Sitch – Privacy Policy

Effective Date: [Insert Date]

Last Updated: [Insert Date]

1. Introduction

Sitch ("we," "us," or "our") is committed to protecting the privacy of our users and the individuals whose data is processed through our platform.

This Privacy Policy explains how we collect, use, store, and protect personal information when providing our predictive, judgment-based assessment services ("Services") to customers in South Africa, the European Union/EEA, and the United States.

We comply with:

  • General Data Protection Regulation (GDPR) – EU/EEA
  • Protection of Personal Information Act (POPIA) – South Africa
  • California Consumer Privacy Act (CCPA) and applicable US state laws

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Account & Contact Information: Name, email address, phone number, job title, employer.
  • Assessment Data: Responses to assessments, scores, and related analytics.
  • Technical Data: IP address, device type, browser type, operating system, usage logs.
  • HR or Candidate Data: Information provided by employers about candidates or employees (e.g., CV/resume, employment history, education).

3. How We Collect Personal Data

We collect data through:

  • Direct input by users when creating accounts or completing assessments.
  • Information provided by our customers (e.g., HR teams uploading candidate data).
  • Automated tracking via cookies and similar technologies.
  • Communication with our support team or through our website forms.

4. How We Use Personal Data

We process personal data for the following purposes:

  • Delivering and managing the Services.
  • Providing assessment reports and analytics.
  • Improving and developing the Services.
  • Responding to inquiries and providing support.
  • Meeting legal and regulatory requirements.

We will not use personal data for purposes that are incompatible with those listed above without prior consent.

5. Legal Basis for Processing (GDPR & POPIA)

We process personal data under one or more of the following legal bases:

  • Consent (where required by law).
  • Contract: Processing necessary to perform our contract with you or your employer.
  • Legal obligation: Compliance with legal or regulatory requirements.
  • Legitimate interests: Operating and improving our Services, preventing fraud, and ensuring security.

6. Sharing of Personal Data

We may share personal data with:

  • Service providers who help us operate the platform (e.g., hosting, analytics, email delivery).
  • Employers/Customers who have invited you to use the Services.
  • Legal authorities when required by law.

We do not sell personal data to third parties.

7. International Data Transfers

Because we operate globally, your data may be transferred and stored in countries outside your own, including Ireland, the United States, and South Africa.

We ensure that such transfers are conducted in compliance with applicable laws, using safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • POPIA-compliant cross-border transfer requirements.
  • Encryption in transit and at rest.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations.

9. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing of your data.
  • Data portability.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

To exercise your rights, contact us at: [Insert Contact Email].

11. Cookies & Tracking

We use cookies and similar technologies to improve user experience, analyze usage, and deliver relevant content. You can manage cookies through your browser settings.

12. Children's Privacy

Our Services are not intended for children under 18, and we do not knowingly collect their personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised "Last Updated" date.

14. Contact Us

For questions about this Privacy Policy or our data practices, contact:

Data Protection Officer – Sitch

[Business Address – Ireland]

[Email Address]