To Top
Close

Privacy and AI Policy

Your trust matter to us

NAVIGATE TO EACH SECTION FOR INFORMATION ON HOW XOOTS HANDLES PRIVACY, PROTECTS DATA, AND COMPLIES WITH AI REGULATIONS.

Data PrivacyCookie PolicyTerms of ServiceAI Policy

Data Privacy

Privacy Principles
COMMUNITY MEMBERS CONTROL THEIR PERSONAL DATA

We believe you should be in control of your personal data. Consistent with this belief:

  • We will delete your personal data if you ask us to, including if asked when you cancel your community membership.
  • We will provide you with access to your personal data if you ask us to, including if asked when you cancel your community membership.
  • Our Privacy Policy describes how we share personal data. We will otherwise share your personal data with others only if you ask us to. For example, we would share it with a company who is using our services and you are considered as a team member for the assignments
XOOTS EMPLOYEES OR ASSOCIATES ONLY ACCESS COMMUNITY MEMBER PERSONAL DATA WHEN REQUIRED TO PROVIDE SERVICES AND SUPPORT
  • We prioritize the accountability and the security of your personal data. Our policy is that a community member’s personal data is not to be accessed or shared by anyone at XOOTS without an explicit need to do so. Consistent with these priorities and our policy:
  • Community membership services team builders, but management team members, data scientists, and technical team members are not permitted to access your personal data without a legitimate business need.
  • We maintain a log that tells us who has accessed member personal data and when.
  • We actively evaluate data access logs and investigate any anomalies for data access.
XOOTS DOES NOT SELL COMMUNITY MEMBER PERSONAL DATA

Our business model is to provide client initiatives to our members in exchange for their membership of our community. As such, we never sell our community members’ personal data. This is our promise and we want to be clear that we use third party cookies and other tracking technologies.

WE BELIEVE THAT THIRD PARTIES SHOULD BE PREVENTED FROM INVADING OUR MEMBERS’ LIVES BY ACCESSING THEIR XOOTS DATA

Like all other companies, XOOTS may from time to time receive requests for member data from third parties, like governmental entities and private parties engaged in civil litigation. Here are the key principles we stand by when evaluating these requests:

  • We will never voluntarily disclose member data in response to a request by a governmental entity or civil litigant.
  • We will never provide any governmental entity or civil litigant with direct access to our members data.
  • We will never provide copies of member data held by us to any governmental entity or civil litigant without a valid, narrowly tailored, and legally-binding request (e.g. warrant or court order).
  • If we receive a request for a members’ data, we will provide notice to the member by sending an email to the email address we have on file for that member.
  • We are prepared to fight to protect our members privacy in court if necessary. We will reject, challenge or object to any data access requests from a governmental entity or civil litigant that we believe are invalid, overly broad, unclear, or otherwise inappropriate

XOOTS Data Privacy Policy

At XOOTS, we are committed to protecting the privacy and personal data of our community members, clients, and candidates. This policy outlines how we collect, use, and safeguard personal data while ensuring compliance with GDPR and other relevant privacy laws.

1. Privacy Principles

We believe in empowering individuals to control their personal data. Our core principles include:

  • Deleting or providing access to personal data upon request.
  • Sharing personal data only with third parties when requested or necessary for service delivery, such as clients using XOOTS services for candidate evaluation.
  • Restricting internal access to personal data to XOOTS employees with a legitimate business need.
2. Data Controller and Processor Roles

XOOTS operates both as a Data controller and Data processor, depending on the nature of the data:

  • XOOTS Candidates: XOOTS is the Data controller for individuals who interact directly with XOOTS (e.g., candidates we recruit). This means XOOTS is responsible for collecting, managing, and ensuring proper consent for personal data.
  • Clients’ Candidates: For clients who use XOOTS’s platform, XOOTS acts as a Data processor, processing candidates’ data on the client’s behalf. In this case, the client is responsible for obtaining consent and managing data retention.
3. Personal Data Collection

We collect personal data when individuals register, create profiles, or engage with our services. This data includes:

  • XOOTS Candidates: Personal data such as name, contact details, work history, and skills, collected directly by XOOTS to match talent with relevant opportunities.
  • Clients’ Candidates: Clients’ candidates who use XOOTS’s platform for interviews or assessments may provide similar data, which XOOTS processes on behalf of the client.
4. Consent and Retention

  • XOOTS Candidates: XOOTS directly manages the consent process for its candidates and will refresh consent for inactive candidates every 12 months. Candidates can request to have their data deleted at any time.
  • Clients’ Candidates: XOOTS clients are responsible for obtaining initial consent and sending renewal notices (e.g., every 12 months) for their candidates. XOOTS provides the tools necessary for clients to manage this process but does not directly contact candidates on behalf of the client.
5. Personal Data Use

We use personal data to match individuals with relevant job opportunities, provide training, and offer support services. For XOOTS Candidates, this includes sharing relevant data with clients when necessary. For Clients’ Candidates, we process data as directed by our clients to deliver assessments, evaluations, and other services.

6. Personal Data Protection

XOOTS employs technical and organizational measures to protect personal data from unauthorized access or alteration. We maintain:

  • Strict access logs to track when and by whom personal data is accessed.
  • Regular evaluations of these logs to ensure data protection protocols are followed.
  • Encryption and secure storage of all personal data, whether for XOOTS Candidates or Clients’ Candidates.
7. Client Responsibilities

Clients using XOOTS’s platform for their own candidates are responsible for:

  • Ensuring GDPR compliance, including obtaining and managing consent.
  • Sending periodic reminders (e.g., every 12 months) to their candidates to ensure consent is maintained.
  • Managing data retention according to their own policies and ensuring data deletion when required.
8. Data Access Requests

All individuals, whether XOOTS Candidates or Clients’ Candidates, have the right to request access, correction, or deletion of their personal data. Please contact our Data Protection O_icer (DPO) at info@xoots.biz for assistance. We will also notify individuals in the event of a data breach.

9. Data Breach and Compliance

XOOTS is prepared to reject, challenge, or object to any data access requests that are deemed invalid or overly broad. We are committed to protecting user data in compliance with GDPR and other relevant laws.

10. Updates to Privacy Policy

XOOTS reserves the right to update this privacy policy and will notify users via email or through the website. Continued use of XOOTS services following updates signifies acceptance of the revised policy.

Contact Information

If you have any questions or concerns about this policy, please contact our Data Protection O]icer (DPO) at info@xoots.biz.

Data Privacy Definitions

Personal data: Any information that can be used to identify a person, including name, email address, phone number, and IP address.

Data controller: The organization or individual that determines the purpose and means of processing personal data.

Data processor: An organization or individual that processes personal data on behalf of a data controller.

Data subject: The person to whom the personal data relates.

Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or destruction.

Consent: The freely given, specific, informed, and unambiguous indication of a person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

GDPR: General Data Protection Regulation, a data privacy regulation in the European Union that governs the processing of personal data.

CCPA: European Union Consumer Privacy Act, a data privacy law in European Union that regulates the collection, use, and sharing of personal information of European residents.

PII: Personally identifiable information, any information that can be used to identify a person.

Anonymization: The process of removing personal data so that it can no longer be associated with an individual.

De-identification: The process of removing personal data so that it can no longer be associated with an individual without the use of additional information.

Data breach: The unauthorized or accidental access, disclosure, or loss of personal data.

Right to be forgotten: The right of a person to request the deletion of their personal data from an organization’s records.

Privacy by design: The principle of designing products and services with privacy in mind from the outset.

Cookie Policy

This website uses cookies to provide a better user experience. Cookies are small text files that are stored on your device when you access and use our website. They help to improve the performance and functionality of our website, as well as to provide us with information about how the website is used.

TYPES OF COOKIES

We use different types of cookies on our website, including:

Strictly necessary cookies: These cookies are essential to enable you to use the website and its features, such as accessing secure areas of the site. Without these cookies, services you have requested, such as shopping baskets or e-billing, cannot be provided.

Performance cookies: These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous.

Functionality cookies: These cookies allow the website to remember choices you make and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.

Targeting or advertising cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement, as well as to help measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers.

COOKIES WE USE

We use the following cookies on our website:

Google Analytics: This cookie enables us to collect anonymous information about how visitors use our website, such as which pages are visited the most, and to help us improve the website. The information collected by this cookie is anonymous and cannot be used to identify you.

Functional cookies: We use functional cookies to remember the choices you make on our website, such as your preferred language or region, and to provide enhanced features.

Session cookies: These cookies allow you to use essential features of the website, such as navigating between pages or accessing secure areas.

COOKIE CONTROL

You can control and manage cookies in several ways. Most browsers allow you to delete cookies or to reject cookies altogether. However, if you choose to block or delete cookies, certain features of our website may not work properly, and your browsing experience may be impacted.

CONTACT US

If you have any questions or concerns about our use of cookies, please contact us at info@xoots.biz

Terms of Service

By using the XOOTS website and its associated services, you agree to the following terms and conditions:

1. General

The XOOTS website (the “Site”) is an online platform connecting skilled professionals (“Members”) with companies or organizations seeking their services (“Clients”). XOOTS is not an employment agency, and the relationship between Members and Clients is that of independent contractors. XOOTS is not responsible for the actions or conduct of Members or Clients, or for any project outcomes.

2. Use of the Site

The Site is intended solely for personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell any information, software, products, or services obtained from the Site.

3. Account Registration

To join the community, you must register. By registering, you agree to provide accurate and complete information and to keep your information updated. You are responsible for maintaining the confidentiality of your account login information and are fully responsible for all activities that occur under your account. XOOTS reserves the right to suspend or terminate your account at any time for any reason.

4. Fees

Clients are responsible for paying fees to XOOTS for the services provided. XOOTS may charge a commission or other fee for the services provided. Fees are subject to change at any time, and the most current fees will be communicated to clients.

5. Confidentiality

Community members and Clients must maintain the confidentiality of any information exchanged on the Site, including but not limited to project details and intellectual property. XOOTS is not responsible for any breach of confidentiality.

6. Dispute Resolution

Any dispute arising out of or in connection with the Site, including but not limited to disputes between Members and Clients, shall be resolved through mediation and/or arbitration in accordance with the rules of the European Union. The decision of the mediator or arbitrator shall be final and binding.

7. Limitation of Liability

XOOTS shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or use, arising from the use or inability to use the Site or its services, even if XOOTS has been advised of the possibility of such damages.

8. Governing Law

These terms and conditions shall be governed by and construed in accordance with the laws of the European Union. Any legal action arising out of or in connection with the Site shall be brought in the state courts located in European Union. .

9. Changes to the Terms of Service

XOOTS reserves the right to modify or replace these terms and conditions at any time. The most current version of the terms and conditions will be posted on the Site. Your continued use of the Site following the posting of any changes to the terms and conditions constitutes acceptance of those changes.

If you have any questions or concerns regarding these terms and conditions, please contact us at info@xoots.biz

AI Policy

XOOTS AI Policy

At XOOTS, we are commi1ed to deploying AI technologies responsibly and in compliance with the EU AI Act and other relevant regula>ons. This policy outlines how XOOTS approaches the development, implementa>on, and use of AI technologies, focusing on transparency, accountability, and ethical use.

1. Ethical AI Use

XOOTS is dedicated to ensuring that AI is used ethically, responsibly, and in a manner that respects individual privacy and data protection rights. We are committed to:

  • Developing and deploying AI solutions that are non-discriminatory and free from bias.
  • Ensuring Transparency in all AI processes, including the decisions AI systems make and the data they use.
  • Providing clear explanations of how our AI systems work, especially in areas like talent assessment, candidate evaluations, and automation.
2. Data Handling and Privacy

  • XOOTS Candidates: XOOTS directly manages AI-driven data for its own candidates, ensuring that all data used in AI models has the proper consent. We periodically refresh consent for inactive candidates every 12 months.
  • Clients’ Candidates: For clients using AI-powered services on our platform, XOOTS acts as a data processor. Clients must obtain and maintain consent for using AI in assessments and ensure they meet all regulatory requirements, including sending periodic renewal reminders.
  • AI-driven data (such as transcripts, videos, and assessments) is processed securely in compliance with GDPR and the EU AI Act.
3. Transparency and Explainability

We prioritize transparency in AI operations:

  • clear explanations: Candidates and clients will receive clear and concise explanations about how XOOTS’s AI systems are making decisions (e.g., in talent assessments or interviews).
  • Right to contest: Both candidates and clients have the right to contest automated AI decisions, ensuring that human oversight is always available when needed.
4. Human Oversight

We believe in human oversight as a core principle of ethical AI use:

  • While our AI systems assist in decision-making, human oversight is always involved in high-impact decisions, such as candidate evaluations.
  • Clients remain responsible for overseeing AI outcomes when using XOOTS’s platform.
5. Compliance with the EU AI Act

XOOTS is fully compliant with the EU AI Act. Our AI systems are developed with Privacy by design and data minimization in mind, ensuring that they adhere to GDPR and AI-specific regulations. This includes:

  • Risk assessments for AI-driven systems to identify potential biases, inaccuracies, or risks to fundamental rights.
  • Continuous monitoring to ensure AI systems perform as intended without violating the privacy or autonomy of individuals.
  • Consent management tools that clients can use to ensure compliance with both GDPR and the EU AI Act.
6. Security and Data Protection

We use industry-leading measures to protect AI-driven data, including:

  • Encryption: All AI-related data is encrypted both in transit and at rest.
  • Access controls: Only authorized personnel can access AI systems and the data they process.
  • Data retention: AI-generated data is stored only as long as necessary for its intended purpose, in line with GDPR regulations.
7. Client Responsibili+es

Clients using XOOTS’s AI solutions are responsible for ensuring compliance with the EU AI Act, including:

  • Obtaining informed consent from their candidates for AI-powered assessments and evaluations.
  • Using XOOTS’s consent management tools to send periodic reminders to candidates, ensuring continued compliance with privacy laws.
  • Overseeing the impact of AI-driven decisions on their candidates and ensuring fairness.
8. Contact Informa+on

For any questions or concerns regarding this policy, or to request access, correction, or deletion of data processed by our AI systems, please contact our Data Protection Officer (DPO) at info@xoots.biz.