Privacy Policy

1. Introduction

Bull & Geek ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you access or use our website (bullandgeek.com), any mobile or desktop applications we publish on the Apple App Store, Google Play Store, or any other distribution platform (collectively, our "Apps"), and any related services, features, or content we offer (collectively, the "Services").

This policy applies globally and is designed to comply with applicable data protection and privacy laws worldwide, including but not limited to the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Lei Geral de Proteção de Dados (LGPD), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Protection of Personal Information Act (POPIA), the Australian Privacy Act, the Personal Data Protection Act (PDPA) of Singapore, and the Children's Online Privacy Protection Act (COPPA).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Services.

2. Data Controller

For the purposes of applicable data protection laws, Bull & Geek is the data controller responsible for the processing of your personal data. If you have any questions or concerns about our data practices, you may contact us using the details provided in Section 18 of this policy.

3. Information We Collect

We may collect and process the following categories of information depending on how you interact with our Services:

3.1 Information You Provide Directly

3.2 Information Collected Automatically

3.3 Information from Third Parties

We may receive information about you from third-party sources, such as social media platforms (when you log in via a social account), analytics providers, advertising partners, and publicly available sources. We treat this information in accordance with this Privacy Policy.

4. Legal Bases for Processing (GDPR & Equivalent Laws)

Where applicable data protection law requires a legal basis for processing your personal data, we rely on one or more of the following:

• Consent: You have given clear consent for us to process your personal data for a specific purpose. You may withdraw consent at any time.
• Contractual Necessity: Processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
• Legitimate Interests: Processing is necessary for our legitimate interests (such as improving our Services, preventing fraud, and ensuring security), provided those interests are not overridden by your rights and freedoms.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Vital Interests: Processing is necessary to protect the vital interests of you or another person.

5. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve our Services and Apps
• To create and manage your account and authenticate your identity
• To process and evaluate job applications submitted through our website
• To communicate with you, including responding to inquiries, sending service-related notices, and providing customer support
• To personalise your experience and deliver content and features relevant to your interests
• To process transactions and send related information, including purchase confirmations and invoices
• To send promotional communications (with your consent where required by law); you may opt out at any time
• To monitor and analyse usage patterns, trends, and activities to improve our Services
• To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities
• To ensure the security and integrity of our Services
• To comply with legal obligations and enforce our terms and policies
• To carry out any other purpose described to you at the time the information was collected

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share data with trusted third-party vendors who perform services on our behalf, such as cloud hosting, analytics, email delivery, payment processing, and customer support. These providers are contractually obligated to protect your data and may only use it for the purposes we specify.
• Business Transfers: In connection with a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With Your Consent: We may share your information for any other purpose with your explicit consent.
• Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you.

We do not share personal data with third-party artificial intelligence (AI) services for model training purposes without your explicit, informed consent.

7. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your country. When we transfer personal data internationally, we implement appropriate safeguards to ensure your data remains protected, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Binding Corporate Rules where applicable
• Your explicit consent where no other mechanism is available

You may request a copy of the safeguards we use by contacting us at the details provided in Section 18.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context of the processing and our legal obligations.

• Account Data: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations.
• Application Data: Recruitment-related data is retained for up to 24 months after the application is submitted, unless you request earlier deletion or we are required by law to retain it longer.
• Usage & Analytics Data: Retained in an aggregated or anonymised form for analytical purposes and may be kept indefinitely.
• Communications: Retained for as long as necessary to resolve any issues and for a reasonable period thereafter.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention procedures.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Incident response procedures for potential data breaches

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to taking all reasonable steps to protect your data.

10. Cookies and Tracking Technologies

We and our third-party partners may use cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information about your interactions with our Services. These technologies help us:

• Remember your preferences and settings
• Authenticate your identity and maintain your session
• Analyse how our Services are used and measure performance
• Deliver relevant content and, where applicable, advertising

Types of Cookies We Use

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our Services.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals. However, you may opt out of certain tracking as described in this policy and through your browser or device settings.

12. Your Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

12.1 Rights Under the GDPR (EU/EEA/UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR or UK GDPR:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.
• Right to Restriction: Request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: Object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

12.2 Rights Under the CCPA/CPRA (California, USA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you the following rights:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
• Right to Limit Use of Sensitive Personal Information: Direct us to limit the use and disclosure of your sensitive personal information to what is necessary.

12.3 Rights Under the LGPD (Brazil)

If you are located in Brazil, the Lei Geral de Proteção de Dados grants you rights including: confirmation of processing, access to data, correction of incomplete or inaccurate data, anonymisation or deletion of unnecessary data, data portability, information about shared data, the ability to revoke consent, and the right to petition the Autoridade Nacional de Proteção de Dados (ANPD).

12.4 Rights Under PIPEDA (Canada)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act grants you the right to access your personal information held by us, request corrections, withdraw consent (subject to legal or contractual restrictions), and file a complaint with the Office of the Privacy Commissioner of Canada.

12.5 Rights Under POPIA (South Africa)

If you are located in South Africa, the Protection of Personal Information Act grants you rights including: access to your personal information, correction or deletion of personal information, the right to object to processing, and the right to submit a complaint to the Information Regulator.

12.6 Rights Under Other Jurisdictions

If you are located in Australia, Singapore, Thailand, India, Japan, South Korea, or any other jurisdiction with applicable data protection legislation, you may have similar rights under your local laws. We are committed to honouring your rights as required by the laws that apply to you. Please contact us to exercise any rights you believe you hold under your local data protection laws.

How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the information in Section 18. We will respond to your request within the timeframe required by applicable law (typically within 30 days). We may need to verify your identity before processing your request. If you have an authorised agent making a request on your behalf, we may require proof of authorisation.

13. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible.

If any of our Apps are designed for or may be accessed by children, we will comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international laws. In such cases, we will obtain verifiable parental consent before collecting personal information from children, limit data collection to what is reasonably necessary, and provide parents with the ability to review, delete, and control the collection of their child's information.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately using the details in Section 18.

14. Our Applications

This Privacy Policy applies to all applications developed and published by Bull & Geek across all platforms, including the Apple App Store, Google Play Store, and any other distribution channels. Each App may collect data specific to its functionality, but all data collection and processing is governed by the principles and practices described in this policy.

App-Specific Data Collection

Individual Apps may collect additional categories of data relevant to their specific features and functionality. Where an App collects data beyond what is described in this general policy, we will provide supplementary disclosures within the App itself, in the App's listing on the relevant app store, or in a dedicated addendum to this policy.

App Permissions

Our Apps may request access to certain device features or data (such as camera, microphone, photo library, contacts, or location). These permissions are requested only when necessary for the App's functionality, and you can manage or revoke these permissions at any time through your device settings.

In-App Purchases and Subscriptions

Where our Apps offer in-app purchases or subscriptions, payment processing is handled by the respective platform (Apple or Google). We do not have access to your full payment details. Please refer to the platform's privacy policy for information on how they handle payment data.

Account Deletion

In compliance with Apple App Store and Google Play Store requirements, all of our Apps that offer account creation also provide a mechanism for you to request deletion of your account and associated data. You may do so within the App's settings or by contacting us directly. Upon receiving a valid deletion request, we will delete or anonymise your data within 30 days, except where retention is required by law.

15. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Services. This Privacy Policy applies solely to information collected by Bull & Geek.

16. Automated Decision-Making and Profiling

We do not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on you. If we implement such processing in the future, we will update this policy and, where required by law, provide you with the right to obtain human intervention, express your point of view, and contest the decision.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where required by law, by providing additional notice (such as an in-app notification, email, or prominent notice on our website).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this policy constitutes your acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

19. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws applicable to your jurisdiction. Nothing in this policy is intended to limit any rights you may have under applicable mandatory data protection legislation. Where there is a conflict between this policy and applicable law, the applicable law shall prevail.