Who we are
NextInHR is a professional platform built exclusively for the global HR community. We act as the data controller in respect of the personal data we collect directly from Users. In respect of candidate personal data submitted by Referring Partners via the Referral Jobs module, the Referring Partner acts as the data controller and NextInHR processes that data on their instruction.
For all data protection enquiries, please contact us at [email protected].
What data we collect
The personal data we collect depends on how you use the platform. We collect only what is necessary for the purposes described in this Policy.
| Category | Examples | How collected |
|---|---|---|
| Identity data | Full name, professional title, profile photo | Registration and HR Profile setup |
| Contact data | Email address, phone number (if provided) | Registration, contact forms |
| Professional data | Work history, HR specialisation, skills, certifications, LinkedIn URL, current and expected salary, notice period | HR Profile and job application forms |
| HR Brand Profile & Card data | Professional summary, Brand Card content, QR card, Professional Standing tier and credentials | HR Brand Profile module |
| Account data | Login history, account preferences, notification settings | Registration and account settings |
| Usage and activity data | Jobs viewed and applied to, referrals submitted, Gigs purchased, certifications completed, Professional Activity Score, module interactions | Platform usage and server logs |
| Job and referral data | Job descriptions, screening questions and answers, company details, salary ranges, candidate CV content | Job creation and referral submission forms |
| Communications data | Messages exchanged between Users on the platform | In-platform messaging |
| Technical data | IP address, device type, browser, operating system, approximate geographic location | Automatically via cookies and server logs |
| User-generated content | Articles, community Q&A answers, Gig reviews, resource ratings | Community and content modules |
| Event registration data | Name, email, employer (for platform-hosted events) | Event registration forms |
| Marketplace listing data | Agency or HR tech solution descriptions, contact details, service categories | Agency and HR Tech Marketplace listing forms |
How we collect your data
- Directly from you — when you register, complete your HR Profile, post a job, apply for a role, submit a referral, create a Gig listing, register for an event, contribute content, or contact us.
- Automatically — when you browse the platform we collect technical and usage data via cookies, analytics tools, and server logs. See Section 9 for detail on cookies.
- From other Users — when a Referring Partner submits your personal data as a candidate referral via the Referral Jobs module. See Section 7.
- From third-party integrations — if you connect a third-party account (such as LinkedIn) to your NextInHR profile, we may receive data from that service subject to its own privacy policy.
How we use your data
| Purpose | Data used |
|---|---|
| Create and manage your account and HR Profile | Identity, contact, professional, account data |
| Operate HR Jobs — job posting, applications, AI matching, ATS | Professional data, job listing data, usage data |
| Operate Referral Jobs — job posting, candidate referrals, AI matching, commission recording | Professional data, candidate data submitted by Referring Partners, commission data |
| Operate Gigs — listings, purchases, reviews | Professional data, Gig listing data, usage data |
| Operate Resources, Events, Certifications, Agency Marketplace, HR Tech Marketplace | Identity, contact, professional, event registration, and usage data |
| Operate the Professional Recognition System — Activity Scores, Standing tiers, credentials | Usage and activity data |
| Display your HR Brand Profile and Brand Card to other Users | HR Brand Profile data, professional data |
| Personalise your experience — including IP-based regional job defaults | Technical data, usage data |
| Send platform notifications and emails — application updates, referral status, tier unlock, recognition | Contact data, activity data |
| Send marketing communications (opted-in Users only) | Contact data |
| Platform security, fraud detection, and misuse prevention | Technical data, usage data, account data |
| Legal compliance | All categories as required by applicable law |
| Analyse and improve platform performance | Technical and usage data (anonymised or aggregated where possible) |
Lawful bases for processing
- Contract — processing necessary to provide the platform services you have requested, including account management and all platform modules.
- Legitimate interests — platform security and fraud prevention, analytics and performance improvement, and community moderation, balanced against your rights and freedoms.
- Consent — where you opt in to marketing communications or to public visibility of your Monthly Recognition Programme results. You may withdraw consent at any time.
- Legal obligation — where we are required by applicable law to process or retain data.
Module-specific data processing
HR Jobs
When you apply for an HR Job, your HR Profile (including work history, skills, certifications, screening question answers, expected salary, and notice period) is shared with the Job Owner to evaluate your suitability. Job view and application activity is recorded and contributes to your Professional Activity Score. Job statistics are displayed in aggregate to logged-in Users only.
Referral Jobs
When a Referring Partner submits a referral on your behalf, your personal data and CV are shared with the relevant Job Owner. The Referring Partner is responsible for obtaining your consent before submitting. Commission status records are retained as part of the platform audit trail. See Section 7 for detail on candidate data.
Gigs
Gig listing information is publicly visible. Reviews you receive and leave are associated with your profile. Gig activity contributes to your Professional Activity Score.
Resources and Certifications
Resource views, ratings, shares, and certification completions are recorded to calculate your Activity Score and provide relevant recommendations. Certification credential data is stored permanently as part of your platform record.
Events
For platform-hosted events, registration data (name, email, employer) is used to manage attendance and may be shared with event co-hosts or sponsors where disclosed at the time of registration.
Agency Marketplace and HR Tech Solution Marketplace
Listing information and contact details submitted by agencies and technology vendors are publicly visible to platform Users for the purpose of service enquiries.
Professional Recognition System
Your Activity Score, Standing tier, earned credentials, and recognition history are stored on the platform. Where you have opted in, this information is displayed publicly on your HR Brand Card and in community search results. Monthly Recognition award data is processed only for opted-in Users.
Candidate data submitted by Referring Partners
When a Referring Partner submits a candidate referral via the Referral Jobs module, they submit personal data about a third party (the candidate), including name, contact details, current role and employer, salary, notice period, LinkedIn URL, and CV.
If you are a candidate who believes your data has been submitted without your consent, please contact us immediately at [email protected]. We will investigate and, where appropriate, remove your data from the platform.
Candidate CV files are stored securely and are accessible only to the relevant Job Owner. CV content is processed server-side by our AI matching service to generate a candidate matching score. See Section 8.
AI-powered features and data processing
NextInHR uses automated matching technology to calculate a compatibility score between candidate profiles and job requirements. When an application or referral is submitted, relevant data — including profile information, CV content, screening answers, and role requirements — is processed to generate a matching score. All AI processing is server-side only; no API keys or credentials are ever exposed to the frontend or to Users.
The matching score is calculated by comparing factors such as skills, experience, qualifications, seniority, and job criteria defined by the employer. This score is one input available to recruiters and does not determine any outcome on its own.
- No automated decisions. Automated matching scores are indicative only. They do not constitute a hiring recommendation, guarantee of suitability, or an automated decision within the meaning of Article 22 GDPR or equivalent legislation.
- Human decision-making. All decisions to progress, shortlist, reject, or hire a candidate are made by a human — specifically, the Job Owner or their designated recruiter. Recruiters may override or disregard the matching score at their discretion.
- Transparency. Candidates are informed that automated matching is used as part of the recruitment process on this platform. Matching scores are visible to the Job Owner in the ATS and may be disclosed to candidates on request.
- Data minimisation. Data passed to AI services is limited to the minimum necessary for the matching calculation. No sensitive personal data categories are used in scoring.
- Right to contest. Candidates may request human review of any matching outcome or contest an assessment by contacting us at [email protected].
Cookies and analytics
NextInHR uses cookies and similar technologies to operate the platform, understand how Users interact with it, and improve performance and security.
| Type | Purpose | Can you opt out? |
|---|---|---|
| Strictly necessary | Session management, authentication, security — required for the platform to function | No — essential to use the platform |
| Functional | Remember your preferences such as location, language, and layout settings | Yes, via browser settings |
| Analytics | Understand how Users navigate the platform to improve experience and performance | Yes — see below |
| Marketing | Track interactions to deliver relevant communications (opted-in Users only) | Yes — withdraw consent at any time |
You can manage cookies through your browser settings. Disabling certain cookies may affect platform functionality. For detail on specific cookies we use, see our Cookie Policy.
How we share your data
NextInHR does not sell or rent your personal data to third parties. We share data only as follows:
- With other Users — your HR Profile, Brand Card, and Professional Standing are visible to other platform Users in the context of the platform's intended features.
- With Job Owners — when you apply to an HR Job or are referred via Referral Jobs, your relevant data is shared with the Job Owner for recruitment evaluation purposes only.
- With third-party service providers — we share data with providers who help us operate the platform (hosting, email, analytics, AI services, security). All providers are contractually bound to process data only on our instructions and to maintain appropriate security.
- For legal reasons — where required by law, court order, or regulatory authority, or to protect the rights, safety, or property of NextInHR, our Users, or the public.
- In a business transaction — if NextInHR undergoes a merger, acquisition, or sale of assets, data may be transferred to the relevant party. We will notify you and explain your options.
Data retention
We retain your personal data for as long as necessary to fulfil the purposes described in this Policy. The table below sets out our standard retention periods by data type.
| Data type | Retention period | Basis |
|---|---|---|
| Account and profile data | Duration of account, plus 90 days after closure | Contract / Legal obligation |
| Job application and referral data | Duration of active hiring process, then up to 24 months | Legitimate interest |
| Candidate CV files (third-party referrals) | Up to 24 months from submission, or until deletion is requested | Legitimate interest / Consent |
| AI matching scores | Retained as part of the application record for the same period as application data | Legitimate interest |
| Audit log data | Retained as immutable records for dispute resolution and compliance | Legal obligation |
| Professional Recognition data | Retained for the lifetime of your account as part of your professional record | Contract |
| Technical and analytics data | Up to 13 months, then aggregated or anonymised | Legitimate interest |
| Communications data | Duration of account, plus 90 days after closure | Contract |
You may request deletion of your data at any time — with or without an account — using our Data Request form. See Section 13 for full details of your rights.
Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, loss, or misuse, including:
- Encryption of data in transit (TLS) and at rest using industry-standard encryption.
- Hashed and salted storage of passwords — passwords are never stored in plain text.
- Role-based access controls limiting access to personal data to authorised personnel only.
- Secure, access-controlled storage for CV and document uploads, with time-limited signed URLs.
- Server-side only processing of all AI and LLM calls — no API keys exposed to the frontend.
- Virus scanning of all uploaded files on upload.
- Regular security assessments and monitoring.
No data transmission or storage system can guarantee absolute security. If you believe your account has been compromised, contact us immediately at [email protected].
Your rights and data requests
Depending on your location and applicable law, you have the following rights over your personal data. You do not need to have a registered account to exercise these rights — they apply to any personal data we hold about you.
How to submit a request
All data subject requests are handled via our dedicated Data Request form. You do not need an account — we verify your identity by sending a confirmation link to the email address associated with your data.
How the process works
- You submit the form at nextinhr.com/data-request, selecting the type of request: Access, Correction, or Deletion.
- We send a verification link to the email address you provide.
- Once you confirm via the link, your request is activated.
- We process the request within 48 Hours and send you a confirmation email when complete.
- For Access requests: we email you a summary of the data we hold.
- For Correction requests: we update your record and confirm the change.
- For Deletion requests: we anonymise or delete your personal data and confirm completion.
If you are dissatisfied with our response, you may lodge a complaint with the data protection supervisory authority in your jurisdiction.
Children and minors
NextInHR is intended for individuals aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe a minor has submitted personal data to the platform, please contact us at [email protected] and we will take prompt steps to investigate and remove it.
Third-party links and services
The platform may contain links to external websites or integrate with third-party services. NextInHR does not control those websites or services and is not responsible for their privacy practices. We recommend reviewing the privacy policy of any external service before sharing your information. Links are provided for convenience only and do not constitute endorsement by NextInHR.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, platform features, or legal requirements. Material changes will be posted on this page with a revised “Last reviewed” date and, where appropriate, communicated to registered Users by email or in-platform notification. Your continued use of the platform after any update constitutes acceptance of the revised Policy.
Contact us
For questions, concerns, or data subject requests regarding this Privacy Policy or how we handle your personal data, please contact us. We respond to all enquiries within 30 days.
Last reviewed May 2026 · This Policy is reviewed periodically and updated as our practices or legal requirements change.
© 2026 NextInHR. All rights reserved. Built for the HR community.