Baalvion

Data Protection Policy

Version 1.0 | Effective Date: March 15, 2026

1. Purpose & Scope

This Data Protection Policy outlines the commitment of Baalvion Industries Pvt Ltd ("Baalvion") to protecting personal data processed within our global talent acquisition platform, Jobs.Baalvion.com (the "Platform"). This policy applies to all personal data collected, processed, and stored by Baalvion, including data from candidates, employer clients, and platform users. It forms the foundation of our data governance framework and demonstrates our commitment to operating in a secure, transparent, and compliant manner.

2. Data Protection Principles

Baalvion adheres to the following core data protection principles:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.
  • Data Minimization: We ensure that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy: We take every reasonable step to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.

3. Types of Data Processed

We process various categories of data to provide our services:

  • Candidate Personal Data: Includes contact details, professional experience, education, skills, and any information contained within a resume or profile.
  • Employer Data: Includes company information, job descriptions, and hiring criteria provided by our clients.
  • Account Data: Includes user credentials, roles (e.g., recruiter, admin), and permissions.
  • Technical Log Data: Includes IP addresses, device information, and system activity logs for security and performance monitoring.
  • AI-Generated Analysis Data: Includes structured data parsed from resumes, candidate scores, and summaries generated by our proprietary AI models.

4. Legal Basis for Processing

Our processing activities are based on the following legal grounds:

  • Consent: Where a data subject has given clear consent for us to process their personal data for a specific purpose (e.g., a candidate applying for a job).
  • Contractual Necessity: Where processing is necessary for the performance of a contract to which the data subject is party (e.g., providing our platform services to a client).
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as platform security, analytics, and service improvement, provided these interests are not overridden by the rights of the data subject.
  • Legal Obligation: Where processing is necessary for us to comply with the law.

5. Data Security Measures

Baalvion implements a multi-layered security framework to protect data:

  • Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using industry-standard AES-256 encryption.
  • Access Control: We enforce a strict role-based access control (RBAC) model to ensure users can only access data necessary for their role.
  • Logging and Monitoring: System activity is extensively logged and monitored for suspicious behavior and security incidents.
  • Secure Infrastructure: Our platform is hosted on a leading cloud infrastructure provider that maintains a high level of physical and network security.
  • Incident Response: We have established procedures for responding to and mitigating the impact of any potential data security incident.

6. AI Data Governance

Our use of Artificial Intelligence is governed by a commitment to responsible and ethical practices:

  • Transparency: We are transparent about our use of AI for resume parsing and candidate scoring, as detailed in our Privacy Policy.
  • Human-in-the-Loop: AI-generated analysis serves as a tool to assist human recruiters. We do not make fully automated hiring decisions.
  • Bias Mitigation: We are committed to an ongoing process of identifying and mitigating potential biases in our algorithms and data.
  • Data Quality: We implement controls to ensure the quality and integrity of data used to train and operate our AI models.

7. Data Retention & Deletion

Data is retained only for as long as necessary:

  • Retention Schedules: Personal data is retained for the duration of an active account or application process. Specific retention periods are defined based on legal requirements and business needs.
  • Account Deletion: Upon account deletion or data subject request, personal data is either anonymized or permanently deleted from production systems in accordance with our procedures.
  • Backup Policies: Data in backups is isolated and protected from further processing and is deleted in line with our backup rotation cycle.

8. Third-Party Processors

We engage a limited number of third-party service providers ("sub-processors") for specific technical functions. All sub-processors are subject to a rigorous due diligence process and are bound by contractual agreements that ensure they meet our data protection and security standards. These include providers for cloud hosting, email delivery, and platform analytics.

9. International Data Transfers

As a global platform, data may be processed in jurisdictions outside of the data subject's home country. We ensure that all international data transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) and adherence to enterprise-level security standards across all processing locations.

10. Data Subject Rights Handling

Baalvion has established procedures to facilitate the exercise of data subject rights, including rights of access, rectification, erasure, restriction, and portability. All requests are handled in a timely manner, in accordance with applicable legal frameworks. Users can initiate a request through the contact information provided in our Privacy Policy.

11. Data Breach Management

In the event of a data breach, our incident response team will take immediate action to contain, investigate, and mitigate the incident. We will notify affected parties and relevant regulatory authorities in accordance with our legal obligations and our established breach notification procedures.

12. Governance & Accountability

Data protection is a core responsibility at Baalvion. We maintain an internal governance structure to oversee our data protection program, conduct regular policy reviews, and monitor for compliance with this policy and applicable regulations, including GDPR principles and India's Information Technology Act, 2000.

13. Contact & Escalation

For questions regarding this policy or our data protection practices, please contact our legal team at legal@baalvion.com. This is the designated channel for all data protection inquiries.

Jobs