Global Data Privacy Notice
Last updated: 7 May 2025
0. Introduction
This Notice explains how Basis Research Institute (“Basis,” “we,” “our,” “us”) collects, uses, stores, discloses and otherwise processes personal information during recruitment, employment or engagement. It applies to job applicants, interview candidates, employees, individual contractors, interns, agency workers, consultants and directors (“staff,” “you,” “your”).
It does not form part of any contract of employment or engagement. Where this Notice conflicts with local law, local law prevails.
Contact (all regions): contact@basis.ai
1. Who is responsible for your data?
The Basis entity with which you apply, contract or are employed acts as the data controller (or, in California, the “business”).
2. What personal data do we process?
| Category | Examples (non-exhaustive) |
|---|---|
| Identifiers | Name, contact details, date of birth, government IDs, work-eligibility proofs |
| Recruitment info | CV, cover letter, skills, interview notes, assessment results, referees |
| Employment / engagement | Contract terms, role, employee ID, location, performance data |
| Compensation & benefits | Bank details, salary, tax, deductions, insurance, equity or bonus data |
| Leave / absence | Attendance and absence records, fit notes, workplace-adjustment data |
| IT & security | System log-ins, device IDs, badge swipes, CCTV footage |
| Regulatory & compliance | Sanction screening results, professional licences, audit records |
| Sensitive data (where lawful) | Diversity information, health or disability data, background-check results |
3. How do we obtain the data?
- Directly from you (forms, CVs, interviews, corporate systems)
- From third parties (referees, background-check vendors, benefit providers, public sources)
- Automatically via IT, security and building systems where permitted by law
4. Why do we use the data?
- Recruit & hire – screen applications, schedule interviews, verify eligibility
- Administer the relationship – payroll, benefits, performance, learning & development
- Operate our business – project allocation, organisational planning, and develop, test & deploy machine-learning models that assist or automate parts of our hiring workflow (e.g., short-listing, ranking, interview scheduling) with human oversight
- Protect people, assets & systems – access control, security monitoring, incident response
- Comply with legal obligations – tax, social-security, health & safety, immigration, equal-opportunity reporting
- Exercise or defend legal claims and respond to lawful requests from regulators or courts
Legal bases (outside the United States)
- Performance of a contract (Art 6 (1)(b) GDPR)
- Legal obligation (Art 6 (1)(c))
- Legitimate interest (Art 6 (1)(f)) — including improving recruitment efficiency and fairness through data-driven tools; when our models influence hiring decisions we apply Art 22 safeguards (right to human review)
- Consent only where law requires it (e.g., certain background checks)
5. With whom do we share the data?
- Affiliates for internal administration
- Service-providers / processors (payroll, benefits, background checks, cloud hosting, LLM analytics) under contracts that forbid secondary use
- Professional advisers (auditors, lawyers, insurers)
- Regulators, courts, law-enforcement where required
- Successor entities in mergers or similar transactions
We do not sell personal information and do not share it for cross-context behavioural advertising.
7. Automated decision-making & profiling
We use AI/ML tools to support — not replace — human reviewers.
Human oversight
A recruiter or hiring manager makes the final decision on every application.Decision-support uses
The model helps surface CVs that match job criteria and rank them for review.Monitoring
We check model outputs for obvious errors and adjust settings when issues arise.Your rights
You may request human review, provide feedback, or contest a score at contact@basis.ai.
8. Security
Personal data are stored on vendor platforms (Ashby and Google Cloud) that provide industry-standard encryption and access controls. Only authorised Basis personnel with individual credentials can access these systems. We limit access to those who need it for their role and periodically check the list of authorised users.
9. Retention
We keep recruitment information while your application is active and then only for as long as reasonably necessary to
- conduct internal research and development that improves our hiring systems, and
- satisfy legal, audit, or dispute-resolution obligations.
When those purposes no longer apply, we delete the data or irreversibly anonymise it.
10. Your rights
| Region | Core rights & how to exercise them |
|---|---|
| EU / UK | Access, rectify, erase, restrict, port, object (including to ML analytics) and obtain human review of automated scores. Email contact@basis.ai; you may also complain to your supervisory authority. |
| California | Know, access, correct, delete, portability; no retaliation for exercising rights. Email contact@basis.ai |
| Other jurisdictions | Equivalent access & correction rights plus any additional local rights stated in the addenda. |
11. Notice of changes
We will post any material changes to this Notice on our careers site and update the “last-updated” date.
Jurisdiction-Specific Addenda
A. European Union & United Kingdom
- Joint controllers: the local Basis entity and Basis Research Institute Inc. (USA)
- DPO contact: contact@basis.ai (subject: DPO)
- Legal bases. See § 4. When processing special categories of data we rely, as relevant, on: obligations in employment law; assessment of working capacity; establishment or defence of legal claims; or your explicit consent.
- International transfers use SCCs, the UK Addendum or DPF safeguards.
- Rights. See § 10.
B. United States & Canada
- Supplements rights under the CCPA/CPRA and applicable Canadian laws.
- Basis does not sell or share data for targeted advertising.
C. Japan
- Sensitive data collected only with explicit consent where required by the Act on the Protection of Personal Information.
- International transfers rely on contractual safeguards ensuring a comparable level of protection.
D. Singapore
- Transfers rely on contractual clauses providing protection comparable to the Personal Data Protection Act.
- Additional local rights: access, correction, data-portability, breach notification.
Questions? Contact contact@basis.ai