Edomatch Privacy and Data Protection Policy

Pan Africa and Europe

Effective date: 8 September 2025

Last reviewed: 14 December 2025

1. Who we are and how to contact us

Edomatch B.V. is a private limited company incorporated under the laws of the Netherlands. Edomatch B.V. provides a digital job matching and employability platform through mobile applications and web interfaces (the Services).

Unless explicitly stated otherwise, Edomatch B.V. acts as the primary data controller for personal data processed in connection with the Services.

Contact for privacy and data matters:
supportdesk@edomatch.com

You also have the right to contact your local Data Protection Authority. See Section 16.


1.1 Affiliated entities and country representatives

Edomatch B.V. operates in multiple jurisdictions through affiliated legal entities, subsidiaries, and officially appointed country representatives.

Where necessary for service delivery, local operations, employer engagement, regulatory compliance, or customer support, such entities may process personal data on behalf of Edomatch B.V. or jointly with Edomatch B.V.

Depending on the context, these entities act either as data processors acting solely on documented instructions, or as joint controllers where purposes and means are jointly determined.

Appropriate contractual safeguards are always in place, including Data Processing Agreements or Joint Controller Arrangements. Equivalent levels of data protection apply across all jurisdictions.

You may request information about the relevant affiliated entity involved in processing your data by contacting supportdesk@edomatch.com.


2. Scope and governing frameworks

This Policy applies to all personal data processed in connection with the Services for users located in Europe and Africa.

We comply with applicable data protection laws, including:

  • EU General Data Protection Regulation
  • UK GDPR and Data Protection Act 2018
  • African Union Convention on Cybersecurity and Personal Data Protection
  • Ghana Data Protection Act 843
  • Nigeria NDPR and NDPA
  • South Africa POPIA
  • Kenya Data Protection Act
  • Côte d'Ivoire Loi n°2013-450
  • Morocco Law 09-08
  • Egypt Personal Data Protection Law

Where legal frameworks differ, we apply the standard that offers the highest level of protection to the data subject. Where local law requires registration, localization, prior authorization, or local representation, we comply accordingly.


3. Definitions

Personal Data
Any information relating to an identified or identifiable natural person.

Processing
Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Sensitive or Special Category Data
Data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, sexual orientation, or other categories protected under applicable law. Some African laws may also treat gender or precise geolocation as sensitive.

Controller and Processor
As defined by GDPR, POPIA, NDPR, and equivalent legislation.

Legal Bases
Consent, contract, legal obligation, legitimate interests, vital interests, or public task.



4. What data we collect

4.1 Mandatory data

We collect the following personal data to provide the Services:

  • Full name for identification
  • Email address for login and communication about job opportunities
  • Phone number for communication, job opportunities, and one time password verification
  • Password hash for authentication purposes
  • CV and professional information for matching candidates to jobs
  • Country selection for localization and filtering
  • Approximate geolocation for improving job matching relevance

4.2 Optional data

You may choose to provide the following optional data:

  • Gender, used only for aggregated analytics and never for decision making
  • Salary indication, used to improve job matching accuracy
  • Profile image, used for profile distinction
  • Personal video, used for candidate presentation to employers and optional identity verification

Providing optional data is not required to use the core Services.


5. Purposes of processing and legal bases

We process personal data only where a valid legal basis exists.


  • Account creation and service delivery
    Purpose: account management, authentication, communications
    Legal basis: contract
  • Job matching and employability services
    Purpose: matching candidates with relevant jobs
    Legal basis: contract and legitimate interests
  • Communications and notifications
    Purpose: job related messages, OTP verification, service notices
    Legal basis: contract and legal obligation
  • Personalization and recommendations
    Purpose: improve relevance of job suggestions
    Legal basis: legitimate interests
  • Analytics and service improvement
    Purpose: improve platform performance and usability
    Legal basis: legitimate interests or consent where required
  • Marketing of our services
    Purpose: newsletters and service updates
    Legal basis: consent or legitimate interests with opt out
  • Payments and billing
    Purpose: subscription management
    Legal basis: contract and legal obligation
  • Security and fraud prevention
    Purpose: protect users and systems
    Legal basis: legitimate interests and legal obligation
  • Personal video processing
    Purpose: candidate presentation and optional identity verification
    Legal basis: explicit consent

6. Automated processing and profiling

Edomatch uses algorithmic systems to generate job match recommendations and ranked results based on CV data, skills, country, location, and salary indication where provided.

This constitutes profiling under applicable law. We do not make decisions with legal or similarly significant effects solely through automated processing without safeguards.

Gender and other optional demographic data are not used for matching or decision making.

You may request human review, express your point of view, or contest outcomes by contacting supportdesk@edomatch.com.


7. Sharing of personal data

We may share personal data with:

  • Affiliated Edomatch legal entities and country representatives
  • Service providers acting as processors under contract
  • Employers when you apply for a role or choose to share your profile
  • Legal authorities where required by law
  • Successor entities in corporate transactions

We do not sell personal data.


8. International data transfers

Personal data may be transferred between Europe and Africa and to service provider locations.

Transfers are safeguarded through adequacy decisions, Standard Contractual Clauses, UK transfer mechanisms, POPIA Section 72 measures, NDPR and NDPA mechanisms, and local authority approvals where required.

Supplementary technical and organizational safeguards are applied as necessary.


9. Security

We implement appropriate administrative, technical, and organizational measures, including:

  • Password hashing
  • Encryption in transit and at rest
  • Role based access controls
  • Multi factor authentication for administrators
  • Logging and monitoring
  • Incident response procedures
  • Staff confidentiality and security training

Where required by law, data breaches are reported to authorities and affected users.


10. Cookies and tracking technologies

10.1 Web services

On the web, we use cookies and similar technologies subject to your consent. You can choose between:

  • Essential only
  • Analytics and performance
  • Marketing and full tracking

Non essential cookies are not set before consent.

10.2 Mobile applications

In mobile apps, tracking notices are shown on first use. Operating system level tracking preferences are respected. If tracking is declined, no non essential tracking occurs.


11. Data retention

We retain personal data only as long as necessary.

Typical retention periods include:

  • Account and profile data for the life of the account
  • CV and applications up to 24 months after deletion
  • Messages and activity logs up to 24 months
  • Consent records up to 6 years for audit
  • Payment records 7 to 10 years depending on jurisdiction
  • Security logs 12 to 24 months

Data is deleted or irreversibly anonymized when no longer required.


12. Your rights

Depending on your location, you may have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Request human review of automated processing

Requests can be made via in app controls or supportdesk@edomatch.com. We respond within statutory timeframes.

You may lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.


13. Your choices

You can control:

  • Profile visibility and sharing
  • Communication preferences
  • Cookie and tracking settings
  • Account deletion

14. Third party services

Our Services may link to third party websites or services. Their privacy practices are governed by their own policies. We are not responsible for their content or practices.


15. Changes to this Policy

We may update this Policy to reflect legal, technical, or operational changes. Material changes will be communicated, and consent will be requested again where required.


16. Supervisory authorities

You may contact your local Data Protection Authority, including:

  • EU and EEA national authorities
  • UK Information Commissioner
  • Ghana Data Protection Commission
  • Nigeria Data Protection Commission
  • Kenya Office of the Data Protection Commissioner
  • South Africa Information Regulator
  • Côte d'Ivoire APDP
  • Morocco CNDP
  • Egypt Data Protection Authority

17. Complaints and dispute resolution

You can contact us at supportdesk@edomatch.com. If we cannot resolve your concern, you may pursue remedies with your local authority or courts as permitted by law.


18. Contact details

Controller: Edomatch B.V.
Email: supportdesk@edomatch.com


This Policy replaces all prior privacy language, including confidentiality and user agreement privacy sections.