Privacy Policy
Version 2026-06-12 · 12.06.2026
Privacy Policy
1. Introduction
This Privacy Policy explains how AHS Dynamics LLP ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the CandidateForce platform, available at candidateforce.com and candidateforce.de (the "Platform").
We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR 2016/679).
Please read this policy carefully before using the Platform. By registering an account, you confirm that you have read and understood this policy.
2. Data Controller
The data controller responsible for your personal data is:
AHS Dynamics LLP 71–75 Shelton Street London WC2H 9JQ United Kingdom Company Number: OC457971
Privacy contact: privacy@candidateforce.com
For all data protection enquiries, including requests to exercise your rights, please contact us at the address above.
3. Data We Collect
3.1 Account registration
When you create an account, we collect:
- First name and last name
- Email address
- Country of residence
3.2 Profile information (optional)
After registration, you may provide additional information about your organisation:
- Company name, address, phone number, and email address
- Company VAT / tax identification number
- Your position within the organisation
3.3 Usage data
When you use the Platform, we automatically collect:
- IP address
- Browser type and version
- Operating system
- Pages visited and features used
- Date and time of access
- Session duration
3.4 Payment data
If you subscribe to a paid plan, payment is processed by Stripe, Inc. We do not store your card number, CVV, or full payment details on our servers. We retain only the following for billing purposes:
- Subscription plan and status
- Billing history and invoice records
- Stripe customer ID
3.5 Communications
If you contact us by email or through the Platform, we retain records of that correspondence.
4. Legal Basis for Processing
| Purpose | Legal Basis |
| Account registration and Platform access | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Sending transactional emails (account, invoices) | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Improving the Platform and analysing usage | Legitimate interests (UK GDPR Art. 6(1)(f)) |
| Sending marketing communications | Consent (UK GDPR Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (UK GDPR Art. 6(1)(c)) |
| AI-assisted features (translations, image generation) | Legitimate interests (UK GDPR Art. 6(1)(f)) |
5. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Provide and maintain the Platform's features and services
- Process payments and issue invoices
- Send you transactional communications (account confirmation, password reset, subscription updates)
- Send marketing communications, where you have given consent
- Improve the Platform through usage analysis
- Comply with applicable legal obligations
- Respond to enquiries and support requests
- Detect and prevent fraud or misuse
6. AI-Assisted Features
The Platform uses artificial intelligence services to enhance your experience:
Job post image generation: When you create a job posting, the content of that posting (job title, description, requirements) may be sent to Anthropic or OpenAI to generate a relevant image. No personal data about you or your candidates is included in these requests.
Message translation: Messages exchanged on the Platform may be translated using DeepL or Anthropic to facilitate communication between users in different languages. Message content is processed solely for the purpose of translation and is not used to train AI models.
Job post translation: Job postings may be translated into multiple languages using the above services to increase their reach.
These services are configured under data processing agreements that prohibit the use of your data for training or any purpose beyond the service provided.
7. Data Processors and Third Parties
We work with the following third-party service providers who process data on our behalf:
| Processor | Purpose | Location |
| SSC d.o.o. | Platform infrastructure, development and maintenance | Bosnia and Herzegovina |
| Amazon Web Services EMEA SARL | Cloud hosting and file storage | EU (Frankfurt, Germany) |
| Google Firebase (Google Ireland Ltd) | User authentication | EU |
| Stripe, Inc. | Payment processing | USA (EU SCC in place) |
| Brevo (Sendinblue SAS) | Transactional and marketing email | EU (France) |
| Anthropic PBC | AI content generation and translation | USA (EU SCC in place) |
| OpenAI, LLC | AI content generation | USA (EU SCC in place) |
| DeepL SE | Message and content translation | EU (Germany) |
All processors are bound by data processing agreements and are contractually required to protect your data in accordance with UK GDPR and EU GDPR.
8. Tracking and Analytics (Website Only)
The following tracking technologies are used on our websites (candidateforce.com and candidateforce.de) only, not within the Platform application itself:
- Google Analytics — website traffic analysis
- Meta Pixel — advertising performance measurement
- LinkedIn Insight Tag — conversion tracking for LinkedIn advertising campaigns
- Microsoft Advertising (UET Tag) — conversion tracking for Microsoft advertising campaigns
These technologies use cookies and similar tracking methods. Your consent is obtained via our cookie banner before any non-essential tracking is activated. You may withdraw consent at any time through our cookie preference centre.
9. International Data Transfers
Your data is stored on servers located in the European Union (Frankfurt, Germany).
Our company is registered in the United Kingdom. Following the UK's departure from the EU, the UK has been granted an adequacy decision by the European Commission, meaning data transfers between the EU and UK are permitted without additional safeguards.
Our infrastructure partner, SSC d.o.o., is located in Bosnia and Herzegovina, which is not subject to an EU or UK adequacy decision. Data transfers to SSC d.o.o. are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, incorporated into a Data Processing Agreement between AHS Dynamics LLP and SSC d.o.o.
Transfers to processors located in the USA (Stripe, Anthropic, OpenAI) are governed by Standard Contractual Clauses or equivalent transfer mechanisms.
10. Data Retention
| Data type | Retention period |
| Account and profile data | For the duration of your account, plus 30 days after deletion |
| Inactive accounts | 3 years of inactivity → email notification → 30 days → deletion |
| Payment and invoice records | 7 years (UK legal requirement) |
| Usage and technical logs | 12 months |
| Marketing consent records | Until consent is withdrawn, plus 3 years |
After the applicable retention period, your data is permanently deleted or anonymised.
11. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restriction — request that we limit how we process your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — withdraw consent at any time for consent-based processing
To exercise any of these rights, contact us at privacy@candidateforce.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your local EU supervisory authority.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest on AWS S3
- Access controls and authentication via Firebase
- Regular security reviews
- Restricted access to personal data on a need-to-know basis
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
13. Children
The Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal data from persons under 18. If we become aware that a user is under 18, we will delete their account and associated data without delay.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you by email and/or via a notification on the Platform
- Where required by law, request your renewed consent before the changes take effect
Your continued use of the Platform after notification constitutes acceptance of the updated policy.
15. Governing Law
This Privacy Policy is governed by the laws of England and Wales. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.