Privacy Policy

Last Updated: March 20, 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

neuraforce GmbH

Dora-Koch-Stetter-Weg 22

D-18055 Rostock

Germany

Email: info@neuraforce.com

Website: https://neuraforce.com

Managing Director: Hans Wolff

Commercial Register: HRB 14881 Rostock

VAT Tax ID: DE329153840

2. Data Protection Officer

A Data Protection Officer is currently not appointed, as the legal requirements under Art. 37 GDPR in conjunction with § 38 BDSG (German Federal Data Protection Act) are not met. For questions regarding data protection or the processing of your personal data, please contact the data controller at info@neuraforce.com.

3. Legal Basis for Data Processing

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

4. Types of Data We Collect

4.1 Technical Information (automatically collected)

When you visit our website, the following data is automatically collected in server log files:

  • IP address (stored in anonymized form)
  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referrer URL (previously visited page)
  • Date and time of access
  • Device information

4.2 Account Data

When registering for and using our service, we collect:

  • Email address
  • Password (stored in encrypted form)
  • Usage data and preferences

4.3 Uploaded CV Data

When you upload CVs for analysis, we process the personal data of applicants contained therein, including:

  • First and last name
  • Contact details (email, phone number, address)
  • Gender (if provided)
  • Photographs / application photos (if included)
  • Work experience and education
  • Skills and qualifications
  • Language proficiency

This data is processed exclusively for the purpose of AI-powered matching based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in providing our service). The user who uploads the CVs is responsible as a data controller within the meaning of Art. 4(7) GDPR for the lawfulness of the upload.

4.4 Job Posting Data

Uploaded job postings, including requirement profiles and company information.

5. Cookies

We use cookies to store technical information and ensure the functionality of our website.

We do not use Google Analytics or similar third-party analytics services.

5.1 Cookie Types

  • Essential Cookies: Strictly necessary for the technical functionality of the website (e.g., session management, authentication). Legal basis: Art. 6(1)(f) GDPR (legitimate interest) and § 25(2) TDDDG.
  • Technical Cookies: Store settings and preferences to improve the user experience (e.g., language settings, theme selection).

5.2 Your Cookie Consent

Essential cookies that are strictly necessary for the operation of the website do not require consent (§ 25(2) TDDDG). For all non-essential cookies, we obtain your active consent through our cookie banner before they are set. You may withdraw your consent at any time with effect for the future.

You may also manage cookies through your browser settings and delete them at any time. Please note that disabling essential cookies may affect the functionality of the website.

6. Purposes of Data Processing

  • Providing, operating, and improving the CV Matcher service
  • Performing AI-powered matching between CVs and job postings
  • Technical and operational management of the website
  • Authentication and account management
  • Compliance with legal obligations (in particular tax and commercial law retention requirements)
  • Responding to your inquiries and requests
  • Security and fraud prevention
  • Anonymized statistical analysis to improve our services

7. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds under the GDPR:

  • Art. 6(1)(a) GDPR: Your consent (for non-essential cookies and voluntarily provided data)
  • Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures (account creation, provision of the matching service)
  • Art. 6(1)(c) GDPR: Compliance with legal obligations (e.g., tax law retention requirements)
  • Art. 6(1)(f) GDPR: Our legitimate interests (ensuring system security, improving our services, essential cookies)

8. Automated Decision-Making and Profiling

Our service uses AI algorithms for the automated analysis of CVs and the generation of matching scores. This constitutes automated processing of personal data within the meaning of Art. 22 GDPR.

We expressly point out that no decision based solely on automated processing is made that produces legal effects or similarly significantly affects the applicants concerned. The AI-generated matching scores serve solely as a support tool; the final recruitment decision is always made by a human.

As part of the automated processing, the following data is analyzed: professional qualifications, work experience, education, skills, and language proficiency. The evaluation logic is based on matching this data against the requirements of the respective job posting.

9. Data Retention

We retain personal data only for as long as necessary for the respective processing purpose or as required by statutory retention obligations:

  • Technical cookies and session data: For the duration of your session or until the cookie expires
  • Server log files (with anonymized IP): No longer than 7 days
  • Account data: For the duration of the contractual relationship and beyond in accordance with statutory retention periods (up to 10 years under §§ 147, 257 HGB/AO)
  • Uploaded CVs and matching results: Until deleted by the user or within 30 days after account deletion
  • Job postings: Until deleted by the user or within 30 days after account deletion

10. Recipients and Data Processors

We do not generally share your personal data with third parties, unless:

  • Required by law or in connection with legal proceedings
  • Necessary for the provision of our services using data processors
  • You have given your explicit consent

In the course of providing our service, we engage the following categories of data processors:

We have concluded data processing agreements pursuant to Art. 28 GDPR with all data processors.

Categories of Data Processors

  • Hosting service providers (server infrastructure within the EU)
  • AI processing services (local processing on our own infrastructure – no transmission to external AI services such as OpenAI or Google)

11. Data Transfers to Third Countries

Your personal data is generally not transferred to countries outside the European Economic Area (EEA). All our data processing, including AI processing, takes place on servers within the European Union.

Should a transfer to a third country be required in exceptional cases, we ensure that an adequate level of data protection is guaranteed (e.g., through adequacy decisions of the EU Commission, Standard Contractual Clauses, or other appropriate safeguards pursuant to Art. 46 GDPR).

12. Your Rights Under the GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You may request information about the personal data we process
  • Right to Rectification (Art. 16 GDPR): You may request the correction of inaccurate or the completion of incomplete data
  • Right to Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply
  • Right to Restrict Processing (Art. 18 GDPR): You may request the restriction of processing of your data
  • Right to Data Portability (Art. 20 GDPR): You may receive your data in a structured, commonly used, and machine-readable format
  • Right to Object (Art. 21 GDPR): You may object to the processing of your data on grounds relating to your particular situation
  • Right to Withdraw Consent (Art. 7(3) GDPR): You may withdraw a given consent at any time with effect for the future
  • Right to Lodge a Complaint (Art. 77 GDPR): You may lodge a complaint with the competent data protection supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Mecklenburg-Western Pomerania.

To exercise these rights, please contact us at info@neuraforce.com. We will respond to your request within one month (Art. 12(3) GDPR).

13. Data Security

We implement appropriate technical and organizational measures pursuant to Art. 32 GDPR to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • TLS-encrypted data transmission (HTTPS)
  • Secure server infrastructure with access restrictions
  • Encrypted password storage (hashing)
  • Access controls and role-based authentication
  • Regular security reviews and software updates
  • Data backup and recovery processes

However, no data transmission over the Internet is completely secure. While we strive to protect your data to the best of our ability, we cannot guarantee absolute security.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices and content of these external websites. Please review their privacy policies before providing any personal information.

15. Privacy for Minors

Our service is not intended for persons under the age of 16 (§ 8 GDPR in conjunction with the BDSG). We do not knowingly collect personal data from minors under the age of 16. If we become aware that a minor under the age of 16 has provided us with personal data, we will promptly delete such information.

16. Changes to This Privacy Policy

We reserve the right to update this privacy policy as needed to reflect changes in our data processing practices, technological developments, or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the “Last Updated” date. In the case of substantial changes, we will additionally notify you by email.

17. Contact Us

If you have questions about this privacy policy, our data protection practices, or wish to exercise your rights, please contact us:

neuraforce GmbH

Email: info@neuraforce.com

Website: https://neuraforce.com

Address: Dora-Koch-Stetter-Weg 22, D-18055 Rostock, Germany

Managing Director: Hans Wolff