processor: Data from CVs submitted to the API by Customers.

I. Data processed by CVREADERPRO as Data Controller

A. Types of Data Collected

• Identification data: Account management, support – Legal basis: contract performance.
• Payment data: Subscription processing – Legal basis: contract and legal obligations.
• Login data: Security, audit – Legal basis: legitimate interest.
• Communication data: Customer support – Legal basis: contract and legitimate interest.

B. Data Recipients

• Internal teams (support, technical, sales).
• Technical and payment providers.
• Legal authorities in case of judicial request.

C. Retention Period

Data retained during the contractual relationship, then 5 to 10 years depending on legal obligations.

II. Data processed as Processor

A. Nature of Submitted Data

CVs and job offers submitted to the API may include:

• Identification data (name, email, etc.).
• Career data (education, work experience, etc.).
• Potential sensitive data (age, nationality, health).

B. Purposes of Processing

• Parsing, matching, transformation, anonymization of data.

C. Security and Anonymization

• Data minimization.
• Modification/deletion in real time via API.
• Raw CVs temporarily stored for 2 years, then deleted.

D. Further Subprocessing

Subprocessors (e.g. cloud providers) are contractually required to comply with GDPR (art. 28).

III. Data Security

• SSL/TLS encryption of communications.
• Strict access control to servers (located in Europe).
• Secure deletion and anonymization.

IV. Rights of Data Subjects

GDPR Rights:

• Access, rectification, erasure, restriction, portability, objection.

A. Exercising Rights (Customer)

Directly via CVREADERPRO using the contact details below.

B. Exercising Rights (Candidate)

Via the Customer (the Data Controller), who must apply the request through the API.

V. Contact and Complaints

For any request, please contact our DPO:

• Email: rgpd_cvreader@bestlog.tech

You may also contact the CNIL or your local supervisory authority in case of non-compliance.