Syncdit Logo
Legal

Privacy Policy

Last updated: 30 March 2026 · Effective: 30 March 2026

1. Introduction

This Privacy Policy applies to all personal data processed by WTS Energy Holding B.V. through the Syncdit platform (the "Platform"), including data collected from Talent Users, Recruiter Users, and visitors to our website.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Platform. This Privacy Policy should be read in conjunction with our Terms of Use.

2. Data Controller

The data controller responsible for the processing of your personal data is:

WTS Energy Holding B.V., Koninginnegracht 23, 2514 AB Den Haag, the Netherlands. Email: support@syncdit.ai

For all data protection inquiries, you may contact us at the email address above. We will respond within the timeframes required by the GDPR (generally within one month).

3. Definitions

In this Privacy Policy, the following definitions apply:

"Personal Data" means any information relating to an identified or identifiable natural person (data subject), as defined in GDPR Article 4(1).

"Processing" means any operation performed on Personal Data, including collection, recording, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.

"Talent User" means an individual who registers on the Platform as a job seeker, freelancer, consultant, or other talent role.

"Recruiter User" means a recruitment professional, agency, or HR representative who uses the Platform for recruitment purposes.

"AI Features" means all artificial intelligence and machine learning functionalities on the Platform, including CV analysis, job matching, fit analysis, and automated recommendations.

4. Data We Collect

We collect different categories of personal data depending on how you interact with the Platform:

4.1 Data from Talent Users

When you register and use the Platform as a Talent User, we may collect and process the following data:

Account & Identity Data

  • Full name (first name, last name)
  • Email address
  • Phone number (optional)
  • Password (stored in hashed form)
  • Google account identifier (if you register via Google)
  • Company or current employer (optional)

Profile & Professional Data

  • Professional title and biography
  • Location / geographic preference
  • Skills and competencies
  • Years of experience
  • Role type (talent, job seeker, freelancer, consultant)
  • Notification preferences (email, SMS)

CV & Document Data

  • Uploaded CV/resume files (PDF, DOCX, or other supported formats)
  • Structured CV data extracted through AI processing (work experience, education, certifications, languages, skills)
  • CV data created through our AI-assisted CV Creator tool

Recruitment Process Data

  • Job matching results and fit analysis scores
  • Your responses to job invitations (accept, decline)
  • Communication data from Talent Talks (multi-round recruitment conversations)
  • Salary expectations and negotiation data (Money Talks)
  • AI interview participation data and responses
  • Job application data submitted through our public job portal

4.2 Data from Recruiter Users

  • Account data (name, email, phone, company affiliation)
  • Company and organisational information
  • Job descriptions and hiring requirements
  • Candidate management and recruitment workflow data

4.3 Technical & Usage Data

We automatically collect certain technical data when you use the Platform:

  • IP address
  • Browser type and version
  • Device information and operating system
  • Session data (login times, session duration, user agent)
  • Pages visited and features used
  • Referral sources

4.4 Data from Third Parties

  • Google account data (name, email, profile picture) when you authenticate via Google OAuth.
  • Job application data submitted through partner job board platforms.

Sensitive Data: We do not intentionally collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation) as defined in GDPR Article 9. If such data is inadvertently included in uploaded documents, we implement measures to minimise its processing.

6. How We Use Your Data

We process your personal data for the following specific purposes:

  • Account Management: To create, maintain, and secure your account; to authenticate your identity; and to manage your profile settings and preferences.
  • CV Processing & AI Analysis: To process, parse, analyse, and structure your CV data using AI technologies; to generate vector representations (embeddings) of your professional profile for matching purposes.
  • Job Matching: To compare your profile and CV data against available job descriptions using AI algorithms; to generate match scores and fit analysis reports; to present you with relevant job opportunities.
  • Recruitment Facilitation: To facilitate communication between you and Recruiter Users through Talent Talks and Money Talks; to support AI-assisted interview processes; to manage your progression through recruitment workflows.
  • Communications: To send you service-related notifications (e.g., new job matches, invitation updates, interview scheduling); to deliver optional marketing communications where you have opted in.
  • Platform Improvement: To analyse usage patterns and performance metrics; to identify and fix technical issues; to develop new features and improve existing ones. We may use anonymised and aggregated data for these purposes.
  • Security & Compliance: To protect the Platform and our users from fraud, abuse, and unauthorised access; to monitor for terms violations; to comply with legal obligations.

We do NOT sell your personal data to third parties. Your data is processed only for the purposes described in this Privacy Policy.

7. AI & Automated Decision-Making

In accordance with GDPR Article 22, we are transparent about our use of AI and automated processing:

7.1 How We Use AI

  • CV Analysis: We use AI to parse, extract, and structure information from your CV documents, including identifying skills, experience, qualifications, and other professional attributes.
  • Vector Embeddings: Your professional profile data is converted into mathematical vector representations (embeddings) that enable semantic matching with job descriptions. These vectors capture the meaning and context of your professional experience.
  • Match Scoring: AI algorithms compare your profile vectors against job description vectors to generate compatibility scores and fit analysis reports.
  • AI-Assisted Communication: AI may assist in generating insights, suggestions, or structured content during recruitment communication processes.
  • AI Interviews: AI technology may be used to facilitate, record, and assist in evaluating interview sessions.

7.2 Human Oversight

Syncdit does not make solely automated decisions that produce legal effects or similarly significantly affect you. All AI outputs are advisory and are used to assist Recruiter Users in their decision-making processes. Final recruitment decisions — including shortlisting, interviewing, and hiring — are always made by human beings.

7.3 Your Rights Regarding AI Processing

As a Talent User, you have the right to:

  • Request information about the logic involved in AI-based processing of your data.
  • Request human review of any AI-generated assessment that affects you.
  • Express your point of view and contest any decision influenced by AI processing.
  • Object to AI processing of your data, subject to the conditions described in Section 12.

To exercise any of these rights, please contact us at support@syncdit.ai.

8. Data Sharing & Recipients

We share your personal data only when necessary and with appropriate safeguards:

Recruiter Users

When you accept a job matching invitation or apply to a job posting, relevant portions of your profile and CV data may be shared with the Recruiter User managing that opportunity. This is necessary to facilitate the recruitment process you have engaged in. We share only the information relevant to the specific opportunity.

Cloud Infrastructure & Hosting Providers

We use third-party cloud services (including Google Cloud Platform) for hosting, data storage (including secure document storage for uploaded CVs), and infrastructure. These providers process data on our behalf under Data Processing Agreements (DPAs) that comply with GDPR requirements.

AI Service Providers

We utilise third-party AI and machine learning services to power our AI Features. Data shared with these providers is processed under DPAs, and we implement appropriate technical and contractual safeguards to protect your data.

Authentication Providers

If you choose to register or log in via Google, limited data is exchanged with Google in accordance with Google's terms and our integration requirements.

Job Board Platforms

If you apply to positions listed on partner job boards, your application data may be shared with the relevant job board platform and the posting recruiter.

Communication & Email Services

We use third-party email services to send notifications and communications. These providers process limited personal data (email address, name) under DPAs.

Legal & Regulatory Authorities

We may disclose your data if required by law, court order, or regulatory request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Syncdit, our users, or the public.

All third-party data processors are bound by Data Processing Agreements that require them to process your data only for specified purposes, implement appropriate security measures, and comply with GDPR requirements.

9. International Data Transfers

Syncdit is based in the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA. When personal data is transferred outside the EEA, we ensure an adequate level of protection through one or more of the following safeguards:

  • Adequacy decisions: Transfers to countries recognised by the European Commission as providing adequate data protection (e.g., under the EU-US Data Privacy Framework where applicable).
  • Standard Contractual Clauses (SCCs): We execute EU-approved standard contractual clauses with recipients to ensure contractual data protection obligations.
  • Transfer Impact Assessments: Where required, we conduct assessments to evaluate the risks associated with specific transfers and implement supplementary measures as needed.

You may request information about the specific safeguards applied to any international transfer of your data by contacting us.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:

Data CategoryRetention Period
Account & identity dataDuration of account + 30 days after deletion request
Profile & professional dataDuration of account; editable and deletable at any time
CV & document dataDuration of account; deletable by user at any time
Recruitment process dataDuration of the relevant recruitment process + 12 months
AI interview dataDuration of the relevant recruitment process + 6 months
Technical & session logsUp to 90 days
Communication dataDuration of account; associated project data retained per above

Upon account deletion or your request for erasure, we will delete or anonymise your personal data within thirty (30) days, unless retention is required by law (e.g., for tax, regulatory, or legal compliance purposes). Anonymised data that can no longer identify you may be retained for analytical purposes.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Technical Measures

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Secure password hashing and storage.
  • Access controls and role-based permissions.
  • Regular security assessments and vulnerability monitoring.
  • Secure cloud infrastructure with industry-standard certifications.

Organisational Measures

  • Data access limited to authorised personnel on a need-to-know basis.
  • Confidentiality obligations for all employees and contractors who process personal data.
  • Regular review of data protection practices and policies.

Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours in accordance with GDPR Article 33. Where the breach is likely to result in a high risk, we will also notify affected data subjects without undue delay in accordance with GDPR Article 34.

While we take extensive precautions, no system can guarantee absolute security. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorized access to your account.

12. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. These rights apply to all users, with particular relevance to Talent Users whose data is processed for recruitment purposes:

Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data, and if so, to request access to that data and information about how it is processed. We will provide a copy of your data in a commonly used electronic format.

Right to Rectification (Art. 16)

You have the right to request correction of inaccurate personal data and to have incomplete data completed. You can update most of your profile and CV data directly through the Platform.

Right to Erasure / Right to be Forgotten (Art. 17)

You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where consent was the legal basis), or when the data has been unlawfully processed. Certain data may be retained where we have a legal obligation to do so.

Right to Restriction of Processing (Art. 18)

You have the right to request that we restrict the processing of your data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification of our legitimate grounds.

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV), and to transmit that data to another controller. This right applies to data processed based on consent or contract performance.

Right to Object (Art. 21)

You have the right to object to the processing of your personal data based on legitimate interests (Art. 6(1)(f)). Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights, or the processing is necessary for the establishment, exercise, or defence of legal claims.

Right Not to Be Subject to Automated Decisions (Art. 22)

You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. As described in Section 7, Syncdit uses AI to assist human decision-makers and does not make solely automated decisions with such effects.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You can manage some consent preferences in your profile settings or by contacting us.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at support@syncdit.ai. We will verify your identity before processing your request. We will respond within one (1) month of receipt. This period may be extended by up to two (2) additional months for complex or numerous requests, in which case we will inform you of the extension within the first month.

Exercising your rights is free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, or refuse to act on such requests, in accordance with GDPR Article 12(5).

13. Children's Privacy

The Syncdit Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data as soon as reasonably practicable.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us at support@syncdit.ai.

14. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for the Platform to function properly, including session management and authentication. These cannot be disabled.
  • Functional cookies: Used to remember your preferences and settings (e.g., language, notification preferences).
  • Analytics cookies: Used to understand how the Platform is used and to improve performance and user experience. Where applicable, analytics data is anonymised or aggregated.

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of the Platform.

15. Third-Party Links

The Platform may contain links to third-party websites, services, or applications that are not operated by Syncdit. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of the Platform. When we make changes:

  • We will update the "Last updated" date at the top of this page.
  • For material changes that significantly affect how we process your data, we will provide prominent notice through the Platform or by email at least fourteen (14) days before the changes take effect.
  • Where required by law, we will obtain your consent before applying significant changes to our data processing practices.
  • Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes acknowledgement of the changes.

17. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Syncdit is:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

Bezuidenhoutseweg 30, 2594 AV The Hague, the Netherlands

Phone: +31 70 888 8500

Website: autoriteitpersoonsgegevens.nl

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence or place of work.

Before filing a complaint with a supervisory authority, we encourage you to contact us first so we can try to resolve your concern directly.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

WTS Energy Holding B.V.

Koninginnegracht 23, 2514 AB Den Haag, the Netherlands

Email: support@syncdit.ai

We aim to respond to all privacy-related enquiries within one (1) month, as required by GDPR Article 12(3). For complex requests, this period may be extended by up to two (2) additional months, in which case we will inform you accordingly.