Last updated: October 23, 2025
K‑SCAN, a French Simplified Joint‑Stock Company (Société par Actions Simplifiée – SAS) with a share capital of €20,000, whose registered office is located at 1, Place Charles de Gaulle – 78180 Montigny‑le‑Bretonneux – France, registered with the Versailles Trade and Companies Register under number 993 327 444, acts as data controller for data collected via its services and website.
K‑SCAN only collects data that is strictly necessary for the provision and improvement of its services: identification data, professional contact details, skills, CVs, job offers, usage histories and technical connection data.
The data collected is used to: enable the functioning of matching and analysis services, manage user accounts, provide customer support, and improve the quality of algorithms and user experience. Personal data collected by K‑SCAN is processed for the following purposes: Provision and operation of the service: creation and management of user accounts, configuration of client areas, technical administration of the platform. Publication of job offers: posting, multi‑posting and tracking of job ads on the platform and on partner sites. Management of applications: receipt, storage, filtering and organisation of applications within the K‑SCAN platform on behalf of client companies. Shared CV database: hosting and provision of shared professional profiles under the conditions agreed with client companies. Semantic matching and decision support: use of skills‑analysis algorithms to suggest matches between needs and profiles, without any automated decision being taken as a result. Security and continuous improvement: monitoring of proper service functioning, anomaly detection, performance optimisation and training of AI models in compliance with the GDPR. Customer support and communication: technical assistance, handling of requests and improvement of service quality. Processing carried out by K‑SCAN aims to provide client companies with a set of recruitment management tools while ensuring the confidentiality, security and compliance of candidate data. When client companies use K‑SCAN to store or process candidate data, they act as data controllers and K‑SCAN acts as processor within the meaning of the GDPR. K‑SCAN undertakes to: host and protect data in accordance with the GDPR; never use candidate data for its own purposes;
Data processing carried out by K‑SCAN is based, as the case may be, on performance of a contract (Article 6(1)(b) GDPR), the user’s explicit consent (Article 6(1)(a)) or K‑SCAN’s legitimate interest in ensuring the security and continuous improvement of its services (Article 6(1)(f)). Client companies act as data controllers for data they collect and manage in the context of their recruitment activities. K‑SCAN acts as processor, within the limits of the contractual instructions received.
Data may be processed by internal artificial intelligence models for deterministic semantic matching (MAIA), detection of technical similarities and relevance assessment. No automated decision producing legal effects is taken without human intervention. Algorithmic processing is subject to regular fairness and performance checks. These models are hosted exclusively within the European Union. No transfers of identifying data are made to third‑party services located outside the European Union. If data is transferred to a third country, K‑SCAN will ensure that the safeguards provided for in Articles 44 to 49 GDPR are implemented, in particular through the use of standard contractual clauses adopted by the European Commission. K‑SCAN carries out regular checks to ensure that algorithmic processing does not generate discriminatory bias. Fairness and performance audits are carried out periodically, with human oversight ensuring the quality of results.
Personal data is retained for the duration of the contractual relationship plus three (3) years from the last interaction with K‑SCAN, unless otherwise required by law or upon the user’s request for deletion.
In accordance with the GDPR, users have the right of access, rectification, erasure, restriction, objection and portability of their data. These rights may be exercised by any data subject by sending a request to the following address: TO BE COMPLETED. K‑SCAN undertakes to respond within a maximum of one (1) month, in accordance with Article 12(3) GDPR.
K‑SCAN implements appropriate technical and organisational measures to ensure the security and confidentiality of data. Access to data is restricted to authorised persons only, who are bound by confidentiality obligations.
Some services may be outsourced to partners that comply with the GDPR. A data processing agreement compliant with Article 28 GDPR is concluded between K‑SCAN and its processors, setting out the parties’ undertaking to process data only on documented instructions from K‑SCAN and to ensure the confidentiality and security of the information processed. Data hosting is provided by OVH SAS, 2 rue Kellermann – 59100 Roubaix – France.
K‑SCAN reserves the right to amend this Privacy Policy at any time. Any material change will be notified by K‑SCAN to its users at least fifteen (15) days before it takes effect, by email or via the website www.kscan.io. Previous versions will remain available in a history section on the website.