Coreblue Global

Data Protection Policy

Last updated: January 7, 2026

Data Protection Principles

Coreblue Global is committed to protecting the personal data of all candidates, clients, and partners in compliance with applicable data protection laws, including GDPR principles and Indian data protection regulations. We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and in a transparent manner
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only
  • Data Minimization: Only data adequate, relevant, and necessary for the stated purpose is collected
  • Accuracy: Data is kept accurate and up-to-date; inaccurate data is erased or corrected promptly
  • Storage Limitation: Data is retained only as long as necessary for the purposes for which it was collected
  • Integrity and Confidentiality: Data is processed securely with appropriate technical and organizational measures
  • Accountability: We demonstrate compliance with these principles and are accountable for data processing activities

Types of Data Collected

In the course of our recruitment services, we collect and process the following categories of personal data:

Candidate Data:

  • Personal Information: Name, date of birth, nationality, gender, marital status
  • Contact Details: Email address, phone number, residential address
  • Employment History: Previous employers, job titles, work experience, skills, qualifications
  • Educational Records: Degrees, diplomas, certifications, training records
  • Medical Information: GAMCA medical fitness certificates (for Gulf deployment)
  • Identity Documents: Passport copies, PAN card, Aadhaar, voter ID, police clearance certificates
  • Financial Information: Bank account details (for salary transfers), tax information
  • Visa & Immigration Data: Visa applications, work permits, travel history

Client Data:

  • Company name, business address, contact details
  • Authorized representative information
  • Job requirements, workforce needs, organizational structure
  • Contract terms, payment information

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent: You have given explicit consent for processing your data for specific recruitment purposes
  • Contractual Necessity: Processing is necessary to fulfill our contractual obligations (employment placement, visa processing)
  • Legal Obligation: Processing is required to comply with laws (MEA regulations, embassy requirements, tax laws)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (candidate matching, client servicing, fraud prevention)

Data Subject Rights

Under applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure (Right to be Forgotten): Request deletion of your data under certain conditions
  • Right to Restriction of Processing: Request limitation on how we use your data in specific circumstances
  • Right to Data Portability: Request transfer of your data to another service provider in a structured format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@biojobz.com. We will respond to your request within 30 days.

Data Security Measures

We implement robust technical and organizational security measures to protect personal data:

  • Encryption: Data in transit is encrypted using SSL/TLS protocols; sensitive data at rest is encrypted
  • Access Controls: Role-based access controls ensure only authorized personnel can access data
  • Secure Storage: Physical documents are stored in locked cabinets; digital data is stored on secure, password-protected servers
  • Regular Backups: Data is backed up regularly to prevent loss
  • Employee Training: Staff undergo regular data protection and security training
  • Confidentiality Agreements: All employees sign confidentiality and non-disclosure agreements
  • Third-Party Audits: Regular security audits and vulnerability assessments

International Data Transfers & Safeguards

As an international recruitment agency, we may transfer personal data to destination countries for employment placement. We ensure adequate protection through:

  • Standard Contractual Clauses: Contracts with overseas employers include data protection provisions
  • Adequacy Decisions: Transfers to countries recognized as having adequate data protection levels
  • Explicit Consent: Candidates provide informed consent for data transfer necessary for employment placement
  • Encryption: Data transferred internationally is encrypted during transit
  • Monitoring: We monitor compliance of overseas employers with data protection commitments

Data Retention Periods

We retain personal data only for as long as necessary:

  • Active Candidates: Data retained for 2 years from last contact or application
  • Placed Workers: Employment records retained for 7 years post-placement (for legal compliance and warranty obligations)
  • Unsuccessful Candidates: Data retained for 1 year, then deleted unless consent is provided for longer retention
  • Client Data: Retained for duration of business relationship plus 5 years for contractual and legal purposes
  • Financial Records: Retained for 7 years as required by tax laws

After retention periods expire, data is securely deleted or anonymized.

Third-Party Data Processors

We may share data with trusted third parties who assist in our operations:

  • GAMCA Medical Centers: For medical fitness assessments
  • Visa Processing Agencies: For visa application and document attestation
  • Background Verification Services: For police clearance and employment verification
  • IT Service Providers: For cloud storage, email services, and database management
  • Legal and Accounting Firms: For compliance and financial services

All third-party processors are bound by data processing agreements and required to maintain equivalent data protection standards.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify affected individuals within 72 hours of becoming aware of the breach
  • We will report the breach to relevant data protection authorities as required by law
  • We will provide details of the breach, potential consequences, and measures taken to mitigate harm
  • We will offer support and guidance on steps you can take to protect yourself

Updates to This Policy

We may update this Data Protection Policy periodically to reflect changes in our practices, legal requirements, or services. Material changes will be communicated via email or website notice. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact for Data Privacy Inquiries

Data Protection Officer
Coreblue Global
By Medulla Recruitment Services Pvt. Ltd.
702, Supreme HQ, Baner, Pune, Maharashtra, India

Privacy Email: privacy@biojobz.com
General Email: ganesh.bd@biojobz.com
Phone: +91 90497 32444