Privacy Notice (Data Privacy Act of 2012 — RA 10173)

---

Version: 1.0 • Effective: September 25, 2025
Controller: Hearworks Careers (the “Agency”)
Address: P2 B2 L31 Micara Estates Brgy. Sahud Ulan Tanza, Cavite
Email: info@heartworkscareers.com
Data Protection Officer (DPO): info@heartworkscareers.com +639219170426

This Privacy Notice explains how we collect, use, share, and protect personal data of Clients, Candidates, and Website Visitors in compliance with the Data Privacy Act of 2012 (RA 10173), its IRR, and relevant NPC issuances.

• Controller: The Agency acts as data controller when dealing with client contact persons and candidate data during sourcing, screening, and placement.
• Processor: The Agency may act as processor for specific client instructions (e.g., administering tests) and for certain service providers.
• Not Employer of Record: We are a placement-only agency; employers engage hires directly.

From Candidates: name, contact details, location, resume/CV, education, work history, salary expectations, availability, notice period, references, assessment results, interview recordings/notes, device/internet specs, portfolios, IDs and government numbers where necessary and lawful, and any information you voluntarily provide (including sensitive personal information if you choose to disclose it).
From Clients/AP: company details, contact persons, billing details, AP emails/phones, VAT/Tax IDs, PO requirements, role specifications, performance feedback about candidates.
From Website Visitors: device identifiers, IP address, cookie data, analytics events, and contact details submitted via forms.
From Third Parties: referrals, public profiles, job boards, background check providers (where lawful), and testing providers.

• Contract: to perform pre-contractual or contractual steps with clients/candidates.
• Legitimate Interests: to operate a recruiting business (e.g., sourcing, screening, fraud prevention, analytics, improving services), balanced against your rights.
• Consent: for optional activities (e.g., storing a candidate profile for future roles, sending marketing updates, processing sensitive information, or performing background checks where required by law).
• Legal Obligation: compliance with tax, accounting, and regulatory requirements.

• Sourcing, screening, shortlisting, coordinating interviews, and facilitating offers/starts.
• Maintaining records of placements, billing, and collections.
• Client relationship management (HubSpot), scheduling (Calendly), candidate tracking (Giig), payments (Stripe/PayPal).
• Security, troubleshooting, audit logs, and legal compliance.
• Marketing communications (with consent/opt-out).

We share personal data with:

• Client organizations (for roles you consent to pursue).
• Service providers: HubSpot (CRM), Calendly (scheduling), Giig (ATS), email/SMS providers, cloud hosting, analytics, payment processors, e‑signature tools, background check/test vendors (where applicable).
• Regulators or authorities when legally required.
• Affiliates in our corporate group to support operations.

We use global cloud tools; your data may be transferred outside the Philippines. We implement safeguards (contractual clauses, access controls). By using our services, you consent to such transfers for recruitment and related purposes.

To align with our business model—where Clients pay a 20% recurring placement fee for as long as the Hire remains engaged—we keep only the minimum necessary data for as long as needed to administer the engagement and comply with law. Specifically:

(a) Active placements (recurring‑fee accounts).
We retain the Candidate and Client records needed to (i) administer the placement, (ii) verify ongoing employment/engagement status, (iii) perform invoicing/collections, and (iv) deliver support (check‑ins, replacements if applicable) for the duration of the engagement (i.e., while the Hire remains with the Client).

(b) After the engagement ends (offboarding/stop‑billing).
We retain a minimal file for:
• Accounting/tax: invoices, receipts, and underlying records for 7 years from the end of the fiscal year they relate to (or longer if required by law).
• Legal/claims/defense: contracts, key correspondence, and transaction logs for up to 7 years after engagement end (or the longer applicable statutory period).
• Operational audit: workflow/system logs for 12–24 months unless a longer retention is needed for investigations or error remediation.

(c) Candidate pool (no active placement).
With the Candidate’s consent, we may keep a profile up to 24 months from last activity to consider for future roles (or until consent is withdrawn). Without consent, we keep only a short administrative record (e.g., name, contact, evaluation outcome) for 12 months to avoid duplicate processing and then delete/anonymize.

(d) Website/analytics.
Cookie/analytics data are typically retained 12–24 months.

(e) Conflicts with deletion requests.
If a deletion request is received during an active placement with ongoing billing, we may retain the minimum necessary data to (i) perform our contract, (ii) comply with accounting/tax laws, and (iii) exercise or defend legal claims. Non‑essential data will be deleted or anonymized.

We apply data minimization, periodic retention reviews, and secure deletion/anonymization once retention periods lapse.

Subject to law, you may access, correct, erase, object, restrict, withdraw consent, and port your data. Submit requests to dpo@[domain].com with proof of identity. We respond within 30 days or as allowed by law.

We maintain organizational, physical, and technical measures: role‑based access, encryption in transit, least‑privilege controls, audit logging, incident response, vendor due diligence, and staff confidentiality undertakings.

We use cookies for essential site functions and analytics. You can control cookies via your browser. See Cookie Notice below.

Cookie Notice (Summary)

• Essential cookies (required for the site)
• Analytics cookies (e.g., Google Analytics or equivalent)
• Preference/functional cookies (remember settings)
  You may opt out of analytics cookies on our banner or browser settings. Blocking essential cookies may break site features.

Sample Banner Text: “We use cookies to improve your experience. By continuing, you agree to our Privacy Notice and Cookie Notice. Manage preferences.”

Our services target adult job seekers and business clients. We do not knowingly collect data from persons under 18. If you believe a minor provided data, contact us to remove it.

For questions or requests: dpo@[domain].com. You may lodge a complaint with the National Privacy Commission (NPC). We encourage contacting us first to resolve concerns.

We may update this Notice to reflect operational, legal, or regulatory changes. We will post updates with a new “Effective” date.