Privacy Policy

Introduction

At New Black, we respect your privacy and are committed to protecting your personal data. This privacy policy outlines how we collect, use, and protect the personal data you provide during the recruitment process in accordance with the General Data Protection Regulation (GDPR).


Who We Are

New Black is the data controller responsible for the personal data you provide to us during your job application. If you have any questions about this privacy policy or how we handle your data, please contact us.


What Data We Collect

As part of the recruitment process, we may collect and process the following categories of personal data:

  • Identification Data: Name, date of birth, contact details (email, phone number, address).
  • Professional Information: CV/resume, cover letter, LinkedIn profile, employment history, educational background, certifications, and references.
  • Assessment Data: Interview notes, test results, or other evaluation materials.
  • Additional Information: Any data you voluntarily provide, such as salary expectations or work authorization status.
  • Sensitive Data: Only if explicitly required and permitted by law, such as information regarding disabilities for reasonable accommodations.


Why We Process Your Data

We process your personal data for the following purposes:

  1. Recruitment and Hiring: To assess your application, qualifications, and suitability for the role you have applied for.
  2. Communication: To contact you regarding the status of your application and future steps in the recruitment process.
  3. Compliance: To comply with legal obligations and regulations, such as equal opportunity laws.
  4. Future Opportunities: With your explicit consent, to retain your details in our talent pool for consideration for future roles.


Legal Basis For Processing

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To take steps at your request before entering into an employment contract.
  • Legal Obligation: To comply with applicable laws and regulations.
  • Legitimate Interest: To manage our recruitment process and evaluate candidates effectively.
  • Consent: For retaining your data for future job opportunities, where you have provided explicit consent.


Data Retention

We will retain your personal data only for as long as necessary to complete the recruitment process or to comply with legal and regulatory requirements. If your application is unsuccessful, we may retain your data for future opportunities unless you withdraw your consent or request deletion. You can do so at any time by contacting us.


How We Share Your Data

We will not share your personal data with third parties unless it is necessary for the recruitment process, such as:

  • Third-party service providers who assist us with recruitment (e.g.,recruitment agencies, assessment platforms).
  • Legal authorities, if required by law.

All third-party processors are bound by strict confidentiality agreements and GDPR-compliant data protection terms.


Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include secure servers, encrypted communications, and access controls.


Your Rights

Under GDPR, you have the following rights regarding your personal data:

  1. Access: Request access to the data we hold about you.
  2. Rectification: Request correction of any inaccurate or incomplete data.
  3. Erasure: Request deletion of your personal data (right to be forgotten).
  4. Restriction: Request restriction of data processing in certain circumstances.
  5. Portability: Request transfer of your data to another party.
  6. Objection: Object to the processing of your data for certain purposes.
  7. Withdrawal of Consent: Withdraw your consent at any time, where processing is based on consent.

To exercise your rights, please contact us. We will respond to your request within one month, in accordance with GDPR.


AI Policy

New Black uses AI‑enabled tools to support parts of our hiring process.


What AI We Use

  • Interview transcription & notes: Metaview; creates transcripts and summaries so interviewers can focus on the conversation.
  • Drafting emails: ChatGPT (Enterprise/Team); helps write candidate communications (e.g., rejections) from human‑written reasons.
  • We do not use AI to score you, rank you, infer your emotions/personality, or decide outcomes.


How Decisions Are Made

All hiring decision are made by a human. AI is used only to aid note-taking and drafting communications. There is no automated decision-making in our process.


What Data We Process

  • Application data you submit (CV, cover letter, answers).
  • Interview recordings (if you consent), transcripts, interviewer notes.
  • Communication metadata (timestamps, sender/recipient) and drafted email text.
  • We do not require special‑category data; if such data appears, we avoid using it in decisions and will delete or filter it where feasible.


Why We Process It

  • Run our recruitment process; evaluate your application against the role profile.
  • Keep accurate records of interviews; communicate clearly and consistently.
  • Improve hiring operations (e.g., calibrating interviews and training recruiters).


Legal Bases (GDPR)

  • Legitimate interests (Article 6(1)(f)) for recruitment operations and interview note‑taking.
  • Steps prior to contract (Article 6(1)(b)) when assessing your application for a role you applied for.
  • Consent for recording an interview and for keeping your details in a talent pool beyond the live vacancy.


Recordings & Your Choices

  • We’ll ask for consent before recording. You can opt out at any time; we’ll take manual notes instead.
  • You can request human reconsideration of any outcome at sandra@newblack.io


Sharing, Vendors, International Transfers

We use vetted service providers and only share what’s necessary to provide the service:

  • Metaview (interview notes): primary storage in UK (AWS). The UK currently has an EU adequacy decision. Subprocessors are listed in Metaview’s DPA.
  • OpenAI / ChatGPT (email drafting): Enterprise/Team. If data is accessed outside the EEA, we rely on an EU adequacy decision, the EU -U.S. Data Privacy Framework for certified U.S. entities, or Standard Contractual Clauses, plus security measures (encryption, access controls).


Retention

  • Interview recordings & transcripts: 3 weeks (or less if you withdraw consent).
  • Communication drafts/logs: permanently unless opting out, where under our control.


Your Rights

You have the right to access, rectify, erase, restrict, object to, and port your data, as well as to withdraw consent at any time. To exercise rights or request human reconsideration, send an email at sandra@newblack.io


Security

We use encryption in transit and at rest, role‑based access controls, audit logs, regular reviews, and least‑privilege access to protect your data.


Changes To This Notice

If we add any AI that assists decisions (e.g., automated ranking or test scoring), we will update this page, provide a clear notice, and complete the required risk assessments before enabling it


Changes to This Policy

We may update this privacy policy periodically. Any changes will be posted on our website, and we encourage you to review it regularly.


Contact Us

If you have questions, concerns, or complaints about how we handle your personal data, please contact us at sandra@newblack.io.