Close

Privacy and AI Policy

Your trust matters to us

We are committed to protecting your data and using AI responsibly in compliance with the GDPR and OTHER APPLICABLE REGULATIONS. NAVIGATE TO EACH SECTION FOR INFORMATION ON HOW XOOTS HANDLES PRIVACY, PROTECTS DATA, AND COMPLIES WITH AI REGULATIONS.

AI PolicyData PrivacyCookie PolicyTerms of Service

AI Policy

XOOTS AI Policy
Introduction

This AI Policy outlines XOOTS’s unwavering commitment to ethical, transparent, and fair AI practices. Guided by global regulations like the EU AI Act, our mission is to ensure that AI technologies serve humanity responsibly, fostering trust, privacy, and innovation. This policy serves as a framework for how we develop, deploy, and manage AI tools to support clients in transforming talent recruitment and development while safeguarding individual rights.

Ethical AI Use

XOOTS is committed to the ethical and responsible use of AI, ensuring fairness, privacy, and compliance with global regulations. Our AI-driven solutions are designed to empower clients while protecting individual rights. This includes developing non-discriminatory systems, minimizing risks of bias, and upholding the highest ethical standards in talent assessment and recruitment.

AI in Interviews

XOOTS leverages AI to analyse candidates’ verbal responses during interviews, generating actionable insights to support fair and informed decision-making. Our analysis focuses exclusively on content and context, avoiding non-verbal cues like tone of voice or facial expressions to maintain objectivity. Additionally, our integrity assessment flags potential anomalies but does not impact candidate evaluations, reinforcing transparency and fairness in the recruitment process.
This processing is limited to individual interview analysis and does not include using this data for training any AI models.

AI in External Searches (Search-X Data Processing Activities)

Search-X identifies candidates for specific roles by processing:

  • Name and contact information (e.g., email, phone, LinkedIn).
  • Job titles, companies, education, and qualifications.
  • Skills, endorsements, and profile summaries.
  • Job descriptions (including summaries) and non-confidential client details.
Accuracy and Fairness

XOOTS is committed to ensuring the accuracy and fairness of its AI systems. This includes implementing regular Data Quality Checks to identify and correct errors or biases in the data used to support our AI analysis.

Transparency and Explainability

XOOTS’s AI analyses verbal responses to pre-set questions, offering
insights on domain knowledge, soft skills, and role fit. It excludes tone, facial expressions, and CV analysis. Computer Vision monitors interview integrity by generating a trust score, used only to flag concerns—not for candidate assessment. Guided by EU AI Act principles, XOOTS emphasizes transparency and human oversight, ensuring clients have the final hiring decision with the ability to override AI assessments.

Right to contest

XOOTS upholds candidates’ right to challenge AI-generated insights. If a candidate finds the AI’s analysis inaccurate or unfair, they may contact our Data Protection Officer (DPO) at info@xoots.biz. For transparency, clients may share the interview transcript with candidates upon request. XOOTS will:

  • Review the AI’s findings and address the candidate’s concerns.
  • Share the review outcome with the client for consideration. The client remains accountable for factoring the review into their final hiring decision, ensuring a balanced and fair process
Monitoring and Evaluation

XOOTS recognizes the potential for bias in AI systems, even without demographic data processing. To ensure fairness, we perform regular Data Quality Checks, monitor candidate selection impacts, and address errors or disparities as part of our commitment to responsible AI practices.

GDPR Alignment in Data Subject Requests (Your Data Rights)

Individuals using the XOOTS platform can request access, correction, deletion, or restriction of their personal data. We retain data for up to 12 months unless required otherwise by law. Consent is obtained via clear opt-in mechanisms in invitation emails. Clients must refresh consent every 12 months, and XOOTS, as a data processor, supports clients in managing these requests.

Human Oversight and Accountability

XOOTS emphasizes human oversight in AI-driven recruitment.
While our AI delivers insights, clients retain full control over final hiring decisions, with the ability to override AI assessments.

Data Privacy

Privacy Principles
Empowering Candidates and Clients to Control Their Data

XOOTS ensures that all candidates and clients have full control over their personal data. We commit to:

  • Deletion on Request: Personal data will be promptly deleted upon request.
  • Access on Request: Candidates and clients can request access to their personal data at Any time.
  • Sharing with Consent: Personal data is shared only when explicitly authorized by the individual or required for service delivery, such as client-requested candidate evaluations.
Restricting Internal Access to Personal Data

Personal data is accessible only to authorized XOOTS personnel with a legitimate business need.
We strictly enforce data access policies to safeguard data:

  • All data access is logged, monitored, and audited regularly.
  • Any anomalies in access logs are promptly investigated to ensure compliance and accountability.
Commitment to Data Privacy and Non-Sale of Data

XOOTS does not and will not sell personal data to third parties. This commitment ensures that data is used solely for delivering services and creating value for candidates and clients.

Protecting Data from Third-Party Interference

XOOTS upholds the privacy of candidates and clients by adhering to the following principles regarding third-party data requests:

  • Personal data will only be disclosed in response to a valid, narrowly tailored, and legally binding request (e.g., court order or warrant).
  • XOOTS will never provide direct access to its systems or databases to any third party.
  • Individuals will be notified of such requests unless prohibited by law.
  • XOOTS will challenge overly broad or inappropriate data requests in court, if necessary.
Transparency in Data Processing

XOOTS prioritizes transparency by:

  • Maintaining a detailed Privacy Policy outlining data collection, usage, retention, and Rights.
  • Clearly communicating how personal data is processed, stored, and safeguarded.

XOOTS Data Privacy Policy

XOOTS’s Compliance with GDPR and AI Act

This document outlines XOOTS’s comprehensive approach to complying with the General Data Protection Regulation (GDPR) and the EU AI Act, demonstrating a commitment to safeguarding user privacy and
ensuring responsible AI development and deployment. It details specific measures and policies implemented by XOOTS and its clients to meet the requirements of these regulations.

1. GDPR Compliance

1.1 Data Subject Rights (Your Data Rights)

XOOTS recognizes and upholds the rights of individuals concerning their personal data, as stipulated by the GDPR. The platform facilitates the exercise of these rights, empowering users to control their
Information.

  • Access: Individuals have the right to access their personal data processed by XOOTS on behalf of clients. This includes the right to obtain confirmation of whether or not their data is being processed and to receive a copy of that data.
  • Correction: Individuals can request the correction of inaccurate or incomplete personal data.
  • Deletion: Individuals have the right to request the deletion of their personal data, also known as the “right to be forgotten,” when certain conditions are met, such as when the data is no longer necessary for the purposes for which it was collected or if consent is withdrawn.
  • Restriction of Processing: Individuals can request the restriction of the processing of their personal data under specific circumstances, such as when they contest the accuracy of the data or object to the processing.

As a data processor, XOOTS supports clients (data controllers) in managing these requests. Users should contact the respective client to exercise their rights, with XOOTS providing technical assistance.

1.2 Lawful Basis for Processing

XOOTS conducts all data processing activities under GDPR-defined lawful bases, primarily relying on user consent.

  • Consent Capture: Clear, opt-in consent is obtained via platform invitation emails, explaining how and why data will be processed. Consent is explicit and actionable, requiring users to click “Agree” or check a box to confirm their understanding.
  • Consent Renewal: Clients are tasked with renewing user consent annually through reminder notices, ensuring compliance with GDPR guidelines and maintaining user control. XOOTS provides tools to streamline this process for clients.

1.3 Data Retention

XOOTS follows GDPR’s principle of data minimization, ensuring personal data is retained only for its intended purpose.

  • Retention Period: Personal data processed for clients is stored for up to 12 months unless legally required or justified by legitimate business needs. This approach balances compliance with GDPR and industry standards, fostering responsible data management.

1.4 Transparency

XOOTS prioritizes transparency in its data processing activities, ensuring users are informed about how their data is used and protected.

  • Privacy Policy: XOOTS maintains a comprehensive privacy policy outlining its data processing practices, including the types of data collected, the purposes of processing, data retention policies, and information on how individuals can exercise their data subject rights.
2. AI Act Compliance

2.1 Ethical AI Use

XOOTS is committed to using AI ethically and responsibly in a manner that respects individual privacy and data protection rights. This commitment is reflected in its AI policy, which guides the development, implementation, and use of AI technologies within the platform. Key aspects of ethical AI use include:

  • Fairness and Non-discrimination: XOOTS strives to ensure its AI systems are free from bias and do not discriminate against individuals or groups. The platform is designed to promote fairness in the candidate evaluation process.
  • Transparency and Explainability: XOOTS prioritizes transparency in its AI operations. Candidates and clients receive clear explanations about how the platform’s AI systems make decisions, such as in talent assessments or interview analysis. This transparency enables users to understand the rationale behind AI-driven insights and helps build trust.
  • Human Oversight: While XOOTS leverages AI to enhance efficiency and provide valuable insights, human oversight is maintained in critical decision-making processes, especially in candidate evaluations. This ensures AI is used as a tool to augment human judgment, not replace it. Clients remain ultimately responsible for overseeing AI outcomes when using the XOOTS platform.

2.2 Data Handling and Privacy

XOOTS ensures that data used in its AI systems is handled responsibly and in compliance with data protection regulations, including the GDPR and the AI Act. Specific measures include:

  • Data Security: XOOTS implements robust security measures to protect AI-driven data, including encryption of data in transit and at rest and strict access controls to limit access to authorized personnel.
  • Data retention: AI-generated data is retained only as long as necessary for its intended purpose, aligning with the GDPR’s data minimization principle. XOOTS has implemented a 12-month data retention policy, as previously mentioned.
  • Consent Management: For data processed specifically for AI purposes, such as interview transcripts or video recordings used for AI analysis, XOOTS and its clients ensure that proper consent is obtained from candidates. This includes providing candidates with clear information about how their data will be used for AI and obtaining their explicit consent for this processing. Clients are responsible for managing consent and sending renewal notices to candidates every 12 months.

2.3 Compliance Mechanisms

XOOTS actively monitors and evaluates its AI systems to ensure compliance with regulatory requirements and adherence to ethical AI principles. Key mechanisms include:

  • Risk assessments: XOOTS conducts thorough risk assessments for its AI-driven systems to identify potential biases, inaccuracies, or risks to fundamental rights. This proactive approach helps mitigate potential harms and ensure responsible AI development.
  • Continuous monitoring: XOOTS continuously monitors its AI systems to ensure they perform as intended and do not violate user privacy or autonomy. This ongoing monitoring helps identify and address any potential issues or unintended consequences of AI deployment.
  • Transparency and Reporting: XOOTS maintains open communication channels with its clients and candidates, providing information about its AI policies, data handling practices, and compliance mechanisms. This transparency fosters trust and allows stakeholders to understand how AI is used within the platform.

Data Privacy Definitions

Personal data: Any information that can be used to identify a person, including name, email address, phone number, and IP address.

Data controller: The organization or individual that determines the purpose and means of processing personal data.

Data processor: An organization or individual that processes personal data on behalf of a data controller.

Data subject: The person to whom the personal data relates.

Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or destruction.

Consent: The freely given, specific, informed, and unambiguous indication of a person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

GDPR: General Data Protection Regulation, a data privacy regulation in the European Union that governs the processing of personal data.

CCPA: European Union Consumer Privacy Act, a data privacy law in European Union that regulates the collection, use, and sharing of personal information of European residents.

PII: Personally identifiable information, any information that can be used to identify a person.

Anonymization: The process of removing personal data so that it can no longer be associated with an individual.

De-identification: The process of removing personal data so that it can no longer be associated with an individual without the use of additional information.

Data breach: The unauthorized or accidental access, disclosure, or loss of personal data.

Right to be forgotten: The right of a person to request the deletion of their personal data from an organization’s records.

Privacy by design: The principle of designing products and services with privacy in mind from the outset.

Terms of Service

By using the XOOTS platform and associated services, you agree to the following terms and conditions:

1. General

The XOOTS platform (the “Platform”) is an AI-powered service designed to facilitate talent assessment, recruitment, and candidate evaluation for its clients (“Clients”). XOOTS itself does not interview, hire, or employ candidates; it provides the technology and tools that Clients use for these purposes.


Candidates who participate in assessments via the XOOTS Platform are considered “Clients’ Candidates” and interact with the Platform as part of their evaluation process. Clients are responsible for ensuring that their candidates understand how their data will be processed.

2. Use of the Site

The Platform is intended for professional use by Clients and their authorized representatives, as well as for Candidates participating in assessments. By using the Platform, you agree to:

  • Access the Platform solely for its intended purpose of facilitating talent assessments and related activities.
  • Not copy, modify, distribute, or create derivative works from the materials, software, or services provided by XOOTS without explicit authorization.

3. Account Registration and Management

Both Clients and Clients’ Candidates must register an account to use the Platform. By registering, you agree to:

  • Provide accurate and up-to-date information during registration.
  • Keep your login credentials secure and confidential.
  • Be responsible for all activity that occurs under your account.

for Clients’ Candidates, accounts are created solely after participating in AI-driven interviews, assessments. Candidates’ accounts remain active for the duration of the recruitment or assessment process, subject to data retention policies outlined in Section 6. XOOTS reserves the right to suspend or terminate accounts for misuse, non-compliance with these terms, or other valid reasons.

4. Fees and Payments

  • Clients are responsible for all fees associated with the use of the Platform, including subscription charges or other agreed-upon costs.
  • Clients’ Candidates do not pay fees to use the Platform for assessments, as their participation is managed by the Client.
  • Fees are subject to change, and XOOTS will notify Clients of any updates. Continued use of the Platform after such changes constitutes acceptance of the updated fees.

5. Confidentiality

Clients are responsible for maintaining the confidentiality of candidate data, assessments, and other proprietary information accessed through the Platform. XOOTS implements data protection measures but cannot be held responsible for breaches resulting from Client misuse or negligence.

6. Candidate Data & Data Protection Compliance

XOOTS operates in compliance with GDPR and other applicable data protection laws.

  • Clients act as Data Controllers, meaning they are responsible for obtaining proper consent from their candidates to process personal data.
  • XOOTS acts as a Data Processor, processing data on behalf of Clients and providing tools to manage consent, retention, and deletion requests.

For Clients’ Candidates::

  • Registration and participation in assessments require providing personal information such as name, email, and assessment responses.
  • Candidates’ data is retained for 12 months, unless a longer retention period is required by law or requested by the Client.
  • Candidates have the right to request access, correction, or deletion of their data through the Client that invited them to use the Platform.

7. Limitation of Liability

XOOTS is a technology service provider and does not assume responsibility for:

  • Hiring decisions made by Clients based on the insights provided by the Platform.
  • Any indirect, incidental, special, or consequential damages arising from the use of the Platform, even if XOOTS has been advised of potential damages.

8. Dispute Resolution

  • Any disputes arising from the use of the Platform shall be resolved through mediation and/or arbitration in accordance with the laws of the European Union.
  • The decision of the mediator or arbitrator shall be final and binding.

9. Governing Law

These terms are governed by and construed under the laws of the European Union. Any legal actions shall be brought in the competent courts located within the European Union.

10. Changes to the Terms of Service

XOOTS reserves the right to update or modify these terms at any time. Clients and Clients’ Candidates will be notified of significant changes, and the latest version will be available on the Platform. Continued use of the Platform after any changes constitutes acceptance of the revised terms.

11. Contact Information

For questions or concerns regarding these terms, please contact us at info@xoots.biz.