verified_user
Privacy at a glance
MivhaanTech never sells your data. We collect only what is needed to match talent with opportunity. You can request, correct, or delete your data at any time. Our processing is governed by the Digital Personal Data Protection Act 2023 (India) and applicable international standards.
0
Data sold to third parties
256-bit
SSL encryption in transit
30 days
Max response time for data requests
DPDPA
Compliant with India's 2023 Data Law
01Information We Collect
1.1 Information you provide directly
person
Candidates
- Full name, date of birth, nationality
- Email address, phone number, postal address
- CV / résumé including employment history, education, skills, certifications
- Salary expectations, notice period, work authorisation status
- LinkedIn profile URL and other professional profiles
- Identity documents (passport / Aadhaar) where required by a specific role
- Interview feedback and assessment results
- Equal opportunity monitoring data (provided voluntarily)
- Visa / work permit details for international placements
- Photograph (optional, candidate-submitted)
business
Employers / Clients
- Company name, registered address, GST / CIN numbers
- Contact person name, designation, email, phone
- Job descriptions, salary ranges, hiring criteria
- Billing and invoicing information
- Hiring preferences and organisational information shared in briefs
- Interview feedback on candidates
- Signed agreements and correspondence
1.2 Information collected automatically
When you interact with our website or portal, we automatically collect:
devices
Device & BrowserIP address, browser type and version, operating system, device identifiers, screen resolution.
analytics
Usage DataPages visited, time on page, links clicked, search queries entered, scroll depth, session duration.
location_on
LocationApproximate city/region inferred from IP address. We do not access precise GPS location without explicit permission.
cookie
Cookies & PixelsSession cookies, persistent preference cookies, analytics pixels, and retargeting tags. See Section 9 for full details.
1.3 Information from third parties
- Professional networks: If you connect your LinkedIn profile, we receive the data you authorise LinkedIn to share.
- Referrals: If you are referred by a colleague or existing candidate, we receive your name and contact details.
- Public sources: Publicly available professional information may supplement records for executive searches.
- Background check partners: Employment history, education verification, and criminal record checks are conducted by certified third-party partners with your consent.
02How We Use Your Data
We process personal data only for defined, lawful purposes:
| Purpose | Data Used | Legal Basis |
|---|
| Matching candidates to suitable roles | CV, skills, salary expectations, location preference | Contract / Legitimate Interest |
| Presenting candidate profiles to employers | CV, experience summary, interview notes | Consent (candidate) + Contract (employer) |
| Scheduling and managing interviews | Contact details, availability | Contract |
| Sending job alert emails / WhatsApp | Email, phone, job preferences | Consent |
| Background verification | Identity documents, employment history | Consent + Legal Obligation |
| Invoice generation and payment processing | Employer billing details | Contract + Legal Obligation |
| Improving platform usability | Anonymised usage data | Legitimate Interest |
| Fraud prevention and security | IP address, login activity | Legitimate Interest + Legal Obligation |
| Regulatory compliance and audit | All applicable records | Legal Obligation |
03Legal Basis for Processing
Under the Digital Personal Data Protection Act 2023 (India) and applicable data protection law, we rely on the following legal bases:
Consent
Where you have given clear, specific, informed consent — e.g. to receive marketing emails or for your CV to be shared with a specific employer. You may withdraw consent at any time without affecting prior processing.
Contractual Necessity
Processing required to fulfil our recruitment services agreement — e.g. coordinating interviews, managing placements, and issuing invoices.
Legal Obligation
Where processing is required by Indian law, including tax regulations, labour law, anti-money-laundering obligations, and retention requirements.
Legitimate Interests
Where necessary for our legitimate business interests — such as improving our services, preventing fraud, and maintaining platform security — provided these do not override your rights.
04Sharing & Disclosure
info
We do not sell, rent, or trade personal data. We do not share data with any party for their own marketing purposes.
corporate_fare
Client EmployersWith your explicit consent, your CV and profile are shared with prospective employers for roles you have applied to or been specifically shortlisted for.
cloud
Technology Service ProvidersTrusted sub-processors who help us operate our platform — cloud hosting (AWS India region), CRM, email delivery, SMS/WhatsApp gateway. All operate under Data Processing Agreements.
fact_check
Background Check PartnersCertified background verification companies who conduct checks strictly on your written consent, for specific roles that require them.
gavel
Legal & Regulatory AuthoritiesWe may disclose data where required by court order, government authority, or other legal obligation. We will notify you where legally permitted to do so.
merge
Business TransfersIf MivhaanTech is acquired or merges with another entity, personal data may be transferred to the successor entity. You will be notified in advance.
05International Transfers
Our primary operations are based in India. For global placement services, candidate data may be transferred to employer entities in other countries. We ensure such transfers comply with applicable law by:
- Obtaining your explicit consent before sharing data internationally.
- Applying Standard Contractual Clauses (SCCs) or equivalent mechanisms recognised under Indian and destination-country law.
- Sharing only the minimum data necessary for the specific international opportunity.
- Ensuring destination-country employers operate data protection standards equivalent to our own.
Countries in which we regularly facilitate placements include: United Kingdom, United States, Singapore, UAE, Australia, Germany, and Canada.
06Data Retention
We retain personal data only for as long as necessary for the purpose collected, or as required by law.
| Data Category | Retention Period | Rationale |
|---|
| Active candidate profile | 3 years from last activity | Ongoing service provision |
| Placed candidate records | 7 years from placement | Statutory employment records |
| Unsuccessful applicant CVs | 12 months from last contact | Future relevant opportunities |
| Interview notes and assessments | 12 months from last activity | Quality assurance |
| Client / employer records | 5 years from last engagement | Contractual records, tax compliance |
| Financial / invoicing records | 8 years | GST and Income Tax Act requirements |
| Website analytics (anonymised) | 26 months | Platform improvement trends |
| Security / access logs | 12 months | Incident investigation capability |
At end of retention, data is securely deleted using industry-standard irreversible methods or permanently anonymised for aggregate analytics.
07Security Measures
We implement layered technical and organisational security measures:
lock
Encryption
TLS 1.3 for all data in transit. AES-256 encryption for sensitive data at rest. CVs and identity documents stored in encrypted object storage.
manage_accounts
Access Control
Role-based access controls. Multi-factor authentication enforced for all staff. Privileged access monitored and logged.
security
Infrastructure
Hosted on AWS (Mumbai region, India). WAF, DDoS protection, intrusion detection systems. Regular penetration testing by independent security firms.
school
Staff Training
All staff complete mandatory data protection training on joining and annually thereafter. Data handling policies are regularly reviewed.
backup
Business Continuity
Daily encrypted backups retained for 30 days. Geo-redundant storage. Disaster recovery plan tested bi-annually with RTO of 4 hours.
verified
Vendor Security
All sub-processors assessed against ISO 27001 or SOC 2 standards. Data Processing Agreements in place with every vendor handling personal data.
warning
No system is 100% secure. If you suspect unauthorised access to your account or data, contact us immediately at security@mivhaantech.com
08Your Rights
Under the Digital Personal Data Protection Act 2023 and applicable law, you have the following rights:
visibilityRight to AccessRequest a copy of all personal data we hold about you, including categories processed, purposes, and retention periods.
editRight to CorrectionAsk us to correct inaccurate, incomplete, or outdated data. Update most profile information directly via your account portal.
deleteRight to ErasureRequest deletion of your personal data. We comply unless retention is required by legal obligation or ongoing contract.
blockRight to RestrictAsk us to stop processing your data in certain circumstances — for example, while an accuracy dispute is resolved.
downloadRight to PortabilityReceive your data in a structured, machine-readable format (JSON or CSV) so you can transfer it to another service.
thumb_downRight to ObjectObject to processing based on legitimate interests or direct marketing at any time.
smart_toyAutomated Decision RightsRequest human review of any automated decision that significantly affects you. See Section 14 for AI processing details.
cancelWithdraw ConsentWithdraw consent for any consent-based processing at any time via unsubscribe links, your account settings, or by contacting us.
gavelRight to ComplainLodge a complaint with the Data Protection Board of India if you believe we have mishandled your data.
To exercise any of the above rights, email our Data Protection Officer at dpo@mivhaantech.com. Include your full name, the right you wish to exercise, and any relevant details. We will respond within 30 days.
send Submit a Data Request
09Cookies & Tracking Technologies
We use cookies and similar technologies to operate our website, understand usage, and deliver relevant content.
| Category | Purpose | Examples | Lifespan | Disable? |
|---|
| Strictly Necessary | Login sessions, CSRF protection, load balancing | session_id, csrf_token | Session | No |
| Preference | Language, job filter settings, display mode | user_prefs, locale | 1 year | Yes |
| Analytics | Understanding traffic, popular pages, bounce rates | _ga, _gid, _gat | 2 years / 24h | Yes |
| Marketing | Job ad retargeting on LinkedIn, Google, Meta | _fbp, li_sugr, IDE | Up to 3 months | Yes |
You can manage cookie preferences at any time via your browser settings. Withdrawing non-essential cookies will not affect your ability to use core site features.
10Children's Privacy
Our recruitment services and website are intended exclusively for individuals aged 18 years and over. We do not knowingly collect, store, or process personal data from anyone under 18.
If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@mivhaantech.com.
11Third-Party Links
Our website and job listings may contain links to third-party websites, employer career portals, and external resources. This Privacy Policy applies only to MivhaanTech's own platforms. We are not responsible for the privacy practices or content of third-party sites.
We recommend reviewing the privacy policy of any external site you visit. Presence of a link does not constitute our endorsement of that site's data practices.
12Candidate-Specific Privacy Terms
12.1 CV and profile sharing
Your CV will only be shared with a specific employer after we have spoken with you, described the opportunity, and received your verbal or written approval. We do not send bulk CVs to open job boards or share your profile in response to blind advertisements without your consent.
12.2 Sensitive data
Some roles require sensitive data such as criminal record checks, credit history, or detailed identity verification. We will always explain what is required, why, and obtain specific written consent before processing sensitive categories of data.
12.3 Candidate portal
Registered candidates can log in to their profile at any time to: update personal details, view their application history, withdraw from active applications, update marketing preferences, or request full deletion of their profile.
12.4 Reference checks
Reference contact details you provide will be used solely to conduct employment references for specific roles you are progressing with. Reference details will not be stored beyond the 90-day post-placement guarantee period unless you ask us to maintain your full candidate record.
13Employer-Specific Privacy Terms
13.1 Contact data
We store contact details of individuals at client organisations for the purpose of managing our recruitment relationship. These individuals have the same rights as any data subject and can request access, correction, or deletion of their records by contacting our DPO.
13.2 Job descriptions and hiring criteria
Confidential hiring briefs, salary information, and organisational details shared with us are held in confidence. They are used solely to conduct the relevant search and are not shared externally except as necessary to describe the role to potential candidates.
13.3 Candidate feedback
Interview feedback provided by your team is stored securely and used to refine shortlists. Where feedback is shared with candidates, personally identifiable interviewer information is removed.
14AI & Automated Processing
MivhaanTech uses technology tools — including AI-assisted matching and CV parsing — to support our consultants. We want to be transparent about how this works:
smart_toy
CV ParsingOur ATS automatically extracts structured data from your CV (skills, job titles, dates) to populate your profile. You can review and correct this data at any time. The parsed data supplements, but does not replace, consultant review.
hub
Match ScoringWe use algorithmic matching to surface relevant roles and candidates. These scores are advisory tools for our consultants — they do not make autonomous hiring decisions. Every shortlist is reviewed by a human consultant before being presented.
person_check
No Fully Automated DecisionsNo significant decision about your candidacy is made solely by automated means without human review. You have the right to request human reconsideration of any outcome that affects you materially.
15Data Breach Protocol
In the event of a personal data breach, MivhaanTech follows a documented incident response procedure:
- Detection & containment — Our security team will identify, isolate and contain the breach as quickly as possible.
- Assessment — We assess the nature, scope, and likely impact on affected data subjects within 24 hours.
- Regulatory notification — Where required, we will notify the Data Protection Board of India within 72 hours of becoming aware of the breach.
- Individual notification — If the breach is likely to result in high risk to affected individuals, we will notify those individuals without undue delay.
- Remediation — We will document the incident, implement corrective measures, and conduct a post-incident review to prevent recurrence.
You can report any suspected data security incidents to security@mivhaantech.com at any time.
16Policy Changes
We review this Privacy Policy at least annually and whenever there are material changes to our data practices, applicable law, or our services.
- The "Last updated" date and version number at the top of this page will be revised.
- For minor changes (clarifications, new examples, formatting), we will update the page without specific individual notification.
- For material changes that affect how we process your data or your rights, we will notify registered users by email at least 14 days before the changes take effect.
- For significant changes that require fresh consent, we will seek it explicitly before continuing to process your data under the new terms.
Continued use of our services after a policy change constitutes acknowledgement of the updated policy. Previous versions are available on request by emailing our DPO.
