Privacy Notice

This Privacy Notice explains how Nexa Consulting (“we,” “our,” or “us”) collects, uses, stores, and protects personal data processed through Tally, our AI recruitment support system for candidate matching, workflow automation, and conversational assistance.

1. Scope

This Privacy Policy applies to (i) our clients (individuals and corporates) and their authorized representatives, and (ii) candidates’ personal data processed on behalf of clients.

2. Data Collected

• Candidate data: CVs, profiles, professional history, skills, education, communications with Tally.
• Client data: job descriptions, recruitment needs, contact details, evaluations and feedback.
• Interaction data: chat transcripts, interview notes, memory of past conversations (if enabled).
• System data: logs, performance, usage statistics, metadata.

3. Purposes of Processing

• To match candidates with jobs and clients effectively.
• To assist recruiters with AI-driven insights and recommendations.
• To maintain a memory of candidate interactions to improve user experience.
• To provide reporting, analytics, and platform improvement.
• To ensure compliance with legal obligations.

4. Legal Basis

• Legitimate Interest: to improve our services and ensure our platform is secure.
• Contractual Necessity: delivering services to clients.
• Legal Obligations: responding to requests from regulators, authorities, or under applicable law.

5. Data Retention

Client and candidate data shall be retained only as long as necessary.

6. Data Sharing

• With service providers (Oracle Cloud, Render, Synology NAS, BoondManager, LinkedIn, GitHub) under strict regulatory provisions.
• With authorities, where legally required.

7. Data Transfers

Where personal data is transferred outside Kenya or the EU/EEA, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including the use of standard contractual clauses, encryption, and data minimisation.

8. Client and Candidate Rights

Clients: audit rights, request deletion, or data portability.

Candidates (via clients): Rights under the Kenya Data Protection Act, 2019 and the GDPR to access, correct, or delete their data. Requests should be submitted through the client organization or directly to us at the contact details below.

9. Security Measures

We implement technical and organisational safeguards including:

• Data encryption (in transit and at rest).
• Access control and authentication.
• Logging and monitoring.
• Regular security audits.

10. AI Transparency & Human Oversight

Tally is an AI-based recruitment assistant. All AI-driven recommendations are subject to human oversight.

11. Updates

This Privacy Policy may be updated to reflect regulatory changes or new features. The latest version will always be available on our platform.