Privacy Notice

January 30, 2025

Momentum Spark Pte. Ltd. ("Company," "we," "us," or "our") values privacy and is dedicated to managing personal data responsibly and in compliance with applicable laws and regulations. This Privacy Policy outlines how we collect, use, share, and protect your data across all interactions with our platforms and services.

This Privacy Policy applies to all website visitors, potential customers, and users of our services. It is designed to be future-proof and encompass new features or services we may introduce.

1. Scope of this Policy

This Privacy Policy governs:

  • The collection and processing of personal data through our websites, platforms, and related services.
  • The rights and obligations of individuals and entities interacting with our services.

This Privacy Policy does not apply to Customers who have signed separate agreements (e.g., Terms of Use) that include specific privacy provisions.

2. Key Definitions

  • Personal Data: Information relating to an identified or identifiable individual as defined under applicable data protection laws.
  • Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Controller: The entity determining the purposes and means of processing personal data.
  • Processor: The entity processing personal data on behalf of a Controller.
  • Cookies: Small text files placed on a user’s device to track activity or enable functionality.

3. Data Collection and Use

We collect and process personal data for specific, legitimate purposes, as outlined below:

3.1 Categories of Data Collected

  • Directly Provided Data: Names, email addresses, contact numbers, billing information, job titles, username and password (if any), and other information submitted during account registration or service interaction. Candidates may complete a job interview through our Services which can include information such as work history, skills, experience, abilities, work style and other responses to questions, as well as submissions through a variety of types of media including video/audio interviews and the like.
  • Automatically Collected Data: IP addresses, browser types, operating systems, geographic locations, session durations, and interaction logs.
  • Derived Data: Analytical insights derived from user behavior, platform usage, and preferences.

3.2 Purposes of Data Processing

We process personal data to:

  • Provide Services: Facilitate access, functionality, and user experience on our platforms.
  • Support Operations: Respond to inquiries, process payments, manage accounts, and troubleshoot technical issues.
  • Enhance Offerings: Develop new features, improve existing services, and conduct research and analytics.
  • Ensure Compliance: Fulfil legal obligations, such as data retention, security audits, and regulatory reporting.

3.3 Legal Bases for Processing

We process personal data based on:

  • Consent: As obtained through opt-ins for specific activities (e.g., marketing).
  • Contractual Necessity: To deliver services agreed upon with users or clients.
  • Legitimate Interests: For internal improvements, fraud prevention, and maintaining security.
  • Legal Obligations: To comply with applicable laws and respond to lawful requests.

4. Data Sharing and Transfers

4.1 Sharing Personal Data

We share personal data only when necessary and in accordance with this Privacy Policy:

  • With Sub-processors: Trusted third parties that provide essential support services, such as hosting, analytics, and payment processing. All sub-processors are bound by data protection obligations.
  • With Affiliates: Entities within our corporate group for shared service delivery and operational efficiency.
  • For Legal Compliance: With regulators, courts, or law enforcement if required by applicable laws.

4.2 International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with strict data protection laws, we ensure adequate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

4.3 Onward Transfers

Sub-processors located in third countries are required to comply with contractual terms ensuring equivalent data protection standards.

5. Data Retention

We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy or as required by law. Specific retention periods include:

  • Operational Data: Retained for the duration of the service relationship and a reasonable period thereafter to address inquiries or disputes.
  • Legal Retention: Retained in compliance with legal obligations (e.g., tax records, regulatory requirements).
  • Backup and Archival Data: Retained as part of disaster recovery and system integrity plans, with strict access controls.

Upon termination of the data retention period, data will be securely deleted, anonymized, or de-identified.

6. Your Rights

Depending on applicable laws, you may exercise the following rights:

6.1 Access and Transparency

Request a copy of the personal data we hold about you, including details of how it is processed.

6.2 Rectification and Erasure

  • Correct inaccuracies or update incomplete data.
  • Request deletion of your data, subject to applicable legal or contractual restrictions.

6.3 Restriction and Objection

  • Restrict certain types of data processing.
  • Object to processing based on legitimate interests or for direct marketing purposes.

6.4 Data Portability

Receive a copy of your personal data in a commonly used, machine-readable format.

6.5 Consent Withdrawal

Withdraw previously given consent without affecting the lawfulness of processing before withdrawal.

Requests may be submitted via legal@kitahq.com . We may require verification of your identity before processing your request.

7. Security Measures

We take the security of personal data seriously and implement robust measures, including:

  • Encryption: Protecting data in transit and at rest using industry-standard encryption methods.
  • Access Control: Ensuring only authorized personnel can access personal data on a need-to-know basis.
  • Monitoring: Continuous monitoring of systems to detect and respond to potential threats.
  • Incident Response: Established protocols to manage data breaches, including notifying affected parties and regulators as required by law.

We regularly review and update our security policies to align with SOC 2 standards and evolving best practices.

8. Cookies and Tracking

We use Cookies and similar technologies for site functionality, analytics, and marketing purposes. Essential Cookies are required for the platform’s operation, while non-essential Cookies require user consent.

For more information, refer to our Cookies Policy.

9. Security Measures

We implement stringent technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit and at rest.
  • Regular SOC 2-aligned audits and assessments.
  • Access controls based on the principle of least privilege.

10. Data Breach Notification

In the event of a data breach affecting your Personal Data, we will notify you and relevant authorities in accordance with applicable laws.

11. Children’s Data

Our Services are not intended for individuals under the age of 18. We do not knowingly process data of minors without verifiable consent.

12. Updates to this Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. Updates will be effective upon posting on our website. Continued use of our Services indicates acceptance of the updated terms.

13. Contact Information

For questions or concerns about this Privacy Policy, contact us at:

  • Email: legal@kitahq.com

Untitled UI logotext
hello@kitahq.com+62 81010 1010
Jakarta, Indonesia
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Privacy PolicyTerms of UseCookiesDirectory
English
Made in Webflow