kbiis.com

Privacy Policy

1. Data Controller

The data controller for the purposes of UK GDPR is:

kbiis Ltd

London, United Kingdom

Email: admin@kbiis.com

2. What Data We Collect

a) Application data

When you use our application form, we collect:

  • Full name
  • Email address
  • Phone number
  • CV (PDF or Word, stored in our database)
  • Work experience and current role (optional)
  • LinkedIn profile (optional)
  • Personal statement

b) Account data

When you voluntarily create an account, we collect:

  • Full name
  • Email address
  • Phone number (optional)
  • Password (stored encrypted, never in plain text)
  • Personal referral code (auto-generated)

c) Identity verification (KYC)

As part of optional identity verification, we collect to verify your identity:

  • Video recording of the front and back of your photo ID (driving licence)
  • Short selfie video (liveness check)
  • Still frames from the liveness check

This data is used solely for identity verification in the context of recruitment. Video recordings are stored encrypted on Supabase (EU region).

d) Referral programme

When you use our referral programme, we process:

  • The personal referral code of the referrer
  • The link between the referrer and the resulting application
  • Bonus payment status (pending / paid)

e) Technical data

When you visit our website, technical data is processed (IP address, browser type, access timestamp) by our hosting provider (Vercel Inc.).

f) Saved jobs

When a logged-in user saves a job, the job ID, user ID and timestamp are stored in our database. No job content itself is stored — only the reference.

g) Job alert subscriptions

When registering for job alerts, we collect:

  • Email address
  • City preference (optional)
  • Licence class preference (optional)
  • Subscription timestamp

This data is used solely for sending the agreed notifications. You may unsubscribe at any time via the link in any email or by emailing admin@kbiis.com.

h) Employer ratings

When a logged-in user submits an employer rating, we store:

  • Star ratings (1–5) for pay, vehicles and working hours
  • Optional free-text comment
  • Employer name and city
  • User ID (internal, not publicly visible)
  • Rating timestamp

Ratings are displayed publicly on job pages without being attributed by name. The link to user ID is maintained internally for abuse prevention only.

i) CV builder

The CV builder at /cv processes all data entered locally in your browser. No CV data is transmitted to or stored on our servers. The tool operates entirely client-side.

j) Transactional emails

For transactional emails (application confirmation, status updates, welcome email, password reset), we use Resend (Resend Inc., USA). Your email address and the content of each email are transmitted to Resend, which processes this data as a data processor under a Data Processing Agreement (DPA).

3. Purpose and Legal Basis

Application processing

Processing to review applications, forward to employers and communicate during the recruitment process. Legal basis: UK GDPR Article 6(1)(b) (pre-contractual steps) and Article 6(1)(a) (consent).

Account management

Managing your account, displaying applications and referral statistics. Legal basis: Article 6(1)(b) UK GDPR.

Identity verification (KYC)

Verifying applicant identity to ensure authenticity and protect employers. Legal basis: Article 6(1)(a) UK GDPR (explicit consent by starting the KYC process).

Referral programme

Tracking referrals and paying the £100 referral bonus on successful placement. Legal basis: Article 6(1)(b) UK GDPR (performance of the referral agreement).

Job alert notifications

Sending email notifications about new matching vacancies at the user's request. Legal basis: Article 6(1)(a) UK GDPR (consent). Revocable at any time.

Employer ratings

Publishing anonymised ratings to inform other users. Legal basis: Article 6(1)(a) UK GDPR (consent by submitting the rating).

Transactional emails (Resend)

Sending system-generated emails (application confirmation, status updates, password reset). Legal basis: Article 6(1)(b) UK GDPR.

4. Retention Periods

  • Application data: Up to 6 months after the conclusion of the recruitment process.
  • Account data: Until you request deletion of your account.
  • KYC video recordings: Up to 6 months after the conclusion of the recruitment process. Earlier deletion is available on request.
  • Referral data: Up to 3 years after payment of the bonus (tax record-keeping requirement).
  • Saved jobs: Until deleted by the user or account closure.
  • Job alert subscriptions: Until the user unsubscribes or requests deletion.
  • Employer ratings: Until deleted by the user, on request, or for Terms violations.

5. Sharing with Third Parties

Your application data is shared with the relevant employer as part of the recruitment process. No further sharing without consent takes place, except where required by law.

Data processors (technical infrastructure):

  • Vercel Inc. (USA) — website hosting and operation. Standard Contractual Clauses.
  • Neon Inc. — PostgreSQL database hosting in the EU (Frankfurt). Application and account data is stored encrypted.
  • Supabase Inc. — storage of KYC video recordings in the EU. Videos are secured by signed URLs and are not publicly accessible without an authorised link. supabase.com/privacy
  • Cloudflare Inc. (USA) — Cloudflare Turnstile CAPTCHA service in the application form. No tracking cookies. cloudflare.com/privacypolicy
  • Resend Inc. (USA) — sending transactional emails (application confirmation, status updates, password reset, welcome email). DPA in place. resend.com/privacy

6. Hosting

This website is hosted by Vercel Inc. Server logs are generated automatically on each visit (IP address, date, time, page visited, browser type). These are used solely for technical purposes and deleted after a short period.

7. Cookies and Local Storage

We use the following cookies and local data:

Session cookie (strictly necessary)

To maintain your login session. Validity: 30 days. Legal basis: Article 6(1)(b) UK GDPR.

Referral cookie (ref_code)

Set when you follow a referral link, to track the source of an application. Validity: 30 days. Contains only the anonymous referral code. Legal basis: Article 6(1)(b) UK GDPR.

8. Your Rights

  • Access — Article 15 UK GDPR
  • Rectification — Article 16 UK GDPR
  • Erasure — Article 17 UK GDPR (including KYC videos on request)
  • Restriction of processing — Article 18 UK GDPR
  • Data portability — Article 20 UK GDPR
  • Objection — Article 21 UK GDPR
  • Withdrawal of consent — Article 7(3) UK GDPR (particularly for KYC data)

To exercise your rights: admin@kbiis.com

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

ico.org.uk

Last updated: April 2026

Questions? WhatsApp