Updated: September 15, 2022.
We are Sapia&Co Pty Ltd (trading as Sapia.ai) – a software provider offering recruitment intelligence software solutions. Our organization is registered in Australia with ACN 164 492 586 and registered office at 216 Lower Heidelberg Road, Ivanhoe East VIC 3079.
Without limitation, our group of companies (“Subsidiaries”) include Sapia&Co Pty Ltd (a company registered in England & Wales with registration number FC032929 and registered office at 1st Floor, 107 Lees Road, Oldham OL4 1JW), and Sapia.ai, Inc. (a Delaware corporation with an office at 308 Gage Rd. Riverside IL 60546).
Our Platform (“Platform”) uses artificial intelligence (“AI”) to identify patterns from the free-text answers provided by job Candidates during a chat-based interview, including via our website at https://sapia.ai/ (“website”). Rather than just matching keywords, our technology interprets, understands, and makes sense of answers. Our Platform also collects and processes video responses, which are not subject to AI.
We are committed to complying with various privacy laws. Without limitation, some of the data protection legislation (“Privacy Laws”) we may need to comply with include the following:
How this policy applies to you will depend on the capacity you use and access our website, Platform, and other goods and services (“goods and services”):
Candidates may have the right not to be subject to automated decision-making (i.e., without human involvement). If you would like to exercise this right, please contact us. If you object, we will refer this to the organization where you applied for a job, as they are responsible for dealing with objections.
Under Privacy Laws, but without limiting their definitions, personal data can be broadly summarized as any information related to an identified or identifiable natural person. In Australia, that also includes any opinion about an identified individual or an individual who is reasonably identifiable (“personal data”).
Personal data we collect, and use, includes:
If you are a Candidate or a current or potential employee of Sapia.ai, the personal data we collect may also include:
In respect of our Clients in the EU or UK, we act as a data controller to manage our relationship with you and provide our goods and services.
Generally, we collect personal data directly from you. However, we may also collect information about you from other sources, as described below.
We collect personal data from you directly:
If you are a Candidate, we also collect your personal data from external sources, including:
If you are a Client, we may also collect your representative’s personal data directly when:
Other places we may collect your personal data from include:
Why we collect personal data depends on the capacity in which you engage with us. However, in general, we collect personal data (which may include special category personal data/sensitive information) because it’s in our legitimate interest to do so:
If you do not provide us with personal data, we may be unable to carry out some or all of the Permitted Purposes (as applicable to you). For example, suppose you are a Candidate or are applying for a job with Sapia.ai and do not provide us with personal data. In that case, it may mean you cannot complete the interview process.
By accessing or using our products and services, or by submitting personal data to us, you agree we may use or disclose your personal data for:
Secondary Purposes may include:
You agree that if we collect special category personal data/sensitive information from you, it is reasonably necessary for us to do so for the relevant Primary and Secondary Purposes set out above.
For the above purposes, we may share your personal data with various persons, including:
By disclosing your personal data (including sensitive information) to us, you agree we may provide your personal data to third parties as set out above. We will never sell personal data to any third party.
Sapia.ai is a global organization with Clients and employees worldwide (including, without limitation, in Australia, Europe, and the USA). To provide you with our products and services, we need to transfer personal data between our teams and company group members for the purposes set out above.
Some of our service providers are based outside Australia (including Europe and the USA). For example, we process and store the data we collect using third-party sub-processors, such as HubSpot, Intercom, and Amazon Web Services (AWS). HubSpot keeps your information in the USA, and Intercom stores information in the EU. Data in AWS may be processed or stored anywhere in the world – contact us for details.
As we transfer personal data between countries, we take steps to ensure it receives the protections required by law. So, for example, where the GDPR applies, if we transfer your personal data outside the UK or EEA, we’ll ensure the transfer complies with applicable data protection law.
In some circumstances, we carefully de-identify and anonymize your personal data (including special category personal data/sensitive information). This means it can no longer be associated with you (“de-identified information”). We may use this de-identified information indefinitely without notifying you. For example, we use de-identified information to improve the Platform, create new software products, and for academic research purposes (which may be published). In addition, we may share de-identified information with third parties, including our suppliers, research partners, and service providers, without limitation. Please contact us for more information on how we use data for academic research.
Unless it is impractical or against Privacy Laws, we will allow you to use a pseudonym or to otherwise not identify yourself.
However, if you decide not to provide us with some types of personal data, we may not be able to provide you with a product or service. This may impact whether we can begin or continue a relationship with you. If you are a Candidate, it may mean you cannot complete the recruitment process via our Platform.
We take all reasonable steps to secure personal data (whether in hard copy or electronic form) and protect it against misuse, loss, unauthorized access, modification, or inappropriate disclosure. Personal data is kept in secure server environments protected by industry best practices. Only authorized personnel can access our systems.
You are responsible for ensuring your personal data is accurate, current, and complete. Please contact us if you believe any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading. If requested by you, we will take reasonable steps to correct your personal data.
You may request access to your personal data under relevant Privacy Laws. We may require you to confirm your identity before we grant access to personal data. Your access rights are subject to limitations set out in relevant Privacy Laws.
We may charge you reasonable costs subject to any limitations in the relevant law. In addition, at our discretion, we may agree to provide a summary of personal data for free.
We may decline your request to access or correct personal data under Privacy Laws. If we refuse, we will tell you why. If your request involves a correction, we will include a statement with your personal data about the correction.
Where the EU/UK data protection legislation applies, and in the limited circumstances explained above where we are a data controller, we’ll only retain your personal data for as long as we need it. This doesn’t apply if we are required to keep it for longer to comply with our legal, accounting, or regulatory requirements.
When you’re a Candidate and the EU/UK data protection legislation applies, we’re acting as a data processor, so we’ll retain your personal data for the period set by our Client, the data controller.
Suppose you ask us to delete your personal data. In that case, we’ll either anonymize or delete it unless we’re required to keep it for legal reasons or have compelling legitimate interests to keep it.
Firstly, data protection law is complicated – the rights set out below won’t always be available to you.
In addition to your rights set out elsewhere in this policy, if the EU/UK data protection legislation applies, you may have other various rights, including the right to:
If you are a Candidate, remember that to exercise your rights under EU/UK data protection legislation, you need to contact the organization you applied for a job with. However, you can still contact us for assistance.
You are communicating with us electronically by using the Platform, visiting our website, or otherwise sending us emails, messages, and other communications. You acknowledge and agree that Sapia.ai may send you communications regarding the Platform and our services, including electronic communications.
By providing your cell number, you agree to be contacted by or on behalf of Sapia.ai using the number you provided. This includes calls and text messages to receive information and communications about the Platform and services. Message and data rates may apply. To stop receiving text messages, follow the opt-out instructions in the text message.
Sapia.ai is committed to being compliant with the US federal Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM Act“) and Telephone Consumer Protection Act (“TCPA“). Emails, newsletters, and text messages from us are intended to fully comply with the CAM-SPAM Act and the TCPA. If you receive an email or text message from us that you believe does not comply with the CAN-SPAM Act or the TCPA, please contact us immediately.
You must be 18 or older to establish an account on and use the Platform. We are concerned about the safety and privacy of children online. Because of this, we will make all efforts to comply with the US federal Children’s Online Privacy Protection Act of 1998 (“COPPA“). COPPA and its accompanying US Federal Trade Commission regulations establish United States federal law protecting children’s privacy when using the Internet. Further, our services are neither intended for nor designed to attract users under 18. However, by fraud or deception by others, we may receive information about minors, including children under 13. If we are notified of this, we will immediately obtain parental consent or otherwise delete the information from our servers as soon as we verify the information. If you want to notify us of our receipt of information regarding minors, including children under 13, please contact us.
Contact our privacy team, preferably by email at email@example.com. Alternatively, you can write to us at PO Box 1405, St Kilda South, Melbourne, 3182 Victoria, Australia.
We will where reasonably possible, take steps to respond to, investigate and resolve complaints within 30 days. However, we will notify you and request an extended period if we require further information and the reason for the delay. If you disagree, we may be unable to resolve your complaint.
We value your privacy and your rights as a data subject. We have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter allows you to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter, or use your data subject rights, please visit https://prighter.com/cc/sapia.
You may have the right to lodge a complaint to the relevant data protection authority about how we collect and use your personal data.
To file a complaint, you can contact the relevant data protection regulator in your country. Alternatively, you can contact the Office of the Australian Information Commissioner (OAIC) or the UK’s Information Commissioner’s Office. You may need to supply our organization details which can be found here. If you’re not sure who to contact, just ask us for help.