Version

1.1

Jan 25, 2026

Legal

/

GDPR Compliance Statement

JOBPEAK GDPR COMPLIANCE STATEMENT

Jobpeak is committed to protecting the privacy and personal data of all users, applicants, and subcontractors in full accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This GDPR Compliance Statement outlines the principles and practices Jobpeak follows to ensure lawful, transparent, and secure processing of personal data.


1. Lawful Basis for Processing

Jobpeak processes personal data only where a lawful basis exists under GDPR, including:

  • Contractual necessity: processing required for test administration, subcontractor onboarding, payment, and workflow operations.

  • Legitimate interest: ensuring platform security, fraud prevention, system integrity, and quality control.

  • Consent: when users voluntarily provide information or agree to optional communications.

  • Legal compliance: retaining records to meet tax, financial, or regulatory obligations.

2. Types of Data We Collect

Jobpeak may collect and process the following categories of data:

  • Identification details (name, email, region)

  • Cognition Test results and performance metrics

  • Activity and time-tracking information within the Jobpeak Portal

  • Payment and invoicing data

  • Technical data (IP address, device type, browser, system logs)

  • Communication records (support messages, correspondence)

We collect only what is necessary for managing Tests, subcontractor operations, and platform security.

3. How We Use Your Data

Your data is used strictly for:

  • Administering Cognition Tests

  • Determining qualification for subcontractor roles

  • Providing platform access and workflow management

  • Assigning tasks and monitoring performance

  • Processing payments

  • Maintaining security and preventing system abuse

  • Meeting legal, regulatory, and financial obligations

Jobpeak does not engage in automated decision-making that produces significant effects without human oversight.

4. Data Storage and Security

Jobpeak uses industry-standard technical and organisational measures to protect personal data, including:

  • Encrypted data storage

  • Access control systems

  • Real-time activity monitoring

  • Regular audits and system reviews

  • Strict internal confidentiality policies

Only authorised personnel may access personal data when operationally required.

5. Data Sharing

Jobpeak does not sell or rent personal data.

Data may be shared only with:

  • Secure third-party service providers essential for platform operation (e.g., payment processors)

  • Legal or regulatory authorities when required

All third parties are contractually bound to GDPR-compliant data protection standards.

6. International Data Transfers

Where data must be transferred outside the EU/EEA, Jobpeak ensures that all transfers are protected through:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Other legally recognised safeguards

7. Data Retention

Jobpeak retains personal data only for as long as necessary to:

  • Administer Tests

  • Maintain subcontractor records

  • Fulfil legal and financial obligations

Unnecessary data is securely deleted or anonymised.

8. Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request erasure where appropriate

  • Restrict processing

  • Request data portability

  • Object to certain processing activities

  • Avoid automated decision-making without safeguards

Requests can be made through privacy@jobpeak.com, and Jobpeak will respond within statutory time-frames.

9. Consent Management

Where Jobpeak relies on consent, users may withdraw consent at any time. Withdrawal does not affect the legality of processing completed prior to withdrawal.

10. Updates to This Statement

This GDPR Compliance Statement may be updated periodically to reflect operational, legal, or regulatory changes. Updates will be posted with a revised “Last Updated” date.

11. Our Commitment

Jobpeak is dedicated to maintaining robust privacy protections and ensuring users, applicants, and subcontractors can trust that their data is handled responsibly, securely, and in full compliance with GDPR.