MyStaff_95x95

MyStaff

Log In
Book A Demo

Privacy Policy

MyStaff.my ( Part of Aftergroup – aftergroup.org)

Last Updated: May 22, 2025

1. Introduction

Welcome to MyStaff.my! This Privacy Policy outlines how MyStaff.my (“MyStaff,” “we,” “us,” or “our”), operated by Aftergroup EOOD, collects, uses, processes, protects, and discloses your personal data when you access or use our website, platform, and services (collectively, the “Services”) for hiring and candidate management.

Establishing trust through transparency is paramount to us. We are committed to safeguarding the privacy of our users, including employers, recruiters, and job candidates. This policy explains your rights regarding your personal data and how you can exercise them.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are (Data Controller)

MyStaff.my is a service provided by:

Aftergroup EOOD – a company registered in Bulgaria. Registration Number: 203675688. Address: ulitsa Sveti Kipriyan, block 251, floor 1, Sofia 1756, Bulgaria.

Aftergroup EOOD is the data controller responsible for your personal data collected through MyStaff.my.

For any privacy-specific concerns or to exercise your data protection rights, please contact our Data Protection Officer (DPO):

  • Email: dpo@mystaff.my

For general support inquiries, please contact:

  • Email: support@mystaff.my

3. Data We Collect

We collect personal data to provide and improve our Services. The types of data we collect depend on your interaction with our platform:

  • 3.1. Information You Provide Directly:
    • Account Registration (Employers/Recruiters): When you create an account, we may collect your name, company name, email address, phone number, billing information, and other details necessary to set up and manage your account.
    • Job Postings & Custom Forms (Employers/Recruiters): Information you provide when creating job postings or custom application forms, which may include details about the job role and the type of information you wish to collect from candidates.
    • Candidate Applications (Job Seekers): When candidates apply for a job through MyStaff.my, they may provide:
      • Personal identification details (e.g., name, email address, phone number, address).
      • Professional information (e.g., CVs/resumes, cover letters, employment history, education, skills, qualifications, references).
      • Information provided in response to custom job form questions set by employers.
    • Communications: If you contact us directly (e.g., via email to support or our DPO), we will collect the information contained in your correspondence.
  • 3.2. Information We Collect Automatically (Usage Data):
    • Log Data: When you use our Services, our servers automatically record information, including your Internet Protocol (IP) address, browser type and settings, operating system, device information, access times, pages viewed, and referring URLs.
    • Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your interaction with our Services, such as your Browse activities and preferences. Please see Section 8 (Cookies and Tracking) for more details.
  • 3.3. Information from Third Parties:
    • We generally collect personal data directly from you. However, in some instances, employers might provide us with information about potential candidates, or we might receive information from third-party services if you choose to link your MyStaff.my account with such services (e.g., professional networking sites, with your consent).

4. How We Use Your Data (Purposes and Legal Basis)

We process your personal data for specific purposes and only when we have a valid legal basis to do so under applicable data protection laws, such as the General Data Protection Regulation (GDPR).

  • 4.1. To Provide and Manage Our Services:
    • Purpose: To operate the MyStaff.my platform, facilitate hiring processes, manage candidate applications, create and manage user accounts, and enable communication between employers and candidates.
    • Legal Basis: Performance of a contract (with registered users), Legitimate interests (to provide a functional platform for all users).
  • 4.2. To Improve and Personalize Our Platform:
    • Purpose: To analyze usage patterns, understand user needs, troubleshoot issues, develop new features, and personalize your experience on MyStaff.my.
    • Legal Basis: Legitimate interests (to enhance and optimize our Services), Consent (for certain cookies or personalization features where required).
  • 4.3. To Communicate With You:
    • Purpose: To send you service-related announcements (e.g., maintenance, security alerts), respond to your inquiries, provide customer support, and, with your consent, send you marketing communications about our Services or those of Aftergroup.
    • Legal Basis: Performance of a contract (for service communications), Legitimate interests (to respond to inquiries), Consent (for marketing communications).
  • 4.4. To Ensure Security and Compliance:
    • Purpose: To protect the security and integrity of our platform, prevent fraud and abuse, enforce our terms of service, and comply with applicable legal and regulatory obligations (e.g., responding to lawful requests from authorities).
    • Legal Basis: Legal obligation, Legitimate interests (to protect our platform, users, and legal rights).

5. Data Storage and Security

  • 5.1. Data Storage and Location: Your personal data is stored on secure servers, which may be located within the European Economic Area (EEA) or in countries deemed to have an adequate level of data protection. If we transfer data outside the EEA to a country not deemed adequate, we will ensure appropriate safeguards are in place (see Section 9: International Data Transfers).
  • 5.2. Security Measures: We implement robust technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
    • Encryption of data in transit (e.g., SSL/TLS) and at rest.
    • Restricted access to personal data, limited to authorized personnel who need access to perform their job duties.
    • Regular security assessments and updates to our security practices.
    • Anonymization or pseudonymization of data where appropriate.
  • 5.3. Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or as required by applicable law (e.g., for legal, accounting, or reporting requirements).
    • Candidate Data: Retained for the duration of the application process and for a reasonable period thereafter as determined by the employer, or as consented to by the candidate for future opportunities.
    • Employer Account Data: Retained for as long as the account is active and for a reasonable period thereafter for record-keeping or to comply with legal obligations.
    • Usage Data: May be retained for shorter periods for analytical purposes, unless needed for security or longer-term service improvement.

6. Your Rights

Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal data. These include:

  • Right to Access: You have the right to request access to the personal data we hold about you and receive a copy of it.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain conditions (e.g., if it’s no longer necessary for the purposes for which it was collected).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., if you contest its accuracy).
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
  • Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The supervisory authority in Bulgaria is the Commission for Personal Data Protection (CPDP) (https://www.cpdp.bg/).

To exercise any of these rights, please contact our Data Protection Officer at dpo@mystaff.my. We will respond to your request in accordance with applicable data protection laws.

7. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your personal data in the following limited circumstances:

  • 7.1. With Employers and Candidates: As a core function of our Services, candidate application data (including CVs, cover letters, and responses to custom forms) will be shared with the specific employer(s) to whom a candidate applies. Job posting information provided by employers will be visible to potential candidates.
  • 7.2. Third-Party Service Providers: We may share your data with trusted third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., hosting providers, analytics providers, payment processors, email service providers). These providers are contractually bound to process your data only under our instructions and to implement appropriate security measures.
  • 7.3. Legal Obligations and Rights Protection: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to:
    • Comply with a legal obligation or lawful request from public authorities.
    • Protect and defend the rights or property of Aftergroup EOOD or MyStaff.my.
    • Prevent or investigate possible wrongdoing in connection with the Services.
    • Protect the personal safety of users of the Services or the public.
  • 7.4. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.
  • 7.5. With Your Consent: We may share your data with other third parties with your explicit consent.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to operate and enhance the user experience on MyStaff.my.

  • What are Cookies? Cookies are small text files placed on your device (computer, tablet, mobile) when you visit a website.
  • How We Use Cookies:
    • Essential Cookies: Necessary for the platform to function (e.g., user authentication, security).
    • Performance and Analytics Cookies: To understand how users interact with our Services, which pages are visited most often, and to gather statistical information to improve the platform (e.g., Google Analytics).
    • Functionality Cookies: To remember your preferences and choices (e.g., language settings, login details) to provide a more personalized experience.
  • Managing Your Preferences: Most web browsers allow you to control cookies through their settings. You can typically set your browser to block or alert you about these cookies, but some parts of the site may not work then. You can manage your cookie preferences through your browser settings and, where applicable, through a cookie consent banner on our website.

9. International Data Transfers

Your personal data may be processed in countries outside of your country of residence, including outside the European Economic Area (EEA), by us or our third-party service providers. When we transfer your personal data out of the EEA to a country not deemed by the European Commission to provide an adequate level of personal data protection, we will ensure that appropriate safeguards are implemented, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (BCRs).
  • Other legal mechanisms recognized under GDPR.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Children’s Privacy

Our Services are not directed to individuals under the age of 16 (or a higher age if stipulated by local law for processing personal data). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verification of parental consent, we will take steps to delete that information from our servers. If you believe that we might have any information from or about a child, please contact us at dpo@mystaff.my.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will update the “Last Updated” date at the top of this policy.

If we make material changes, we will notify you by posting the new policy on our website and, where appropriate, by sending you an email notification. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

12. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data handling practices, or if you wish to exercise your rights, please contact us:

Data Protection Officer:

  • Email: dpo@mystaff.my

General Support:

  • Email: support@mystaff.my

Company Address: Aftergroup EOOD ulitsa Sveti Kipriyan, block 251, floor 1 Sofia, Bulgaria

MyStaff.my (beta)

Facebook-f Linkedin-in Instagram

Product

Development

Services

Corporate

Contact us

© 2025 MyStaff.my | Powered by Aftergroup