Caliber Privacy Policy
Caliber Global Limited (NZBN: 9429051112615) ("Caliber", "we", "us", or "our") provides recruitment and people-operations software, including ATS/CRM and optional HR/payroll modules, along with AI-assisted features. We respect your privacy and handle personal data in line with applicable laws, including the New Zealand Privacy Act 2020, Australian Privacy Act 1988 (Cth), EU/UK GDPR, and relevant United States state privacy laws (e.g., CCPA/CPRA in California). This policy explains what we collect, why we collect it, how we use it, who we share it with, where we store it, how long we keep it, and the rights available to you.
Important role clarification: Caliber is primarily a service provider (processor) to our business customers. Those customers (e.g., recruitment agencies, HR teams, employers)are typically the data controllers for candidate and client personal data they store inCaliber. If you are contacted by one of our customers, please refer to their privacy policy and contact them directly about your data requests. We support our customers in meeting their obligations.
Who this policy applies to
Customers: organisations that license and use Caliber.Users: individuals authorised by a customer to access Caliber (e.g., recruiters, hiring managers, HR staff).Individuals whose data is entered into Caliber by a customer (e.g., candidates, job applicants, referees, clients/contacts, contractors,).Website and marketing visitors who interact with Caliber’s websites, forms, and communications.
What this policy covers
This policy covers personal data processing in: Our software services (ATS/CRM, analytics, integrations, AI features). Our websites and marketing (web forms, cookies, emails, social features, events/webinars). Our customer support channels (email, in-app support, tickets).It does not cover third-party sites or services that we link to or integrate with (see External links andIntegrations).
Key terms (plain language)
Personal data / Personal information: information about an identified or identifiable person.Controller: the party deciding why and how personal data is processed (usually the customer).Processor: the party processing personal data on behalf of a controller (Caliber).Cookies: small text files stored in your browser to remember preferences and help analyse/measure site usage.Services: Caliber’s software and related features, including integrations and AI.
What we collect
We collect the following types of personal data, depending on who you are and how you interact with us:
Account & contact details (customers/users)
Name, employer/organisation, role/title, business contact details, authentication/login information.
Candidate & HR records (entered by customers)
Identity and contact details (e.g., name, phone, email, addresses).Work history (roles, employers, qualifications, skills, projects, achievements), CVs and application data.Screening and compliance documents reasonably required for recruitment or employmenteligibility (e.g., licences, right-to-work evidence, qualifications). Customers are responsible forensuring lawfulness and necessity before collecting these.
Online activity & usage data
IP address, device and browser details, pages viewed, session metadata, geo-approximation, search queries within the service, actions performed in your account (activity logs), and interactions with emails and in-app notifications.
Payments & purchases
Billing contact, plan details, and transaction records. Card/bank details may be handled by our payment processor; we do not store full card numbers in our systems.
Engagement & preferences
Support requests, survey responses, event/webinar registrations, promotions, and marketing preferences (including unsubscribes). We also create aggregated and/or de-identified data for analytics, benchmarking, and product improvement. Aggregated/de-identified data does not identify you.
How we collect data
Directly from you: when you trial, subscribe, sign in, request support, complete forms/surveys, or interact with our sites and communications.From customers: customers may upload or enter personal data about candidates, clients,referees, contractors, or employees.From publicly available sources: e.g., Companies Office/ASIC/Companies House, public webpages, LinkedIn.From service providers and partners: analytics, advertising networks, credit check providers(where applicable), and integration partners.Cookies and similar technologies: see Cookies & online tracking.
Why we use data (purposes) and legal bases
We use personal data for the following purposes. Where GDPR applies, we rely on the stated legal bases:
Operating and securing the service
Creating and managing accounts, authenticating users, providing customer support, operating integrations you request, monitoring and logging activity for security, fraud prevention, and to enforce our terms.Legal bases: performance of contract; legitimate interests (security/quality); legal obligations.
Product improvement and analytics
Measuring and improving the performance, usability, and reliability of our websites and services; developing new features; quality assurance.Legal bases: legitimate interests (to improve and grow our services).
Communications
Service communications (e.g., updates, releases, billing, renewals, security notices); responding to enquiries.Legal bases: performance of contract; legitimate interests.
Marketing (B2B)
Showing relevant advertising, sending product updates or promotional information about our services or selected partners we believe may be useful to you. You can opt out at any time via unsubscribe links or by contacting us.Legal bases: consent where required; otherwise legitimate interests (B2B marketing). You may object at any time.
Events & webinars
Planning, hosting, and following up on events or webinars you register interest in.Legal bases: consent; performance of contract; legitimate interests.
Legal, regulatory, and compliance
Responding to lawful requests, handling disputes, protecting our rights, conducting audits, and complying with applicable law.Legal bases: legal obligations; legitimate interests.
Aggregated/De-identified analytics
Creating non-identifying insights for benchmarking, machine learning, and product enhancement.Legal bases: legitimate interests.Controller vs processor: For data entered by customers (e.g., candidate records), weprocess that data under our customer’s instructions and contract. Customers determine their own lawful bases and notices; we provide tools and agreements to support them(see your customer contract and data processing terms)
AI features (OpenAI and similar)
We provide optional AI-assisted capabilities (e.g., summarisation, drafting, data analysis) using trusted third-party AI providers. If enabled by a customer, relevant data (such as text in a candidate profile or job record) may be transmitted to the AI provider strictly to generate the requested output for that customer. We do not permit AI providers to use customer data to train public models. Customers can disable AI features at any time. For the AI provider’s privacy and security commitments, refer to their published policies.
Cookies & online tracking; social features
We may share personal data with: Our group, personnel, and contractors who need access to operate the service and are bound by confidentiality. Hosting, infrastructure, and security providers(e.g., cloud hosting, logging, monitoring, email delivery) and other sub‑processors that help us deliver the service. Integration partners at your request (to enable a specific integration). We may also share your business name and country with integration partners to identify potential prospects; you can opt out by contacting support. Payment processors for billing and payments. Professional advisers(lawyers, accountants, insurers) under confidentiality, where reasonably necessary. Analytics and marketing providers that help us understand usage and improve our services and communications. Prospective purchasers and their advisers in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards. Courts, regulators, and law enforcement where required by lawor to establish, exercise, or defend legal claims.We do not sell personal data.
Data Sharing
Our production systems are hosted on Amazon Web Services (AWS). We may transfer personal data to other countries (including Australia, USA, UK, and Ireland) to operate the service and work with service providers. Where we transfer data internationally, we implement appropriate safeguards (e.g., Standard Contractual Clauses where applicable). Using our services may involve these transfers.A current list of our sub‑processors and their locations is available on request.
Security
We apply industry‑standard administrative, technical, and organisational measures to protect personal data against unauthorised access, misuse, loss, or disclosure, including access controls, encryption-in-transit, logging, and regular reviews. No system is perfectly secure; you are responsible for keeping your login credentials confidential, limiting device access, and signing out after use. Please notify us immediately if you suspect unauthorised activity in your account.
External links & marketplace
Our websites and services may link to third‑party sites or marketplaces. We do not control those sites and are not responsible for their privacy practices. Review their policies before using their services.
Children
Our services and websites are not designed for individuals under 18. We do not knowingly collectpersonal data from children. If you believe a child has provided personal data to us, contact us and wewill take appropriate action.
Your privacy rights
Your rights depend on where you live, but may include the right to: Access your personal data. Correct inaccurate or incomplete data. Delete your data (erasure). Restrict or object to certain processing. Data portability (receive data in a usable format). Withdraw consent where we rely on consent.
How to exercise your rights: If you are a customer or user, you can update some information in your account settings and may contact us for additional requests. If your data was entered by a customer(controller) (e.g., as a candidate), please contact that customer first. We will assist them as required by law and contract. You can opt out of marketing by using the unsubscribe link in our emails or contacting us.Residents of certain US states (e.g., California) may have additional rights (e.g., to know, access, delete, correct, opt out of certain uses). We honour applicable state requirements.
How long we keep data (retention)
We retain personal data for as long as needed for the purposes described in this policy, including to meet legal, accounting, regulatory, or reporting requirements, resolve disputes, and enforce agreements. For customer account data, we keep information for the life of the account unless the customer deletes it. On account closure, data is deleted according to our contractual timeframes, subject to limited retention where legally necessary. We may retain aggregated/de‑identified data created from service usage after account closure.
Changes to this policy
We may update this policy to reflect changes to our practices or applicable laws. We will post the updated version on our website and update the “Last updated” date below. Continued use of our websites or services after an update indicates acceptance of the changes.
Contact us (and DPO)
Caliber Global LimitedSupport: support@caliberjobs.comPrivacy enquiries: privacy@caliberjobs.com
EU/UK Data Protection Officer (DPO): [details to be published upon appointment]
We aim to resolve privacy concerns promptly and fairly. If you are not satisfied with our response, you may contact your local data protection authority/regulator.
© Caliber Global Limited 2025 — All rights reserved.Last updated: 7 November 2025