Arno Data Privacy Policy

Effective Date: 23rd August 2025

Controller: Arnopro Ltd. (Arno)

Arno is an NDPC-approved Data Controller/Processor of Major Importance (DCPMI) under NDPA 2023 / GAID 2025. This can be verified on the NDPC register. View our NDPC certification here

1. Scope & Framework

Welcome to Arno. Your privacy is top-priority to us. This Policy explains how Arno collects, uses, shares, stores, and protects personal data in connection with our web and SaaS services for talents and recruiters. We comply with Nigeria’s Data Protection Act, 2023 (NDPA) and the NDPC General Application & Implementation Directive (GAID 2025), as updated from time to time. Arno will update its status with the NDPC as required by GAID (classification based on data volumes within the prescribed 6-month window)

2. Information We Collect

• Personal Information: This includes names, email addresses, phone numbers, and other details provided during account creation.

•Professional Data: Information pertaining to your CV/resume, employment history, educational background, skills, and certifications, which may be collected directly from you or through integrations with platforms like Google.

• Account & authentication: User ID, password hash, session/MFA data.

•Payments & billing: Invoice/receipt data and transaction references (Arno does not store card numbers; payments handled by PCI-compliant processors).

• Communications: in-app messages, service emails, calendar invites

• OAuth Data: When you link your external accounts, we access information as authorized by you and within the scope permitted by these platforms' APIs.

• Usage and Device Information: We collect data regarding your interactions with our platform, device type, operating system, IP addresses, interaction logs and browser to enhance service functionality and security.

• Recruitment records: job applications, JD–CV match results/scores, shortlist status, interview schedules and business interview notes.

• Security & audit logs: sign-in events, access/audit trails, admin actions.

• Enterprise client contacts: names, work emails, phones, job titles/roles, billing/technical contacts, seat/permissions; admin audit trails.

• Not collected by default: special-category data (health, religion, biometrics), or children’s data. We instruct users not to upload such data.

3. Legal Basis for Data Processing

We process personal data, based on the following legal grounds under applicable laws and regulations

• Consent: For processing data where you have given clear consent

• Contractual Necessity: To fulfill our contractual obligations (e.g., create/manage accounts, provide matching & messaging, schedule interviews, billing).

• Legal Obligation: When required by law (e.g., for tax purposes).

• Legitimate Interests: To improve our Services, including platform security (logging, fraud/abuse prevention), reliability (backups/monitoring), and product analytics using pseudonymized/aggregated data.

4. How We Use Your Information

• Service Delivery: To provide, operate, and maintain our services.

• Improvement of Services: To analyze and improve our platform, including using insights from the personality test to offer personalized job recommendations and optimize user experience.

• Personalization: To customize your experience according to your interactions and preferences.

• Communication: To contact you with updates, security alerts, and administrative messages.

• Compliance and Safety: To comply with laws and regulations and to protect the rights and safety of our users and third parties.

• Matching Services: To connect recruiters and talents in a professional network.

• Preliminary Chat Scheduling: To schedule meetings using your Google Meet or Zoom account, with your explicit permission via OAuth.

• Protection from Illegal Activities: To protect against fraud, unauthorized activities, and illegal activities

5. Sharing & International Transfers

We share data with service providers (processors) for hosting, communications, analytics, payments, and customer support; and with recruiter/employer clients (controllers) as part of matching. Where data is transferred outside Nigeria (e.g., UK/EU/US), Arno implements Data Processing Agreements, conducts Transfer Impact Assessments, and applies contractual safeguards and encryption in transit/at rest. See our Sub-processor Register:

6. Google OAuth Login

If you choose to connect your Google account using OAuth 2.0, we will request permission to access certain information from your respective profile. This may include your name, profile picture, email address, job title, education, certifications, and other professional information.

7. How We Use Your OAuth Data:

• Profile Creation: Your Google data will be used to populate your profile on our platform, making it easier for you to connect with recruiters and present your professional credentials. It will also be used for scheduling preliminary chats.

• We will not store or use your Google login credentials

User Control of Personal Data: You have control over the data shared and can disconnect your Google account at any time.

8. Sharing Your Information

• With Service Providers: Third parties who assist us in operating our platform, conducting our business, or serving our users.

• For Legal Reasons: When required by law or to protect our rights, property, or safety.

• With Your Consent: Sharing information with recruiters or potential employers, with your consent, as part of our talent-recruiter matching services.

• Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, with appropriate safeguards in place.

9. Data Retention:

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce these Terms. Specific retention periods may vary based on the type of data and the purpose for which it was collected. Retention periods by category are set out in our Data Retention & Storage Policy..

You can request the deletion of your Account and personal data at any time by contacting us at info@arnopro.com. Upon such request, deleted accounts are removed from production within 30 days; backups expire on a 30-day rolling basis. Legal holds pause deletion for specific records as required by law or for legitimate business purposes.

10. Data Security

We employ robust security measures to protect your data from unauthorized access, alteration, misuse, disclosure or destruction. We use industry-standard measures to protect your data, including:

• Encryption: Encryption of data in transit (SSL/TLS) and at rest.

• Access Control: Limiting access to personal data to authorized personnel only.

• Regular Audits: Conducting regular security assessments to ensure the ongoing security of your data. In the event of a data breach, we have procedures in place to promptly address and mitigate the impact. We will notify affected users and relevant authorities as required by law.

While we follow industry best practices to ensure the security of your data, please note that no internet-based service can guarantee absolute security

11. Your Rights

• Access and Update: You can access, review, update, or delete your personal information at any time.

• Opt-Out: You have the right to opt-out of certain uses of your information, such as direct marketing communications.

Data Portability: You have the right to receive a copy of the information you have provided in a structured, commonly used, and machine-readable format.

• Disconnect your Google account from our platform.

We respond within 30 days (extendable as permitted). Requests: info@arnopro.com. If unresolved, you may contact the Nigeria Data Protection Commission (NDPC).

12. Children

Our services target adults (18+). We do not knowingly process children’s data

13. Cookies and Tracking Technologies

We use cookies and other tracking technologies to collect information about your interactions with our platform, improve user experience, and personalize content. You can adjust your browser settings to reject cookies, but this may impact the functionality of our services. For more information on how we use cookies, please review our Cookies Policy.

14. Changes to This Privacy Policy

We may modify this policy from time to time to reflect changes in our practices or relevant regulations. We will provide notice of any significant changes through our platform or by contacting you directly. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy regularly.