VegaCareer AI

GDPR Compliance Agreement

Vega Career AI Services

Pipe Labs, LLC

Last Updated: 15th of June 2025

Table of Contents

  1. Introduction and Scope
  2. Data Controller Information
  3. Legal Basis for Processing
  4. Categories of Personal Data
  5. Data Processing Purposes
  6. Data Subject Rights
  7. International Data Transfers
  8. Data Retention
  9. Automated Decision Making and Profiling
  10. Data Security Measures
  11. Data Breach Procedures
  12. Cookie Policy and Consent
  13. Third Party Data Sharing
  14. Contact and Complaints

1. Introduction and Scope

This GDPR Compliance Agreement ("Agreement") applies to the processing of personal data of individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland ("EU Data Subjects") by Pipe Labs, LLC in connection with the Vega Career AI service.

This Agreement supplements our main Terms of Service and Privacy Policy and specifically addresses compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and related data protection laws.

By using Vega Career AI services, EU Data Subjects acknowledge and agree to the data processing practices described in this Agreement.

2. Data Controller Information

Data Controller:

  • Company Name: Pipe Labs, LLC
  • Address: 131 Continental Dr, Suite 305, Newark, DE 19713, United States
  • Email: info@pipelabs.xyz
  • EU Representative: [To be appointed if required under GDPR Article 27]

Data Protection Officer (DPO):

  • Contact: info@pipelabs.xyz
  • Note: DPO will be appointed when required under GDPR Article 37

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Contract Performance (Article 6(1)(b))

  • Providing Vega Career AI services
  • Processing payments and managing subscriptions
  • Account management and user authentication

3.2 Legitimate Interests (Article 6(1)(f))

  • Service improvement: Analyzing usage patterns to enhance AI algorithms
  • Security: Detecting and preventing fraud and security threats
  • Customer support: Responding to inquiries and technical issues
  • Business operations: Internal analytics and reporting

Balancing Test: We have conducted assessments to ensure our legitimate interests do not override your fundamental rights and freedoms.

3.3 Consent (Article 6(1)(a))

  • Marketing communications (where required)
  • Optional data processing for AI training
  • Cookies and tracking technologies (where required)
  • Data sharing with third-party job platforms

3.4 Legal Obligation (Article 6(1)(c))

  • Compliance with tax and accounting requirements
  • Responding to legal requests and court orders

4. Categories of Personal Data

4.1 Identity Data

  • Name, email address, phone number
  • Username and profile information
  • Authentication credentials

4.2 Professional Data

  • Employment history and experience
  • Educational background and qualifications
  • Skills, certifications, and competencies
  • Career goals and preferences
  • Resume and CV documents

4.3 Technical Data

  • IP address and device identifiers
  • Browser type and version
  • Operating system information
  • Usage analytics and interaction data

4.4 Communication Data

  • Messages sent through the platform
  • Customer support interactions
  • Feedback and survey responses

4.5 AI-Generated Data

  • Personalized career recommendations
  • Algorithm-generated insights and scores
  • Processed career matching results

Special Categories: We do not intentionally collect special categories of personal data (sensitive data) unless explicitly required for service provision and with your explicit consent.

5. Data Processing Purposes

5.1 Primary Service Delivery

  • AI-powered career guidance and recommendations
  • Resume optimization and enhancement
  • Job matching and opportunity identification
  • Interview preparation and coaching
  • Professional skill assessment

5.2 Platform Operations

  • User account management
  • Payment processing and billing
  • Customer support and communications
  • Service performance monitoring

5.3 AI Development and Improvement

  • Training machine learning algorithms (with anonymized data)
  • Improving recommendation accuracy
  • Developing new AI features
  • Quality assurance and testing

5.4 Legal and Compliance

  • Meeting regulatory requirements
  • Preventing fraud and abuse
  • Enforcing terms of service
  • Protecting intellectual property rights

6. Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

6.1 Right of Access (Article 15)

You can request:

  • Confirmation of data processing
  • Copy of your personal data
  • Information about processing purposes and recipients

6.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure (Article 17)

You can request deletion of your personal data when:

  • Data is no longer necessary for original purposes
  • You withdraw consent (where consent is the legal basis)
  • Data has been unlawfully processed
  • Erasure is required for legal compliance

Limitations: We may retain data when required for legal obligations or legitimate interests.

6.4 Right to Restrict Processing (Article 18)

You can request restriction when:

  • You contest the accuracy of data
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims

6.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format and have it transmitted to another controller.

6.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

6.7 Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to solely automated decision-making with legal or significant effects, including:

  • Right to human intervention
  • Right to contest the decision
  • Right to express your point of view

6.8 Exercising Your Rights

To exercise any of these rights:

  • Email: info@pipelabs.xyz
  • Subject Line: "GDPR Data Subject Request"
  • Response Time: Within 30 days (may be extended to 60 days for complex requests)
  • Verification: We may request identity verification for security purposes

7. International Data Transfers

7.1 Transfer Mechanism

Personal data of EU Data Subjects is transferred from the EEA to the United States. We ensure adequate protection through:

Standard Contractual Clauses (SCCs): We implement the European Commission's approved Standard Contractual Clauses for international transfers.

7.2 Safeguards

  • Technical Measures: Encryption, access controls, and security monitoring
  • Organizational Measures: Staff training, data processing agreements, and audit procedures
  • Legal Measures: Contractual obligations and compliance monitoring

7.3 Third Country Recipients

We may transfer data to:

  • Cloud service providers (with appropriate safeguards)
  • AI processing services (under strict data processing agreements)
  • Payment processors (with limited data sharing)

7.4 Transfer Impact Assessment

We conduct Transfer Impact Assessments (TIA) to evaluate the level of protection in destination countries and implement additional safeguards where necessary.

8. Data Retention

8.1 Retention Periods

  • Account Data: Retained w

[Sections 8.2 onwards, and sections 9 through 14 of the GDPR agreement continue here. The provided text was incomplete.]