Privacy Policy

1. Introduction

We at Twelve Technologies Limited (License: 11448) ("Company," "we," "us," or "our") operate https://wonka.work (the "Platform"), an AI-powered recruitment screening service. This Privacy Policy explains how we collect, use, disclose, and protect information from and about our users, which include both Recruiters (employers and hiring managers) and Candidates (job applicants).

By accessing or using our Platform, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

In accordance with the GDPR and CCPA/CPRA, we are transparent about the categories of personal information we collect and how we use it. This section describes the information we collect from different user categories.

2.1 Information from Recruiters

We collect the following information from Recruiters:

• Account Information: Name, email address, phone number, company name, and job title
• Billing Information: Payment details processed through our third-party payment processors
• Usage Data: Information about how you interact with our Platform
• Job Posting Content: Job descriptions, requirements, and screening criteria you provide

2.2 Information from Candidates

We collect the following information from Candidates:

• Personal Information: Name, email address, phone number, and location
• Interview Responses: Video recordings, voice recordings, and/or text responses submitted during the screening process. Please note that video and voice recordings may constitute biometric data under certain laws, including the Illinois Biometric Information Privacy Act (BIPA). We process such data only with your consent and in accordance with applicable biometric data protection requirements.
• Application Materials: Any additional information you voluntarily provide during the application process

2.3 Information Collected Automatically

For all users, we automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies and Similar Technologies: Essential cookies necessary for Platform functionality
• Log Data: Access times, pages viewed, and referring URLs

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: To operate our AI-powered candidate screening platform, process interview responses, and deliver analysis to Recruiters
• AI Analysis: To analyze Candidate responses using artificial intelligence and machine learning technologies to evaluate suitability for positions
• Platform Improvement: To improve our services, develop new features, and enhance user experience
• Analytics: To understand usage patterns and optimize Platform performance
• Communications: To send service-related notifications, respond to inquiries, and provide customer support
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

4.1 Sharing of Candidate Data with Recruiters

Candidate information, including interview recordings, responses, and AI-generated analysis, is shared with the Recruiters who initiated the screening process. Recruiters receive this information to evaluate Candidates for employment opportunities.

4.2 Third-Party Service Providers

We share information with third-party service providers who assist us in operating our Platform:

• AI and Machine Learning Providers: Third-party AI services that help process and analyze Candidate responses
• Payment Processors: To process payments for our subscription and credit-based services
• Analytics Providers: Including Google Analytics, to help us understand Platform usage
• Infrastructure Providers: Cloud hosting and data storage services

4.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

5.1 Data Location

Your data is stored on servers located in Washington, D.C., United States. By using our Platform, you consent to the transfer and storage of your information in the United States.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. While we take data security seriously, no method of transmission over the Internet or electronic storage is 100% secure.

5.3 Data Retention

We retain personal information for up to five (5) years from the date of collection, or until you request deletion, whichever occurs first. This retention period applies to both Recruiter and Candidate data. We retain data for this period to fulfill legal obligations, resolve disputes, and enforce our agreements. Upon expiration of the retention period or upon your valid deletion request, we will securely delete or anonymize your personal information within 30 days, unless we are required by law to retain it longer.

6. International Data Transfers

We operate globally and may transfer your information to countries other than your country of residence, including the United States. The United States does not have an adequacy decision from the European Commission, meaning it is not recognized as providing an equivalent level of data protection.

When we transfer personal data from the EU/EEA or UK to the United States, we rely on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission in June 2021, supplemented by appropriate technical and organizational measures. For transfers from the UK, we use the UK International Data Transfer Addendum in conjunction with the SCCs.

We have conducted transfer impact assessments and implemented supplementary measures including encryption in transit and at rest, access controls, and contractual commitments with our service providers to address potential risks associated with international transfers. You may request a copy of the relevant SCCs by contacting us at [email protected].

6.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by GDPR Article 34. For California residents, we will comply with California Civil Code Section 1798.82 regarding breach notification requirements.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured, machine-readable format

7.2 Additional Rights for EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to restrict processing of your personal data
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time (where processing is based on consent)
• Right not to be subject to automated decision-making, including profiling, that produces legal effects
• Right to lodge a complaint with a supervisory authority

7.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, and shared
• Right to opt-out of the sale or sharing of personal information (note: we do not sell your data)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your privacy rights

“Do Not Sell or Share My Personal Information”: We do not sell your personal information as defined under the CCPA/CPRA, nor do we share it for cross-context behavioral advertising purposes. Because we do not engage in these practices, there is no need to opt-out. However, if you have concerns or questions about our data sharing practices, please contact us at [email protected].

California “Shine the Light” Law: Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their direct marketing purposes.

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. For GDPR requests, we will acknowledge receipt within 3 business days and respond substantively within 30 days (extendable by up to 60 days for complex requests, with notice). For CCPA/CPRA requests, we will acknowledge receipt within 10 business days and respond within 45 calendar days (extendable by an additional 45 days with notice). We will not charge a fee for processing your request unless it is manifestly unfounded or excessive. We may need to verify your identity before fulfilling your request to ensure we do not disclose your personal information to unauthorized persons.

8. Artificial Intelligence and Automated Processing

In accordance with GDPR Article 22 and similar requirements, we provide the following transparency about our automated processing activities:

8.1 Types of Automated Processing

Our Platform uses artificial intelligence and machine learning technologies to analyze Candidate responses and provide insights to Recruiters. This includes processing video, voice, and text responses to evaluate candidates against job requirements specified by the Recruiter.

8.2 Logic Involved

Our AI systems analyze Candidate responses using natural language processing and machine learning algorithms to assess factors such as communication clarity, relevance to job requirements, and alignment with criteria specified by the Recruiter. The AI generates scores and assessments based on patterns learned from training data. We use third-party AI service providers to assist with this analysis.

8.3 Significance and Consequences

AI-generated assessments may influence whether a Recruiter advances a Candidate in their hiring process. While our AI provides recommendations and insights, Recruiters are encouraged to use these as one factor among many in their hiring decisions. Final hiring decisions should always involve human review and judgment. The AI does not make binding decisions about employment.

8.4 Your Rights Regarding Automated Processing

As a Candidate, you have the right to: (a) obtain human intervention in the assessment process; (b) express your point of view regarding any AI-generated assessment; (c) contest any decision that significantly affects you and is based solely on automated processing; and (d) request an explanation of how the AI assessment was derived. To exercise these rights, please contact us at [email protected].

9. Notice to Candidates

If you are a Candidate, you may have been directed to our Platform by a prospective employer (Recruiter). By participating in a screening interview on our Platform, you acknowledge that your responses, including video, voice, and text recordings, will be shared with the Recruiter who initiated the screening, as well as processed by our AI systems.

Recruiters are responsible for informing you about their use of our Platform as part of their hiring process. If you have questions about how a specific employer will use your data, please contact them directly.

10. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our Platform with a new effective date. Your continued use of our Platform after such changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Twelve Technologies Limited
Email: [email protected]
Website: https://wonka.work
Location: Dubai, UAE

12.1 Data Protection Officer

For questions specifically related to data protection, GDPR compliance, or to exercise your data subject rights, you may contact our Data Protection Officer at: [email protected]

12.2 EU Representative

As Twelve Technologies Limited is established outside the EU/EEA, we have appointed an EU representative in accordance with GDPR Article 27. Our EU representative can be contacted at: [email protected]

12.3 Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

13. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and ensuring Platform security
• Legal Obligations: Processing necessary to comply with applicable laws
• Consent: Where you have provided explicit consent for specific processing activities