Version 2026-05-23
Recruitment Privacy Notice
This notice explains how RecruitMe processes applicant, candidate, interviewer, and hiring-team data for recruitment workflows in Kenya and Tanzania. It is intended for recruitment use and should be reviewed against the deploying company's legal entity, data protection registration, vendors, and retention policy before public launch.
Who controls your data
The company advertising a vacancy is the data controller for recruitment data submitted for that vacancy. RecruitMe acts as the technology platform and may act as a processor or service provider for that company. The company must publish its legal name, contact details, data protection contact, and any applicable Kenya or Tanzania registration details in its careers site or job notice.
Data we process
- Account and contact details, including name, email, phone number, location, login/session data, and profile details.
- Application data, including CVs, cover letters, skills, education, experience, certifications, salary expectations, notice period, relocation preference, and referral source.
- Recruitment workflow data, including application status, pipeline stage, interview records, assessment submissions, scorecards, ratings, notes, tags, offer data, decision reasons, and audit history.
- Technical and security data, including IP address, device/browser data, authentication events, rate-limit events, document scan results, and access logs.
Why we process recruitment data
- Receive and manage job applications.
- Assess candidate suitability using job-related criteria.
- Schedule interviews, assessments, and hiring-team reviews.
- Communicate application status, interview details, assessment requests, rejections, offers, and hiring decisions.
- Protect the platform, prevent abuse, scan documents, audit access, and investigate security events.
- Meet employment, tax, audit, data protection, and legal obligations that apply to the hiring company.
Legal basis
Recruitment data may be processed because you requested to be considered for a role, because the hiring company has a legitimate interest in fair and secure recruitment, because processing is needed before entering an employment contract, because the company must comply with legal obligations, or because you gave consent for a specific purpose. Consent can be withdrawn where consent is the applicable basis, but this will not affect processing already completed lawfully.
Kenya and Tanzania notices
For Kenya, recruitment data should be handled in line with the Data Protection Act, 2019 and fair employment practices, including non-discrimination in recruitment and selection. For Tanzania, recruitment data should be handled in line with the Personal Data Protection Act, 2022 and applicable employment rules. Hiring teams should collect only job-related data, use structured evaluation criteria, and avoid questions or decisions based on protected or irrelevant personal characteristics.
Sharing and international transfers
Recruitment data may be shared with authorized recruiters, hiring managers, interviewers, approvers, HR teams, technology providers, email providers, storage providers, security scanners, analytics/monitoring providers, and legal or regulatory authorities where required. If data is stored or accessed outside Kenya or Tanzania, the hiring company should confirm that appropriate transfer safeguards, contracts, and vendor controls are in place.
Retention
Recruitment data should be retained only for as long as needed for the recruitment process, talent-pool follow-up, dispute handling, audit, security, and legal compliance. The deploying company must configure a retention schedule for rejected, withdrawn, hired, and inactive candidate records. Where deletion is not legally possible, records should be restricted, anonymized, or placed under legal hold as appropriate.
Your rights
Depending on your location and the hiring company's obligations, you may request access to your recruitment data, correction of inaccurate data, deletion, restriction, objection, portability, or withdrawal of consent. You may also ask how automated tools or structured assessments are used in the recruitment process. Requests should be sent to the hiring company's published privacy contact or made through the candidate compliance tools where available.
Security
RecruitMe is designed to use authenticated access, role checks, private document storage, document validation and scanning, audit logs, rate limits, origin checks, and secure session cookies. The deploying company remains responsible for configuring production email, storage, malware scanning, monitoring, backups, retention, and user access reviews.
Contact
For questions about a specific job application, contact the company that posted the vacancy. For platform security or technical privacy questions, contact the RecruitMe operator using the support channel published by the deployment owner.