DirectHire is committed to GDPR compliance. You have the right to access, correct, export, and delete your personal data at any time.
1. Who We Are
DirectHire Ltd (“DirectHire,” “we,” “our”) is the data controller for personal data collected through the DirectHire platform. We are registered in Albania.
Contact our Data Protection team: privacy@directhire.io
2. What Data We Collect
Account data: name, email address, phone number, password (hashed).
Profile data (workers): date of birth, nationality, country of residence, passport number (encrypted), marital status, family details, skills, experience, language proficiency, work preferences.
Profile data (employers): company name, NIPT, QKR number, administrator ID (encrypted), business description, industry, company size, address.
Uploaded files: profile photos, work videos, introduction videos, medical certificates, and business registration documents. All stored encrypted on secure servers.
Usage data: pages visited, features used, timestamps, IP addresses, device type, and browser.
Payment data: subscription status and billing cycle. Full payment card data is handled by our payment processor and never stored on our servers.
3. How We Use Your Data
To provide the service: matching workers with employers, fraud detection, email notifications, and platform functionality.
AI matching: your profile data is used to score compatibility with job postings. This processing is necessary to deliver the service you signed up for.
Security: we use usage data and profile data to detect fraud, duplicate accounts, and suspicious activity.
Communications: we send transactional emails (account events, application updates) and platform notifications. You may opt out of non-essential communications.
4. Legal Basis for Processing (GDPR)
Contract performance: processing necessary to provide the platform service you agreed to.
Legitimate interests: fraud detection, platform security, and service improvement.
Consent: optional features such as marketing emails.
5. Data Sharing
We share your data only in the following circumstances:
With employers: workers' profile information, match scores, and uploaded materials are visible to verified employers who have an active subscription and are searching for candidates matching your profile. Your contact details are only shared when you apply to a job or are shortlisted.
Service providers: we use third-party services for cloud storage, email delivery, and payment processing. All providers are contractually bound to process your data only as instructed.
Legal requirements: we may disclose data to comply with applicable law or lawful requests from authorities.
We do not sell your data. We do not share data with advertisers.
6. Sensitive Data
Passport numbers, administrator IDs, and similar identity data are encrypted using AES-256-GCM before being stored in our database. The encryption key is stored separately from the data. Only the minimum required staff can request decryption for verification purposes, and all access is logged in our audit system.
7. Data Retention
Active account data is retained for the duration of your account. If you delete your account, personal data is permanently deleted within 30 days, except where we are legally required to retain it (e.g., financial records for 7 years).
8. Your Rights (GDPR)
You have the right to: access your personal data; correct inaccurate data; delete your account and associated data; export your data in a portable format; restrict or object to certain processing; withdraw consent at any time.
To exercise these rights, email privacy@directhire.io. We will respond within 30 days.
9. Cookies
We use only strictly necessary cookies for authentication (JWT tokens stored as HttpOnly cookies) and session management. We do not use advertising or tracking cookies. See our Cookie Policy for full details.
10. Changes to This Policy
We may update this policy periodically. We will notify you of material changes by email and by displaying a notice in the platform. The date at the top of this page reflects the most recent update.
11. Contact
Data Protection Officer: privacy@directhire.io
DirectHire Ltd, Rruga e Durrësit 42, Tirana, Albania
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your country.