Privacy Policy
ASEL Recruit OS is a software product operated by ASEL Prestige Visuals, a business registered in the Netherlands (KVK 96890983), Helmond. Throughout this Privacy Policy, "ASEL", "we", "us" refer to ASEL Prestige Visuals acting as the legal data controller / processor for the ASEL Recruit OS platform.
We are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect data when you use the Service, in accordance with the EU General Data Protection Regulation (GDPR) and Dutch privacy law (Uitvoeringswet AVG).
1. Who We Are
Operator (legal entity): ASEL Prestige Visuals
Product / brand: ASEL Recruit OS
KVK: 96890983
Address: Helmond, Netherlands
General contact: hello@aselrecruitos.com
Data protection contact: hello@aselrecruitos.com
ASEL Prestige Visuals is the legal entity responsible for processing personal data in connection with the ASEL Recruit OS platform. Invoices for the Service are issued by ASEL Prestige Visuals.
2. What Data We Process
As Data Controller (data about you, our customer):
- Account data: name, email, company, role, credentials (protected with industry-standard cryptographic hashing and per-account salting).
- Billing data: invoicing details, payment status, transaction history.
- Usage data: login times, features used, IP address, browser type, activity logs.
- Communication: emails, support tickets, chat history.
As Data Processor (data you upload, on your customers'/candidates' behalf):
- Candidate data: name, contact details, CV/resume, work history, skills, references, photos (if uploaded).
- Job data: open positions, requirements, salary ranges.
- Company contact data: client companies, contact persons, communication logs.
- Recruitment workflow data: interview notes, status updates, scoring, eSign documents.
3. Legal Basis for Processing (GDPR Art. 6)
- Contract (Art. 6(1)(b)): providing the Service to you, billing, support.
- Legitimate interest (Art. 6(1)(f)): improving the Service, security, fraud prevention, analytics.
- Legal obligation (Art. 6(1)(c)): tax records, regulatory compliance, court orders.
- Consent (Art. 6(1)(a)): marketing communications; you may withdraw at any time.
For data you upload about candidates and contacts, you are the Data Controller and must have your own valid legal basis under GDPR Art. 6 (typically legitimate interest in recruitment, or consent).
4. Where Data Is Stored
ASEL Recruit OS runs on managed enterprise cloud infrastructure with EU-first data residency:
- Primary infrastructure: Cloudflare's global edge network with EU data residency configured by default.
- Application database: SOC 2 Type II-compliant managed cloud database, with EU regions selected where available.
- Backups: automated daily snapshots stored in EU regions; 30-day rolling retention; cross-region replication for operational continuity.
- AI processing: performed via enterprise APIs of trusted partners (see Section 5). No customer data is used to train foundation models.
5. Sub-Processors & Data Sharing
ASEL Recruit OS is built on a curated stack of enterprise-grade sub-processors, each selected for security posture, EU data residency capability, and operational reliability. Every sub-processor is bound by a Data Processing Agreement (DPA) with GDPR-equivalent or stronger protections.
| Sub-processor | Function | Region |
|---|---|---|
| Cloudflare, Inc. | Edge infrastructure, application hosting, network security, email routing | EU edge / global |
| Airtable, Inc. | Managed application database (SOC 2 Type II) | EU / US |
| OpenAI, Inc. | AI inference for workflow automation (zero-retention; no training on customer data) | US (SCCs) |
| Resend | Transactional email delivery (from June 2026) | EU / US |
| Twilio, Inc. | WhatsApp message intake (optional, per-tenant) | EU / US |
| Dropbox Sign | Electronic signature workflow for contracts | EU / US |
A full and continuously updated list of sub-processors is available on request. We notify customers 30 days in advance of any new sub-processor that will process Customer Data, giving you the opportunity to object.
We do not sell customer data. We do not share data with advertising networks. We do not use Customer Data to train AI models — neither our own, nor third-party foundation models.
6. International Transfers
Some sub-processors (OpenAI, Resend, Twilio) may process data in the United States. Such transfers are governed by EU Standard Contractual Clauses (SCCs) (Module 2 or 3 as appropriate), and supplementary measures including encryption in transit and at rest.
7. Data Retention
- Account data: while account is active + 30 days after closure.
- Candidate data (as Processor): retained according to Customer's instructions; auto-anonymized after 24 months of inactivity by default (configurable per tenant via Settings).
- Backups: 30 days rolling.
- Tax records: 7 years (Dutch legal requirement under Article 52 Algemene Wet inzake Rijksbelastingen).
- Activity logs: 12 months.
8. Your Rights (GDPR Art. 15-22)
- Access (Art. 15): request a copy of your data.
- Rectification (Art. 16): correct inaccurate data.
- Erasure (Art. 17): request deletion ("right to be forgotten").
- Restriction (Art. 18): limit how we process your data.
- Portability (Art. 20): receive your data in CSV format.
- Object (Art. 21): oppose processing based on legitimate interest.
- Withdraw consent: at any time, without affecting prior lawful processing.
- Automated decision-making (Art. 22): you have the right not to be subject to a decision based solely on automated processing.
To exercise these rights, email hello@aselrecruitos.com. We respond within 30 days (extendable by 60 days for complex requests).
9. Security & Operational Continuity
ASEL Recruit OS implements defense-in-depth security across every layer of the platform:
- Authentication: credentials protected with industry-standard cryptographic hashing and per-account salting; session tokens stored in secure, HTTP-only cookies with strict same-site enforcement.
- Encryption in transit: TLS 1.3 enforced across all customer-facing and internal endpoints.
- Encryption at rest: AES-256-equivalent encryption applied by infrastructure providers across all storage layers (application database, backups, edge caches).
- Access control: granular role-based permissions (Manager, Senior Recruiter, Recruiter, Accountant) with least-privilege defaults.
- Tenant isolation: multi-layer isolation enforced at both the row level and the data store level to prevent cross-tenant data exposure.
- Audit trail: immutable activity logs for every authenticated action, retained for 12 months.
- Operational continuity: automated daily backups with 30-day retention, replicated across EU regions; documented disaster recovery procedures.
- Breach notification: in the event of a personal data breach, affected customers are notified within 72 hours of discovery, as required by GDPR Articles 33–34.
- Vendor risk management: sub-processors selected on the basis of SOC 2 / ISO 27001 / GDPR-equivalent compliance posture.
10. GDPR Statement
ASEL Recruit OS is built with GDPR compliance as a core design principle:
- Privacy by Design (Art. 25): data minimization, role-based access, multi-tenant isolation.
- Privacy by Default: auto-anonymization enabled by default after 24 months of candidate inactivity.
- Data Subject Rights: built-in tools for export, anonymization, and deletion.
- Records of Processing (Art. 30): maintained per Article 30 GDPR.
- Data Processing Agreement: automatically applicable to all paid customers (Art. 28).
- EU Data Residency: primary infrastructure in EU; non-EU transfers governed by SCCs.
11. Cookies
See our Cookie Policy for details on cookies used by the Service.
12. Children
The Service is not intended for users under 18 years old. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at hello@aselrecruitos.com.
13. Changes to This Policy
Material changes will be notified by email at least 30 days in advance. Non-material changes (typos, clarifications) will be reflected in the "Last updated" date above.
14. Complaints to the Supervisory Authority
You have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Netherlands
Website: autoriteitpersoonsgegevens.nl
You may also complain to the Data Protection Authority in your EU member state of residence.
15. Contact
Questions about this Privacy Policy or our data practices:
hello@aselrecruitos.com