Privacy Policy

A. Jobs Portal (jobs.divinosolutions.com)

B. Partners Portal (partners.divinosolutions.com)

C. Main Website (divinosolutions.com)

Internal Sharing

Within Divino Business Solutions Inc., your data may be shared between departments to facilitate service delivery and internal operations. For example, candidate data submitted via the jobs portal may be reviewed by our recruitment team through the business services portal.

External Sharing

• Clients: We only share candidate profiles with potential employer clients after you submit your application or profile through the jobs portal.
• Vendors and Service Providers: We engage trusted third-party vendors to help us deliver services. These vendors may process personal data on our behalf, under strict confidentiality and security requirements:
  • HubSpot: For CRM and communication tracking.
  • Google Cloud, Namecheap: For hosting and infrastructure.
  • AI Tools: Used for automated resume screening to assist with candidate-job matching.
  • Stripe: For secure payment processing. View Stripe's Privacy Policy
  • Other essential vendors: Including IT providers and analytics platforms, for secure and compliant business operations.
  • We maintain Data Processing Agreements (DPAs) with all third-party processors who handle personal data to ensure compliance with applicable privacy laws.
• Legal and Regulatory Authorities: We may disclose your data when required by law or in response to valid legal processes (e.g., tax compliance, government requests, or investigations). This may include disclosure to the Canada Revenue Agency (CRA), WSIB, or similar entities.

Safeguards for Transfers

• European Union (EU): For transfers of personal data from the EU to countries outside the EU that have not been deemed to provide an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses provide contractual safeguards to ensure that your data is protected to the same standards as within the EU.
• Canada (PIPEDA): When transferring personal data to our vendors in the United States, we ensure that these transfers comply with PIPEDA requirements. Canada has recognized the data protection laws of the United States as providing an adequate level of protection in certain circumstances.
• Other Jurisdictions: For transfers to other countries, we ensure all international data transfers are done in accordance with applicable privacy laws, using contract clauses or technical controls where appropriate.

Data Storage Locations

Our primary data storage is located on servers in Canada. However, for business continuity and disaster recovery purposes, we may also maintain backups of data on servers in the United States and the European Union. We select data centers with robust security measures in place.

Ontario-Specific Note: We prioritize using Canadian-hosted vendors, such as AWS Canada Central Region, where feasible, to adhere to data residency considerations. We also conduct annual audits of our U.S. vendors to assess their compliance with the CLOUD Act.

Technical Measures

• Data Encryption: All data stored in our systems is encrypted at rest and in transit using AES-256, as provided by Google Cloud and Firebase.
• Multi-Factor Authentication (MFA): MFA is enabled for all administrator accounts that access Firebase or Google Cloud services.
• Secure Hosting: Our infrastructure is hosted on Google Firebase, which includes built-in protections like automated SSL, request validation, and threat detection.
• App Protection: Firebase security rules and environment-based access controls are used to protect access to Firestore, Realtime Database, and Storage.
• Vulnerability Management: We rely on Google's infrastructure-level protections and conduct internal reviews of critical code to reduce security risk.
• Keystroke Logging: Prohibited across all company devices.

Organizational Measures

• Access Control: Access to production systems is limited to authorized personnel (internal team members only) on a need-to-know basis.
• Confidentiality: While we do not currently use formal NDAs, all employees are informed of their responsibility to handle user data with care and discretion.
• Vendor Certifications: Our infrastructure providers, including Firebase, are compliant with internationally recognized standards such as SOC 2 and ISO 27001.
• Team Training: Team members with system access are regularly informed of data security practices and policies.

Breach Response

In the event of a data breach involving personal data, we will notify affected individuals and relevant authorities as required by applicable laws. Under GDPR, this may include notification within 72 hours. Under PIPEDA, we will notify as soon as feasible. Breach handling procedures are based on incident severity and nature of affected data.

Note: We do not process any personal health information as defined under PHIPA.

Employee Monitoring (Ontario ESA Compliant)

• We do not use screen recordings or tracking software on employees or their devices.
• Keystroke logging and screenshot capture tools are strictly prohibited.
• Monitoring is limited to account-level access logs and basic Google Workspace audit trails for security purposes only.

Access and Correction

• Jobs Portal Users: You can access and update your profile information, including your resume and contact details, through your account dashboard.
• Partners Portal Clients: You can review certain account data via your client dashboard.
• For other access or correction requests, please email privacy@divinosolutions.com. We verify your identity by confirming your registered email address.

Deletion (Right to Erasure)

In certain circumstances, you may request the deletion of your personal data by emailing privacy@divinosolutions.com. We will review and process your request as required by law.

Data Portability

We currently do not offer automated data export, but you may request data deletion at any time.

Objection to Automated Processing

We use automated systems to assist in resume screening, but no decisions are made solely by AI. You may request a review by emailing us at privacy@divinosolutions.com.

Withdrawal of Consent

You can withdraw your consent to receive marketing emails by using the unsubscribe link in any message. For other types of consent, please email privacy@divinosolutions.com.

California Residents - Sale of Personal Info

Divino Business Solutions Inc. does not sell personal information as defined under the California Consumer Privacy Act (CCPA).

Cookie & Tracking Preferences

By continuing to use our website, you consent to our use of cookies as outlined in our privacy policy. If you wish to opt out, you may disable cookies in your browser settings.

Accessibility (AODA Compliance)

We are committed to providing accessible information. This policy is available in alternate formats, such as Braille or audio, upon request by contacting privacy@divinosolutions.com.

Essential Cookies

These cookies are necessary for the basic operation of our websites and portals. They enable core functionality such as page navigation, secure login, and access to account features.

• Session cookies for secure access to the jobs and partners portals

Advertising Cookies

These cookies are used to deliver relevant ads and measure ad performance. They are typically placed by trusted third-party networks.

• Google Ads: Used for personalized job-related advertising. Learn More
• LinkedIn Insights Tag: Used for conversion tracking and retargeting on our corporate website. Learn More

Analytics Cookies

These cookies help us understand how visitors interact with our websites. We use this data to improve performance, navigation, and content delivery.

• Google Analytics 4 (GA4): Collects anonymized traffic and behavior data. Learn More
• Hotjar: Used for heatmaps and user interaction insights (anonymized). Learn More
• Microsoft Clarity: Provides anonymous session recordings and heatmaps. Learn More

Notification of Changes

If we make material changes to this policy, we will notify users either by email (if available) or by posting a notice on our website prior to the changes taking effect. In the event of material changes, we may ask users to re-consent to the updated policy.

Version History

A version history of this policy will be maintained in the footer of our website for transparency.

Acceptance of Changes

By continuing to use our services after the updated Privacy Policy has been posted, you acknowledge and accept the revised terms. If you do not agree to the changes, you may stop using our services at any time.

Consent Expiry: User consent will automatically expire after one (1) year. We will re-prompt users for consent when required by law or after significant updates.