Privacy Policy

Effective as of August 07, 2025

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Disclosure of Your Information
5. Data Security
6. Your Rights and Choices
7. Retention of Information
8. International Data Transfers
9. Changes to This Privacy Policy
10. Contact Us
11. Governing Law

1. Introduction

This Privacy Policy describes the practices of 11584332 Canada Corp., doing business as TalentArc, a corporation established pursuant to the laws of Canada and conducting its principal activities therein, referred to hereafter as “TalentArc,” “we,” “us,” or “our,” concerning the collection, utilization, disclosure, and safeguarding of personal information through our website at TalentArc.ai, including subdomains such as app.TalentArc.ai, and any affiliated web applications, services, or features, collectively designated as the Platform. By interacting with the Platform, you consent to the handling of your personal information in accordance with this Privacy Policy; should you withhold consent, cessation of Platform use is required forthwith. This document aligns with obligations under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, which mandates accountability, consent, and limiting collection for organizations engaged in commercial activities; implications include potential investigations by the Office of the Privacy Commissioner of Canada if non-compliance is alleged, thereby necessitating transparency to mitigate risks.

1.1

Personal information, as contemplated herein, encompasses any data about an identifiable individual, excluding business contact details used solely for professional communications; this definition draws from PIPEDA's section 2(1), ensuring scope is confined to protectable elements while permitting operational necessities. For users in the United States, this Policy incorporates principles from state-specific laws such as the California Consumer Privacy Act (CCPA), Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Privacy Rights Act (CPRA), which grants rights like opt-out from sales of personal information; though not primarily targeted at European users, references to the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, are included where transborder data flows might engage its extraterritorial application under Article 3. Cross-references to our Terms and Conditions reinforce that privacy practices integrate with broader user agreements, promoting holistic compliance.

1.2

In the event of a merger, acquisition, or asset sale involving TalentArc, personal information may transfer to the successor entity, subject to equivalent protections; this provision reflects succession principles in corporate law, with rationales centered on business continuity while upholding data subject rights under PIPEDA's Principle 4.1.4 on accountability.

2. Information We Collect

2.1

We gather various categories of information to facilitate Platform functionalities, such as AI-driven matching between Candidates and Employers, profile creation, messaging, and payment processing. Personal information collected directly from you includes names, email addresses, resumes, skills, employment histories, career preferences for Candidates, or company details, job descriptions, and billing information for Employers; such collection occurs via registration forms, profile uploads, or transaction interfaces, pursuant to PIPEDA's Principle 4.3 requiring informed consent.

2.2

Indirect collection encompasses usage data like IP addresses, browser types, device identifiers, and interaction logs, obtained through automated means; this supports analytics and service improvements, with implications for personalization but balanced against privacy intrusions under CCPA's section 1798.140(v) defining personal information broadly to include inferences drawn from data. Non-personal information, aggregated or anonymized, falls outside privacy protections, allowing for statistical analyses without re-identification risks; rationales here stem from efficiency in data-driven operations, as permitted by GDPR Article 4(5) on pseudonymization.

2.3

We may also receive information from third parties, such as Stripe for payment verification or Google Analytics for traffic patterns; these integrations necessitate data sharing agreements to ensure compliance, with potential liabilities for breaches under PIPEDA's Principle 4.1.3 on safeguarding.

3. How We Use Your Information

3.1

Personal information serves defined purposes, including matching Candidates to job opportunities via AI algorithms, enabling Employer communications, processing Subscriptions or Bulk Credits payments, and sending administrative emails like match notifications or updates. Utilization for marketing, if consented to separately, involves targeted promotions; this limited-purpose approach adheres to PIPEDA's Principle 4.2 on identifying purposes at collection, mitigating overreach that could lead to complaints.

3.2

We employ information for internal operations, such as fraud detection, Platform maintenance, and legal compliance; for instance, retention for audit trails aligns with tax obligations under the Income Tax Act, R.S.C. 1985, c. 1 (5th Supp.), while deletion post-purpose fulfillment upholds minimization principles. Implications include enhanced user experiences through data insights, but with safeguards against misuse via access controls; cross-references to security sections below focus on integrated protections.

3.3

For U.S. residents under CCPA, we do not “sell” personal information as defined in section 1798.140(t), though sharing with service providers like Constant Contact for email dispatch qualifies as business purposes under section 1798.140(d); opt-out mechanisms are available via Privacy@TalentArc.ai.

4. Disclosure of Your Information

4.1

Disclosure occurs only as necessary or permitted by law. We share personal information with service providers, including Stripe for transactions, Zendesk for support, and Google Analytics for metrics; such third parties are bound by contractual obligations to process data solely for specified ends, consistent with PIPEDA's Principle 4.1.3 requiring equivalent protection levels.

4.2

In response to legal processes, such as subpoenas or warrants, disclosure may ensue without notice if required; this accommodates public authority requests under PIPEDA's section 7(3)(c.1), with rationales in balancing privacy against societal interests like crime prevention. No routine sharing with affiliates exists absent consent, and international transfers to U.S.-based providers incorporate standard contractual clauses to address adequacy concerns under GDPR Article 46 if applicable; implications involve potential data localization challenges, addressed through risk assessments.

4.3

We do not disclose to unrelated third parties for their independent use without explicit consent, thereby limiting exposure and aligning with CCPA's right to know under section 1798.110.

5. Data Security

5.1

Reasonable administrative, technical, and physical measures protect personal information against unauthorized access, loss, or alteration; these include encryption for transmissions, access restrictions, and regular vulnerability audits, as mandated by PIPEDA's Principle 4.7 on safeguarding. Despite such efforts, no system guarantees absolute security; users are advised to employ strong passwords and report suspicions promptly.

5.2

Breach notifications occur as required by law, for example, under PIPEDA's sections 10.1–10.3 mandating reports to affected individuals and the Commissioner if real risk of significant harm exists; implications encompass reputational impacts, necessitating proactive incident response plans. Cross-references to user responsibilities in Terms and Conditions reinforce shared security obligations.

6. Your Rights and Choices

6.1

You possess rights to access, rectify, or withdraw consent regarding your personal information. Requests for access, submitted to Privacy@TalentArc.ai, will receive responses within thirty days, subject to verification and nominal fees if voluminous, per PIPEDA's section 8(3); corrections follow upon substantiation, with notifications to prior recipients where feasible.

6.2

Withdrawal of consent halts further processing, though may limit Platform access; for marketing, opt-out links in emails suffice. U.S. residents under CCPA enjoy deletion rights under section 1798.105, exercisable similarly, with exceptions for legal retention; GDPR data subjects, if applicable, may invoke erasure under Article 17 or portability under Article 20. Rationales for these provisions lie in empowering individuals, with implications for operational burdens balanced by compliance frameworks.

6.3

Children's information is not knowingly collected from those under 13 (or 16 in certain jurisdictions), in line with COPPA, 15 U.S.C. §§ 6501–6506; parental consent mechanisms apply if inadvertently obtained.

7. Retention of Information

7.1

Personal information is retained only as long as necessary for fulfillment of purposes, plus periods for legal claims or regulatory requirements; for example, financial records persist seven years under Canada's Excise Tax Act, R.S.C. 1985, c. E-15. Post-retention, secure deletion or anonymization occurs, minimizing risks under PIPEDA's Principle 4.5.

8. International Data Transfers

8.1

As a Canadian entity, data primarily resides in Canada, but transfers to U.S. or other jurisdictions for processing by providers like Stripe may occur; adequacy is ensured through contracts incorporating PIPEDA-equivalent safeguards. For EU users, GDPR Article 45 adequacy decisions or Article 46 mechanisms apply; implications include exposure to foreign legal accesses, mitigated via transparency and user notifications.

9. Changes to This Privacy Policy

9.1

Modifications may arise, posted on the Platform with revised effective dates; material changes prompt email alerts where feasible. Continued use post-change constitutes acceptance, pursuant to consent principles in PIPEDA's Principle 4.3.8; this facilitates adaptability while preserving accountability.

10. Contact Us

10.1

Inquiries, complaints, or rights exercises direct to Privacy@TalentArc.ai; we commit to timely resolutions, with escalation options to the Privacy Commissioner of Canada or equivalent authorities.

11. Governing Law

11.1

This Privacy Policy governs under Ontario, Canada laws, without conflicts principles; disputes resolve in Ontario courts, aligning with our incorporation and promoting jurisdictional certainty.