Privacy Policy
Last updated: 31 March 2026
1. Data Controller
Global Smile BV is the data controller for all personal data processed through this platform. For any privacy-related inquiries, please contact us at info@globalsmile.be.
2. Data We Collect
| Data | Purpose | Storage |
|---|---|---|
| Full name | Candidate identification | Plaintext |
| Email address | Communication about screening results | Encrypted at rest (AES-256) |
| Test responses | Screening evaluation (HEXACO, SJT, motivation) | Linked to pseudonymous participant ID |
| Language preference | Display in correct language (PT/NL) | Browser localStorage |
3. Legal Basis
We process your personal data on the basis of legitimate interest (Art. 6(1)(f) GDPR) for the purpose of evaluating candidates in a professional recruitment context. By participating in the screening assessment, you acknowledge this processing.
4. Cookies & Local Storage
| Name | Type | Purpose | Duration |
|---|---|---|---|
| admin_access_token | HttpOnly Cookie | Admin session authentication | Session (1 hour) |
| gs_lang | localStorage | Remember language preference | Persistent |
| gs_cookie_consent | localStorage | Remember consent acknowledgement | Persistent |
This platform does not use any tracking, analytics, or advertising cookies. Third-party CDNs (Tailwind CSS, HTMX, Chart.js) are loaded for functionality only.
5. Data Sharing
Your personal data is not shared with third parties for marketing or commercial purposes. Data is stored in EU-West region and processed solely by authorized Global Smile recruitment personnel.
6. Data Retention
Candidate data is retained for the duration of the active recruitment cycle. After a final decision has been communicated, data is deleted within 6 months unless the candidate provides explicit consent for longer retention (e.g., for future recruitment rounds).
7. Your Rights (GDPR Art. 15–22)
As a data subject, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Object to processing (Art. 21)
- Data portability (Art. 20)
To exercise any of these rights, contact privacy@globalsmile.org. You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA).
8. Security Measures
- Email addresses are encrypted at rest using industry-standard symmetric encryption
- All database connections are encrypted in transit (TLS/SSL)
- Admin authentication uses secure token-based sessions
- HttpOnly, Secure, SameSite cookies for session management
- Protective security headers applied to all responses