Skip to content

Nejo Privacy Policy

Security shield with padlock icon, symbolizing data protection and online security

This version applies to all users who register on or after March 14, 2026, or who use Nejo without registration. For users with an existing Nejo account, the changes take effect on May 16, 2026.

1. Introduction

In this privacy policy, we inform you about the key aspects of data processing on our website. We want you to know exactly how we handle your data.

Last updated: March 16, 2026

2. Data Controller and Scope

Nejo FlexCo (referred to as "Nejo", "we", or "us") is responsible for the processing of your personal data when you use our products and services.

This privacy policy is addressed to the following groups:

  • Website visitors: Anyone who visits our website
  • Employers: Contact persons of our clients and business contacts

This privacy policy applies to https://mynejo.com and all websites and services operated by Nejo FlexCo that reference this privacy policy.

The party responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR is:

Nejo FlexCo

Meldemannstraße 18

1200 Vienna

Austria

hi@mynejo.com

You can reach our data protection officer at datenschutz@mynejo.com.

3. Fundamentals of Data Processing

3.1 What Is Personal Data?

Personal data refers to any information that relates to you as an identifiable person. Which of your data we process depends on:

  • which of our services you use
  • which voluntary consents you have given us
  • which data you enter yourself

3.2 Legal Bases at a Glance

We take the protection of your data very seriously. Your personal data is treated confidentially and in accordance with applicable laws.

We collect and process your personal data only on the basis of legal provisions (in particular the General Data Protection Regulation and the Austrian Telecommunications Act 2003).

Where this privacy policy does not further explain certain technical terms, the definitions of the EU General Data Protection Regulation (GDPR) apply. This is REGULATION (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data.

As a general principle, data minimization applies to all processing: Nejo collects and processes only those personal data that are necessary to fulfill the specifically requested function, and does not collect data "just in case" or for unrelated purposes.

3.3 Purposes and Legal Bases at a Glance

We process your personal data for the following purposes and on the following legal bases:

  • To create and manage your user account. Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
  • To analyze your resume in order to generate personalized job recommendations and enable the "1-Click Apply" feature. Legal basis: Art. 6(1)(a) GDPR (consent)
  • To send service emails (e.g. onboarding information, automatic job suggestions based on your search behavior, and personalized job notifications via the Job Agent). Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
  • To send marketing emails (e.g. career tips, Nejo updates). Legal basis: Art. 6(1)(a) GDPR (consent)
  • For fraud detection and security of our services. Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
  • To analyze usage data for product improvement and further development of our platform. For non-logged-in users who have consented to tracking via our cookie banner, the analysis is based on their consent (Art. 6(1)(a) GDPR). Where no consent has been given, we only collect anonymous, non-personal usage statistics without the use of cookies (Recital 26 GDPR). For logged-in users, we process usage data on the basis of our legitimate interest in improving our product (Art. 6(1)(f) GDPR). In doing so, we ensure that your rights and freedoms are safeguarded — in particular through pseudonymization and data minimization.

For contact persons of our business clients and contacts, we process data for:

  • Recruitment process support
  • Employer branding strategy support

4. Your Account

4.1 Required Information

4.1.1 Creating & Managing Your Account

When you create a Nejo account, we process your first name, your email address, and a password you set, which we store in encrypted form. We use this data to set up your account, log you in, and send you essential account-related information (e.g. registration confirmation, password reset). Providing your first name and email address is required for the performance of the contract. Without this information, we cannot create a user account for you. All additional information (Section 4.2) is voluntary and does not affect the basic usability of the platform.

4.1.2 Registration Logs

For security purposes and to verify your registration, we store the time of confirmation and the associated IP address. This data is stored for the duration of your active account usage. Upon account deletion, the registration logs are deleted immediately, unless legal retention obligations apply.

4.1.3 Social Login (Google, LinkedIn, Facebook, Apple)

If you sign in through one of these providers, we typically receive your name and email address from them. You don't need to set a password on Nejo in this case. Please note that changing your email address within Nejo is not possible for social login accounts; please use the respective provider's settings to make changes.

4.2 Optional Information

You can store additional information in your profile to improve your job search or complete applications more quickly. This includes, for example, phone number, address, date of birth, nationality, education, work experience, skills, certificates (and other professional details).

For job recommendations, we exclusively use career-related information such as education, work experience, skills and certificates, and language skills. We do not use: name, address, email, phone number, nationality, date of birth/age, or other identifying contact information for algorithmic matching.

4.3 Legal Basis

Required information: Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR); Security and fraud prevention: legitimate interest (Art. 6(1)(f) GDPR).

Optional information: Where the information is necessary to provide the features you requested (job search, applications): performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR). For additional, purely voluntary data: your consent or usage action (Art. 6(1)(a) GDPR).

4.4 Retention Period

As long as your account is active. If you are inactive for 24 months, we will send you a reminder email. If you do not respond, we will permanently delete your account (including registration logs) after an additional 6 months, unless legal obligations require otherwise. Upon account deletion, we delete your profile data and CV files (see the retention periods in the respective sections).

5. Job Search with AI Chat

The AI Chat search is the default search function on Nejo. You can describe your professional preferences in a chat conversation with our AI assistant and receive matching job suggestions based on your input. Your chat content is not used to train AI models and is not shared with third parties. Note: Under current regulatory discussions, this feature could potentially be classified as a high-risk AI system under the EU AI Act. Regardless of the final classification, Nejo FlexCo already aligns with the requirements of the EU AI Act.

5.1 What Data Do We Process?

As part of the AI Chat feature, we exclusively process career-related information that you share in the chat conversation with our AI assistant:

  • Professional career and career path
  • Education and qualifications
  • Skills and competencies
  • Language skills
  • IT and technical knowledge
  • Project and industry experience
  • Preferred work location

Important: We NEVER ask for personally identifying information such as name, phone number, email address, nationality, date of birth, age, or home address. Please do not share such information in the AI Chat.

5.2 Legal Basis

The processing of career-related information shared in the chat is based on Art. 6(1)(b) GDPR (performance of a contract), as the AI Chat search is a core feature of the platform. For the resulting personalization of job suggestions, we additionally rely on our legitimate interest (Art. 6(1)(f) GDPR).

5.3 Retention Period

Upon deletion of your account, all personal chat data is immediately and permanently deleted. In addition, the following maximum retention periods apply:

  • Chat history and extracted data: 18 months after last use of the AI Chat feature
  • Anonymized training data: Unlimited (as personal identification is no longer possible)

Retention periods restart each time you use the AI Chat feature. You can object to processing at any time or delete your account.

For details on how the AI Chat feature and the resulting job recommendations work, please see our Terms of Service.

Important: No Automated Decisions

Our job recommendations are based on automated analysis of your chat inputs (profiling). These recommendations are for guidance only — every final decision is yours.

6. Resume-Based Search and 1-Click Apply

To use these two features, you need to upload your resume. We ask for your explicit consent at the time of upload.

Important notice: The "Resume-Based Search" feature is classified as a potential high-risk AI system under the EU AI Act. Regardless of the final classification, Nejo FlexCo already aligns with the requirements of the EU AI Act and assumes responsibility as the provider for compliance with applicable regulations.

6.1 What Data Do We Analyze From Your Resume?

  • Professional career and career path
  • Education and qualifications
  • Skills and competencies
  • Language skills
  • IT and technical knowledge
  • Project and industry experience
  • Place of residence (if included in your CV)

Additional data captured if included in your resume:

  • Name, phone number, nationality, date of birth, address
  • Important: This data is NEVER used for job recommendations. It is only stored securely in your profile for the "1-Click Apply" feature.

6.2 1-Click Apply

When you apply, we show you which data from your profile will be sent to the employer before submission. You actively confirm this transfer.

6.3 Legal Basis

The processing of your resume is based on your explicit consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. The AI Chat search is a core feature of the platform and does not require separate consent.

6.4 Retention Period

You can delete your data at any time through your profile settings on Nejo. All personal data will then be immediately and permanently deleted.

Even if you do not withdraw your consent, we only store your data for a limited maximum period:

  • Raw CV data: 12 months after last use of the CV search feature
  • Extracted profile data: 18 months after last use of the CV search feature
  • Anonymized training data: Unlimited (as personal identification is no longer possible)

Retention periods restart each time you use the CV search feature.

Important: No Automated Decisions

Important: Our job recommendations are based on automated analysis of your profile (profiling). These recommendations are for guidance only — every final decision is yours.

7. Email Communication

We distinguish between three types of emails: system notifications, service emails, and marketing emails. Emails are sent via Azure Communication Services (Germany region) and Customer.io (EU region) as data processors under Art. 28 GDPR.

7.1 System Notifications (cannot be unsubscribed)

We send you certain emails that are necessary for using your account — such as registration confirmation, password reset, notification when your resume has been processed, and security- or legally relevant communications (e.g. changes to the terms of service or privacy policy).

You cannot unsubscribe from these system emails. We do not track opens or clicks for these messages. To ensure deliverability, we store sending timestamps and technical status information for as long as your account exists.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest in the secure and reliable provision of our services (Art. 6(1)(f) GDPR).

7.2 Service Emails (Onboarding, Job Suggestions, and Job Agent)

When you create a Nejo account, we send you emails about services similar to those you already use. These include in particular:

  • Onboarding emails: Information and tips for getting the most out of your Nejo account after registration
  • Similar Jobs: Automatic job recommendations based on your search behavior, saved search criteria, or profile information (e.g. skills, work experience, preferred location)
  • Job Agent: You can set up personalized job notifications — with your own search criteria, preferred regions, and desired frequency. The Job Agent regularly sends you matching job listings by email.

7.2.1 What Data Do We Process for Service Emails?

  • Email address for delivery
  • Search behavior and saved search criteria (keywords, location, industry, etc.)
  • Profile information (if available: skills, work experience, preferred location)
  • Registration date and account status (for onboarding sequence)
  • Interaction data (opens, clicks) for optimization and statistical analysis

7.2.2 Legal Basis

Service emails are sent on the basis of our legitimate interest under Art. 6(1)(f) GDPR in conjunction with Section 174(4) of the Austrian Telecommunications Act 2003 (TKG 2003). Our legitimate interest lies in informing you about services similar to those you already use as a registered user.

Balancing of interests: As a user of a job search platform, you can reasonably expect to be informed about relevant new job offers and features. Emails are sent exclusively in relation to services you already use (e.g. job search, profile optimization) and aim to provide you with a better service. Your right to object is ensured through simple opt-out options in every email.

7.2.3 Unsubscribing

You can unsubscribe from service emails at any time:

  • By clicking the unsubscribe link in any email
  • In your profile settings under email preferences

Service emails are sent for the duration of your active relationship with us (i.e. as long as you have an active Nejo account and have not unsubscribed).

7.3 Marketing Emails (consent required)

In addition to service emails, you can opt in to marketing emails. These include:

  • Career tips and tricks for your job search
  • Re-engagement emails after extended inactivity
  • Nejo updates and platform news

Legal basis: Your explicit and voluntary consent under Section 174(3) TKG 2003 in conjunction with Art. 6(1)(a) GDPR. You can give this consent during registration or later in your profile settings.

7.3.1 Unsubscribing

You can withdraw your consent at any time by:

  • clicking the unsubscribe link in the email, or
  • changing the setting in your profile settings on Nejo

Upon withdrawal, no further usage data will be linked to your email address and no more marketing emails will be sent.

7.4 Email Personalization

To send you more relevant content, we combine pseudonymized usage data from PostHog (e.g. which features you use, which pages you visit) with your email address in Customer.io for certain emails.

7.4.1 Service Emails

For service emails (e.g. onboarding, job suggestions), we use this link to send you more relevant content based on your actual platform usage — such as which features you have already used or which job categories interest you. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). The linking serves exclusively to improve the service you already use.

7.4.2 Marketing Emails

For marketing emails, the linking only occurs with your explicit consent. Legal basis: Art. 6(1)(a) GDPR (consent).

7.5 Email Tracking (Tracking Pixels)

Our service emails and marketing emails contain tracking pixels. These are small embedded images that allow us to detect whether and when an email was opened and which links were clicked. This data helps us improve the relevance and quality of our emails. Legal basis for service emails: legitimate interest (Art. 6(1)(f) GDPR); for marketing emails: your consent (Art. 6(1)(a) GDPR).

7.6 Retention Period

  • Service email data: For the duration of your active relationship with us; deleted upon account deletion or unsubscription
  • Marketing email data: Automatic deletion of associated consent and interaction data after 12 months without email interaction
  • Sending history: 3 months for technical tracking

8. Usage Analytics for Product Improvement

8.1 What We Do and Why

To improve our platform, we use the product analytics tool PostHog Cloud EU to understand how our services are used — for example, which features are used, where drop-offs occur, or which pages are most popular. This allows us to fix bugs, improve user experience, and prioritize development.

  • Non-logged-in users: Analysis only occurs after your consent via our cookie banner (Art. 6(1)(a) GDPR).
  • Logged-in users: Analysis is based on our legitimate interest under Art. 6(1)(f) GDPR. We pay particular attention to pseudonymization, data minimization, and transparency.

Even for logged-in users, no directly identifying data (such as name or email address) is transmitted to PostHog — only a pseudonymous user identifier. Additionally, we use technical safeguards to exclude sensitive content (e.g. masking, client-side filters).

8.2 Legal Basis

Processing is based on our legitimate interest under Art. 6(1)(f) GDPR to provide and continuously improve our service in a functional, secure, and user-oriented manner. We conduct a balancing of interests: our development and quality interests are weighed against the potential impact on our users' privacy. Key criteria include registered users' reasonable expectations, pseudonymization, data minimization, technical and organizational safeguards, as well as transparency and easy opt-out options.

8.3 Withdrawal / Opt-out

You can object to the processing of your personal data for product analytics purposes at any time. In the application, you will find a toggle under [Profile > Settings > Usage Analytics]; when you deactivate it, we stop the further collection and transmission of usage events to PostHog. Alternatively, you can send your objection by email; we will then implement the opt-out technically on your behalf. Upon request, we will review the deletion of previously collected data.

8.4 What Data We Transmit

Typical data collected includes:

  • Pseudonymous user ID (for logged-in users)
  • Event name (e.g. click, page view, feature used, etc.)
  • Timestamp and URL context
  • Device and browser information
  • Campaign/referrer data (e.g. UTM tags)

8.5 Retention Period and Deletion

Service provider: PostHog, Inc. as a data processor. We use PostHog Cloud EU; this instance is operated in the AWS region eu-central-1 (Frankfurt, Germany), and usage data remains in the EU. A data processing agreement has been concluded.

For usage analytics in PostHog, we use a pseudonymous user identifier (distinct_id). When your user profile is deleted, the link between your account and this identifier is permanently removed. Additionally, we delete or clear — where applicable — the corresponding person profile in PostHog (including identifying properties). Previously collected usage events are retained but can no longer be attributed to an identifiable account and are only evaluated in aggregated form for product statistics.

9. Use via Third-Party Platforms (e.g. ChatGPT)

Nejo can also be used via third-party platforms, such as AI platforms like ChatGPT. When you use Nejo through such a third-party platform, we process your inputs and the information derived from them to provide the requested functionality (e.g. job search, job recommendations, application assistance).

Nejo exclusively processes those specific content excerpts that are purposefully transmitted by the third-party platform to fulfill the requested function. We do not request the full conversation history, nor do we reconstruct or infer it, and we do not process any additional contextual data from the third-party platform.

When you use Nejo via ChatGPT or a similar third-party platform, we generally process inputs without linking them to a Nejo user account. We do not attempt to identify you, and we do not merge this data with existing Nejo profiles.

Nejo does not collect, require, or process any restricted data when used via third-party platforms. This includes, in particular, payment data (e.g. credit card details), government identification numbers, health data, and access credentials or authentication secrets (e.g. passwords, API keys, or one-time codes).

Nejo does not transmit any personal data to the third-party platform provider in this context. The return of results (e.g. job suggestions) is limited to content-based responses within the platform.

Please note: The processing of your data by the respective third-party platform (e.g. ChatGPT/OpenAI) is additionally subject to the privacy policy and terms of service of that third-party platform. Nejo is responsible for the processing of data that we receive and process as part of Nejo's functionality; the third-party provider is responsible for data processing within its own platform.

9.1 What Data Do We Process?

  • Chat content that you share as part of using the Nejo feature (in particular career-related information such as education, work experience, skills, job preferences).
  • Technical metadata strictly required for secure operation and fraud prevention (e.g. timestamps, status information, pseudonymous session/request IDs, error messages). This metadata is not used for tracking, profiling, behavioral analysis, or analytics within third-party platforms.

Important: Please do not share sensitive or confidential information via third-party platforms that is not required for the feature (especially special categories of personal data under Art. 9 GDPR).

9.2 Retention Period and Deletion

When using Nejo via third-party platforms (e.g. ChatGPT), processing occurs without attribution to an identifiable person or a Nejo user account.

Since no identifying characteristics are available to us, individual attribution, information requests, or deletion upon request are technically not possible (Art. 11 GDPR). In these cases, we are not required to collect additional information to enable identification.

Instead, the following fixed retention and deletion periods apply:

  • Chat content (prompts and responses): Storage for a maximum of 30 days after processing, followed by automatic deletion.
  • Technical operational and security logs (e.g. timestamps, status and error messages): Storage for a maximum of 30 days, exclusively for system security, error analysis, and fraud prevention purposes.
  • Anonymized and aggregated usage data: May be stored without time limitation, as personal identification is no longer possible.

After the respective periods expire, data is automatically deleted or irreversibly anonymized.

No data is shared with additional third parties. Nejo does not create publicly visible content based on information transmitted via third-party platforms and does not carry out any external communication or sending activities.

10. Hosting and Infrastructure

We operate our platform on Railway (EU region) for application hosting and use Cloudflare as a content delivery network (CDN) and DNS service. For AI systems and data processing, we use Microsoft Azure in the EU region Germany, and for AI-powered analysis and processing features, we additionally use Google Cloud (EU). The AI models may come from various providers (e.g. Google, OpenAI, Anthropic) and are operated exclusively through our data processors on EU servers.

10.1 Data Processors

We have data processing agreements pursuant to Art. 28 GDPR in place with our direct service providers. AI model providers whose models are operated through our EU infrastructure do not have direct access to personal data. Your data is not used to train AI models.

Currently used service providers:

  • Microsoft Azure: AI systems, data processing, and cloud infrastructure (EU region Germany)
  • OpenAI (as a sub-processor under Azure OpenAI)
  • Google Cloud: AI-powered analysis and processing features
  • Customer.io: Email delivery for system emails (Art. 6(1)(b) GDPR), service emails including onboarding, job suggestions, and Job Agent (Art. 6(1)(f) GDPR), and marketing emails (Art. 6(1)(a) GDPR). Customer.io is operated in the EU region.
  • PostHog, Inc.: Usage analytics for product improvement (PostHog Cloud EU, AWS eu-central-1 Frankfurt)
  • MongoDB, Inc. (MongoDB Atlas): Storage of user profiles, search data, and platform data. Operated on Microsoft Azure in the EU region Frankfurt (Germany West Central). A data processing agreement pursuant to Art. 28 GDPR is in place.
  • Railway Corp.: Application hosting of the Nejo platform (EU region). A data processing agreement pursuant to Art. 28 GDPR is in place.
  • Cloudflare, Inc.: Content delivery network (CDN) and DNS service. Cloudflare processes technical connection data (in particular IP addresses) for the delivery and security of our website. A data processing agreement pursuant to Art. 28 GDPR is in place.
  • Additional AI model providers (e.g. Anthropic), whose models are operated exclusively through our EU infrastructure (Azure, Google Cloud)

10.2 Legal Bases

  • Basic operations (account management, website, system emails): Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest in security, availability, and performance (Art. 6(1)(f) GDPR).
  • CV processing & job suggestions: Your explicit consent (Art. 6(1)(a) GDPR). We process your resume and generate personalized job suggestions only after your consent. Your resume is not used to train AI models.
  • Data processing: Microsoft Azure and Google Cloud are data processors under Art. 28 GDPR. Corresponding agreements are in place. All processing takes place in the EU (Azure DE, Google Cloud EU), encrypted and secured in accordance with Art. 32 GDPR.

10.3 Consent

  • No consent is required for basic operations.
  • Separate consent is required for the AI-powered processing of your resume, which you can withdraw at any time. The AI Chat search is a core feature of the platform and does not require separate consent.

10.4 International Data Transfers

Your data is generally processed on EU servers. If, in individual cases (e.g. for support or troubleshooting), a transfer to third countries cannot be entirely excluded, it is carried out on the basis of appropriate safeguards such as Standard Contractual Clauses (Art. 46 GDPR). Data processing agreements pursuant to Art. 28 GDPR have been concluded with our direct service providers.

If we transfer your personal data to a country outside the EU/EEA (third country) for which no adequacy decision within the meaning of Art. 45 GDPR exists, we ensure the protection of your data through appropriate safeguards within the meaning of Art. 46 GDPR.

Any sharing of data takes place exclusively on the basis of contractual agreements and in compliance with applicable data protection regulations.

10.5 Retention Period and Deletion

  • Basic data: As long as your account is active; reminder after 24 months of inactivity, deletion after an additional 6 months.
  • CV processing data & logs: In accordance with your consent, identical lifecycle as account data.

You can perform the complete and permanent deletion of your profile at any time through your profile settings.

10.6 Technical and Organizational Measures

  • All processing takes place in Azure DE (EU region), encrypted and secured in accordance with Art. 32 GDPR.
  • A Data Protection Impact Assessment (DPIA) has been conducted for the AI system "Resume-Based Search", and technical filters have been implemented to prevent the extraction or sharing of sensitive data (Art. 9).

11. Cookies and Website

We want your visit to our website to be as pleasant as possible. To understand what really matters to you, we use appropriate technologies, particularly cookies.

With our cookie box, you can decide for yourself how much we can know about you, and you can adjust your selection at any time.

Blocking certain types of cookies may mean that not all features can be used to their full extent.

Our website is accessible through all common browsers. You can also set cookie preferences directly in your browser settings.

Depending on your individual cookie settings, we process the following personal data:

  • Browser type
  • Cookie data
  • Device type
  • Scrolling behavior
  • Identification ID (UUID)
  • Click behavior

For more information about our cookie usage, please see our Cookie Policy.

11.1 Server Log Files

When you visit our website, we automatically collect certain information in so-called "server log files." These are technical data generated during every website visit:

  • IP address or hostname
  • Browser used
  • Time spent on the website
  • Date and time of visit
  • Pages viewed on our website
  • Language settings and operating system
  • "Leaving page" (which URL you left our website from)
  • ISP (Internet Service Provider)

This information is not processed in a personally identifiable manner and is not linked to other personal data. It helps us technically optimize our website and ensure its security.

11.2 Google Fonts

For an appealing and consistent display of our website, we use fonts from Google Fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Tel: +353 1 543 1000).

When you visit our website, your browser loads the required fonts and caches them. In this process, Google may set cookies on your device.

The use of Google Fonts serves the optimal display of our content and a consistent design of our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Google also processes data in the USA but has committed to the EU-US Data Privacy Framework.

For more information about Google Fonts

and the Google Privacy Policy

12. Forwarding of Application Data

Nejo collects your personal data exclusively from you. In some cases, we may need to share your data with others. We only share your personal data with authorities and public bodies to the extent required by law (for example, the data protection authority, courts, or labor chambers).

When you click the "Apply Now" button on Nejo, we always redirect you to the employer's original job posting. If you then submit your application there, the company to which you send your data is responsible for the further processing of your data.

13. Your Rights

You have various rights regarding the data we store about you:

  • Right of access: You can inquire at any time about what data we have stored about you.
  • Right to erasure: You can request the deletion of your data, provided no legal retention obligations apply.
  • Right to rectification: If your data is incorrect, you can request a correction at any time.
  • Right to data portability: You can request that we transfer your data to you or another controller in a common format.
  • Right to withdrawal and objection: You can withdraw any consent given at any time and object to data processing.
  • Right to restriction: You can request that we restrict the processing of your data.

13.1 AI-Specific Rights

In addition to GDPR rights, you have the following rights with regard to the "Resume-Based Search" and "Apply with Resume" features:

  • Information about AI logic: Information about how our algorithms work
  • Bias complaint: Report suspected discriminatory treatment by the AI system
  • Human review: Request a manual review of AI recommendations
  • Transparency: Detailed information about the capabilities and limitations of the AI system
  • Withdrawal of AI processing including deletion of your resume and all data extracted from it

Where personal data is processed without identifiability (e.g. during anonymous use via third-party platforms such as ChatGPT), certain rights (e.g. access or deletion on an individual level) cannot be technically implemented. In these cases, the provisions of Art. 11 GDPR apply.

13.2 Right to Lodge a Complaint

If you believe that the processing of your data has violated data protection law, you have the right to lodge a complaint:

  • Directly with us by email at: hi@mynejo.com
  • With the competent data protection authority: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

You can reach the authority here.

  • EU AI Act: The relevant national supervisory authority for AI systems (details will be updated upon entry into force)

We take your concerns seriously and strive to address your requests as quickly as possible.

Thank you for entrusting us with your data!