Privacy Policy for Executive Search and Recruitment Services

Effective Date: September 4, 2025
Last Updated: September 4, 2025

1. INTRODUCTION

OctanePeople (“we,” “us,” or “our”) is committed to protecting the privacy and personal information of all individuals who interact with our executive search and recruitment services. This Privacy Policy describes how we collect, use, disclose, and protect personal information in accordance with applicable privacy laws.

Our Commitment: We respect your privacy rights and handle your personal information with the highest standards of care, transparency, and security.

Geographic Scope: This policy applies to our operations across Canada and when serving California residents, ensuring compliance with all applicable federal, provincial, and state privacy laws.

Designated Privacy Officer:
Sandra Stuart
Principal
Email: sandra@octanepeople.com
Phone: 519-204-8341
Address: 118 Killarney Court, London Ontario N5X 2B6

2. LEGAL COMPLIANCE FRAMEWORK

We operate in compliance with:

Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation
California: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
AI Regulations: Emerging AI governance requirements and consent laws for automated systems
Cross-Border: International data transfer and processing requirements

3. PERSONAL INFORMATION WE COLLECT

3.1 Candidate Information

Contact and Identity Information:

Full name, current and previous addresses
Email addresses, phone numbers (mobile and landline)
Emergency contact information
Citizenship status and work authorization details

Professional Information:

Resume, CV, cover letter, and portfolio materials
Employment history, job titles, responsibilities
Educational background, degrees, certifications, professional licenses
Skills, qualifications, and competencies
Salary expectations, benefits preferences
Willingness to relocate, travel requirements
Professional references and contact information
Languages spoken, professional memberships

Assessment and Evaluation Data:

Interview notes, evaluations, and scoring
Skills assessments, personality tests, aptitude results
Reference check feedback and verification
Background check results (where legally permitted with consent)
Performance evaluations from previous employers

Sensitive Personal Information (California residents):

Financial information (salary history, credit reports where permitted)
Health information and disability accommodation requests
Biometric identifiers, including voice recordings

3.2 AI Notetaking and Recording Data

Audio/Video Content:

Complete recordings of interviews and meetings
Voice patterns and biometric voice data
Video recordings where applicable

AI-Generated Content:

Automated transcriptions of recorded conversations
AI-generated meeting summaries and key points
Automated analysis of interview content
Speaker identification and conversation mapping
Meeting metadata (participants, duration, timestamps)

3.3 Client and Business Information

Organization Details:

Company information, industry sector
Hiring manager and key contact details
Position requirements and job descriptions
Organizational culture and workplace information
Feedback on candidates and hiring decisions

4. HOW WE COLLECT INFORMATION

4.1 Direct Collection Methods

Applications: Online forms, email submissions, job board applications
Interviews: In-person, telephone, and video conference interviews
Assessments: Skills tests, personality evaluations, competency interviews
Communications: Email correspondence, phone calls, text messages
Meetings: Client meetings, candidate briefings, reference calls

4.2 Third-Party Sources

Professional Networks: LinkedIn, industry associations, professional contacts
References: Current and former employers, professional colleagues
Background Services: Credit reporting agencies, criminal record databases
Public Records: Professional licensing boards, court records, educational institutions
Recruitment Platforms: Job boards, applicant tracking systems, HR platforms

4.3 Consent and Authorization

Standard Collection:
We obtain consent for personal information collection through:

Application submission and engagement in our recruitment process
Clear disclosure of collection purposes before gathering information
Ongoing consent through continued participation in recruitment activities

AI Recording Consent:
Before using AI notetaking tools, we:

Obtain explicit verbal consent from all meeting participants
Provide clear notice that AI recording and transcription will occur
Offer alternative non-recorded interview options
Comply with all-party consent requirements under applicable state laws
Allow participants to withdraw consent and end recording at any time

Sensitive Information:
We obtain specific consent for:

Background checks and credit reports
Medical information for accommodation purposes
Biometric data collection through AI systems
Cross-border transfer of personal information

5. HOW WE USE PERSONAL INFORMATION

5.1 Primary Recruitment Purposes

Candidate Evaluation: Assessing qualifications, skills, experience, and cultural fit
Client Matching: Connecting suitable candidates with appropriate opportunities
Process Management: Scheduling interviews, coordinating communications, tracking progress
Reference Verification: Confirming employment history, performance, and qualifications
Placement Services: Facilitating introductions, negotiations, and successful placements

5.2 AI-Enhanced Processing

Interview Documentation: Creating accurate transcriptions and meeting records
Analysis and Insights: Generating summaries, identifying key discussion points
Quality Assurance: Reviewing recruitment process effectiveness and candidate experience
Efficiency Improvement: Streamlining documentation and follow-up processes
Search Optimization: Improving matching algorithms and candidate recommendations

5.3 Business Operations

Legal Compliance: Meeting employment law and regulatory requirements
Record Keeping: Maintaining documentation as required by law
Dispute Resolution: Supporting employment-related claims or investigations
Service Improvement: Analyzing market trends and enhancing service delivery
Client Relations: Providing reports and updates on recruitment activities

We do not use personal information for marketing third-party products or services.

6. HOW WE DISCLOSE PERSONAL INFORMATION

6.1 Authorized Recipients

Prospective Employers:

Sharing candidate profiles, resumes, and assessment results with client consent
Facilitating interviews and evaluation processes
Providing references and background check results where authorized

Service Providers:

Background check companies and verification services
AI notetaking platforms and transcription services
Technology providers supporting our recruitment systems
Legal and professional advisors

Legal Requirements:

Government authorities when required by law or legal process
Courts and tribunals in connection with legal proceedings
Regulatory bodies for compliance and investigation purposes

6.2 Safeguards for Disclosure

Contractual Protection: All service providers bound by confidentiality agreements
Limited Purpose: Information shared only for specified recruitment purposes
Security Standards: Recipients must maintain appropriate security safeguards
Data Minimization: Only necessary information disclosed for each specific purpose

6.3 Prohibited Practices

We do not:

Sell personal information to third parties
Use information for unauthorized marketing purposes
Share information without proper consent or legal authority
Transfer information without appropriate safeguards

7. DATA RETENTION AND DISPOSAL

7.1 Retention Periods

Successful Placements:

Canada: 3 years after employment relationship ends
California: 4 years from placement date
Applied Standard: 4 years to ensure full compliance

Unsuccessful Candidates:

Canada: 1 year after recruitment process completion
California: 4 years from application date for employment records
Applied Standard: 4 years for comprehensive compliance

AI Recordings and Transcriptions:

Same retention period as underlying recruitment records
Deleted simultaneously with associated candidate information
Available for early deletion upon candidate request

Unsolicited Applications:

Reviewed for current opportunities within 30 days
Deleted immediately if not relevant to active searches
Candidates may request inclusion in future talent pipeline with consent

7.2 Secure Disposal Process

Electronic Data: Department of Defense standard data wiping (DoD 5220.22-M)
Physical Documents: Cross-cut shredding by certified document destruction services
AI Platform Data: Coordinated deletion from all processing systems and backups
Verification: Certificate of destruction provided for all disposal activities
Multiple Systems: Systematic removal from all databases, backups, and archives

8. SECURITY SAFEGUARDS

8.1 Technical Security Measures

Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Multi-factor authentication and role-based access permissions
Network Security: Enterprise firewalls, intrusion detection, and monitoring systems
Regular Updates: Automated security patches and vulnerability management
Backup Security: Encrypted backups with controlled access and retention policies

8.2 Administrative Safeguards

Privacy Training: Mandatory annual privacy and security training for all staff
Background Checks: Security screening for employees with personal information access
Incident Response: Documented procedures for security breaches and privacy incidents
Vendor Management: Due diligence and security assessments for all service providers
Regular Audits: Annual security reviews and penetration testing

8.3 Physical Security

Secure Facilities: Locked offices, restricted access areas, visitor management
Device Security: Encrypted laptops, secure mobile device management policies
Document Security: Locked filing cabinets, clean desk policies, secure disposal
Environmental Controls: Fire suppression, climate control, power backup systems

8.4 AI-Specific Security

Platform Validation: Security certifications required for all AI service providers
Data Minimization: Only essential meeting data processed by AI systems
Processing Isolation: AI processing separated from other business systems
Audit Logging: Complete tracking of AI system access and data processing activities
Vendor Oversight: Regular security reviews of AI platform providers

9. YOUR PRIVACY RIGHTS

9.1 Rights for All Individuals

Access Rights:

Request copies of personal information we hold about you
Information about sources, uses, and disclosures of your information
Details about our information handling practices and policies

Correction Rights:

Request correction of inaccurate or incomplete information
Update your contact information and professional details
Provide additional context or clarification for your records

Consent Management:

Withdraw consent for processing (subject to legal requirements)
Decline participation in AI recording sessions
Opt out of future recruitment communications

9.2 Additional Rights for California Residents

Enhanced Access Rights:

Detailed information about personal information collection over the past 12 months
Specific categories of information collected, sources, and business purposes
Third parties to whom information has been disclosed or sold

Deletion Rights:

Request deletion of personal information (subject to retention requirements)
Immediate removal from future marketing communications
Deletion of AI recordings and transcriptions upon request

Correction and Portability:

Right to correct inaccurate personal information
Right to receive information in a portable format
Right to limit use of sensitive personal information

Non-Discrimination:

No adverse treatment for exercising privacy rights
Same quality of service regardless of privacy choices
No penalties for opting out of data processing

9.3 Exercising Your Rights

Request Methods:

Email: sandra@octanepeople.com
Phone: 519-204-8341
Mail: 118 Killarney Court, London Ontario N5X 2B6

Response Timeline:

Initial acknowledgment within 5 business days
Complete response within 30 days (45 days for complex requests)
Free of charge for reasonable requests

Identity Verification:
We may request verification of your identity to protect against fraudulent requests. This may include:

Government-issued photo identification
Verification through information we already have on file
Additional authentication for sensitive requests

10. AI SYSTEM TRANSPARENCY

10.1 AI Usage Disclosure

Systems We Use:
We use AI-powered systems for:

Interview recording and transcription services
Meeting summary generation and key point extraction
Candidate screening and qualification matching
Document processing and information extraction

Human Oversight:

All AI-generated insights reviewed by human recruiters
Final placement decisions made by experienced professionals
Candidates may request human-only evaluation processes
Appeals process available for AI-assisted decisions

10.2 AI Consent and Control

Before AI Recording:

Clear notice that AI recording will be used
Explanation of AI processing purposes and capabilities
Option to decline recording or request alternative arrangements
Ongoing ability to stop recording during the session

Data Processing:

AI processing limited to transcription and analysis functions
No AI training on your personal conversations
Secure deletion when AI processing is complete
Regular audits of AI system data handling practices

10.3 Jurisdictional Compliance

California Requirements:

Compliance with CCPA requirements for AI systems processing personal information
Enhanced protections for biometric identifiers including voice patterns
Right to human review of AI-assisted decisions

Ontario Requirements (Effective January 1, 2026):

Disclosure of AI use in screening, assessing, and selecting candidates
Information about the type of AI system and its capabilities
Notice of human involvement in final decision-making

11. CROSS-BORDER DATA TRANSFERS

11.1 International Processing

Data Locations:
Personal information may be processed in:

Canada (primary data residence)
United States (AI processing and cloud services)
Other jurisdictions where service providers operate

Transfer Safeguards:

Contractual data protection agreements with international standards
Adequate security measures during transmission and storage
Regular assessment of foreign jurisdiction privacy protections
Right to request information about specific transfer arrangements

11.2 AI Platform Transfers

AI notetaking services may process data across multiple jurisdictions
All AI platforms required to meet enterprise security standards
Contractual protection for cross-border AI data processing
Notification of material changes in AI processing locations

12. PRIVACY COMPLAINTS AND RESOLUTION

12.1 Internal Complaint Process

Step 1 – Contact Our Privacy Officer:

Submit complaint via email, phone, or mail using contact information above
Provide detailed description of privacy concern or alleged violation
Include relevant dates, circumstances, and desired resolution

Step 2 – Investigation and Response:

Acknowledgment of complaint within 5 business days
Thorough investigation of circumstances and applicable requirements
Written response with findings and corrective actions within 30 days
Implementation of necessary policy or procedure changes

12.2 External Complaint Options

For Canadian Residents:

Office of the Privacy Commissioner of Canada
- Website: www.priv.gc.ca
- Phone: 1-800-282-1376
- Email: info@priv.gc.ca

Provincial Privacy Commissioners:

Ontario: Information and Privacy Commissioner (ipc.on.ca)
British Columbia: Office of the Information and Privacy Commissioner (oipc.bc.ca)
Alberta: Office of the Information and Privacy Commissioner (oipc.ab.ca)

For California Residents:

California Privacy Protection Agency
- Website: cppa.ca.gov
- Email: regulations@cppa.ca.gov
California Attorney General
- Website: oag.ca.gov/privacy

12.3 Complaint Resolution

We are committed to:

Prompt and thorough investigation of all privacy complaints
Clear communication throughout the resolution process
Implementation of corrective measures to prevent recurrence
Cooperation with regulatory authorities as required
Documentation and monitoring of complaint resolution effectiveness

13. POLICY UPDATES AND CHANGES

13.1 When We Update This Policy

This Privacy Policy may be updated to reflect:

Changes in applicable privacy laws and regulations
Evolution of our business practices and service offerings
Implementation of new technologies or AI systems
Enhanced privacy protection measures and best practices

13.2 How We Notify You

For Material Changes:

Direct email notification to active candidates and clients
Prominent notice on our website with summary of key changes
Discussion during ongoing recruitment processes
Additional consent obtained for significant new uses of information

For Minor Updates:

Updated policy posted on website with revision date
Notice in regular communications and newsletters
Annual policy review and confirmation process

13.3 Transition Arrangements

Reasonable notice period for individuals to review changes
Opportunity to withdraw consent for new uses of information
Grandfathering of existing consent arrangements where appropriate
Clear explanation of how changes affect existing information

14. CONTACT INFORMATION

14.1 Privacy Officer

Name: Sandra Stuart
Title: Principal

Company: OctanePeople
Address: 118 Killarney Court, London Ontario N5X 2B6
Email: sandra@octanepeople.com
Phone: 519-204-8341

Office Hours: Monday to Friday 8 am – 5 pm

14.2 General Business Contact

Company: OctanePeople

Address: 118 Killarney Court London Ontario N5X 2B6
Phone: 519-204-8341
Email: info@octanepeople.com

Website: www.octanepeople.com

14.3 After-Hours Privacy Emergencies

For urgent privacy matters outside business hours:
Emergency Contact: 519-204-8341
Response Time: Within 24 hours for urgent privacy incidents

15. ACKNOWLEDGMENT AND CONSENT

By submitting your personal information to us, participating in our recruitment processes, or engaging with our services, you acknowledge that:

You have read and understood this Privacy Policy in its entirety
You consent to the collection, use, and disclosure of your personal information as described
You understand your rights regarding your personal information and how to exercise them
You agree to our use of AI systems for interview recording and transcription (with separate explicit consent)

For AI recording sessions, separate explicit verbal consent will be obtained from all participants before any recording begins, in compliance with applicable consent and recording laws.

Consent Withdrawal: You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer using the information provided above.

Document Information:

Version: 1.0
Effective Date: September 5, 2025
Next Review Date: August 30, 2026
Legal Review Completed: September 5, 2025

This Privacy Policy incorporates all requirements under Canadian privacy laws (including PIPEDA’s Fair Information Principles), California privacy laws (including CCPA/CPRA), and emerging AI compliance requirements for comprehensive cross-border recruitment operations.