Privacy policy | Hannah Ibawi RH

Last updated: 30 March 2026. This document supplements the terms of use and the disclaimer. It describes how Hannah Ibawi RH processes personal data in connection with the hannahibawi.com website and related services (forms, candidate and recruiter areas, applications, and any online assessment tools).

1. Data controller

The controller of processing carried out through the website is Hannah Ibawi RH, a recruitment and human resources consulting firm. Contact details are on the Contact page. For any question about this policy or your data, write to the email address shown there, stating the subject of your request.

2. What data may we collect?

Depending on interactions (browsing, forms, account creation, applications, recruiter area, email or phone exchanges related to the site), we may process in particular:

Identification and contact data: name, email address, phone number, job title, company;
Account data: login identifiers and profile data for the candidate or recruiter area;
Application and professional data: CV, cover letter, career information, responses to questionnaires or assessments where used in the process;
Technical data: logs and trackers strictly necessary for the operation and security of the site (see cookies section);
Message content sent via forms or contact channels.

Users should only provide data relevant to their request and avoid sharing special categories of data (health, origin, opinions, etc.) unless necessary for recruitment or the professional relationship and, where applicable, with the safeguards required by law.

3. Purposes and legal bases

Data is processed for specific purposes, including:

Site and request management: responding to messages, handling applications and information requests;
Account and online services: authentication, application tracking, posting or managing job offers as shown on the site;
Recruitment and firm assignments: assessing profiles, arranging interviews or assessments, liaising with employers within the scope of the mandate;
Legal obligations where they apply;
Security and abuse prevention: technical logs, fraud prevention and unauthorised access;
Service improvement in line with applicable law (analytics or statistics where non-essential trackers are used, with consent where required).

Legal bases may include pre-contractual or contractual measures, the firm’s legitimate interests (where proportionate), compliance with legal obligations, or, where applicable, your consent (e.g. for certain cookies or communications).

4. Recipients and processors

Data is primarily accessed by authorised staff at Hannah Ibawi RH in the course of their duties. Where necessary and proportionate, hosting, email, technical maintenance or business tool providers (processors bound by confidentiality and security obligations), and employers or partners involved in a recruitment process, may also receive data only to the extent required for the assignment.

We do not sell personal data to third parties for unrelated commercial purposes.

5. Retention periods

Data is kept for as long as needed for the purposes pursued, plus any statutory limitation periods where applicable. Indicatively: application and recruitment data may be retained for the time needed to process files and meet obligations; inactive account data may be deleted or anonymised after a reasonable period defined by the firm and communicated where appropriate; technical logs are kept for a limited security-related period.

6. International transfers and hosting

Primarily, processing and the reference legal framework sit in an African context (Malabo Convention, national laws of the states concerned). However, for international recruitment or assignments — where candidates, employers or providers are outside Africa or tools are used in other regions — personal data may be hosted, accessed or processed outside the country of usual residence, including in the European Union, Canada or the United States.

In all cases, the firm implements appropriate safeguards (contractual clauses, recognised compliance mechanisms, or other measures provided by applicable law), in line with the regulation applicable to the processing: for example the GDPR and related instruments where EU law applies, Canadian personal information protection laws (federal or provincial as relevant), or US rules (federal, state or sector frameworks). Where transfers to countries without an equivalent level of protection are required, additional measures may be applied as required by law.

7. Your rights

Under the African Union Convention on Cyber Security and Personal Data Protection, adopted on 27 June 2014 in Malabo (the “Malabo Convention”, in force for the African Union from 8 June 2023), processing of personal data must strengthen fundamental rights and public freedoms, in particular privacy, in line with the African Charter on Human and Peoples’ Rights. States undertake to put in place appropriate national law; specific rights are therefore exercised under the applicable national law of the country concerned (including Cameroon, Côte d’Ivoire, or another African state where you live or where the relationship with the firm is carried out).

The Convention (data protection chapter II, articles 9–23) sets out controllers’ obligations and guarantees for data subjects. Without replacing the full legal text and national implementation, the following standards reflect the continental framework:

Information and transparency: transparency of processing (including under Article 13 of the Convention: lawfulness, fairness, purpose, accuracy, transparency and confidentiality);
Consent and lawfulness: where processing is consent-based, consent must be obtained in accordance with the Convention and national law;
Right of access to your data and right to rectification where data are inaccurate or incomplete;
Right to object in the cases and under the conditions set by applicable law;
Right to erasure (“right to be forgotten”) or restriction of processing, where the conditions under national law are met;
Complaints: the Convention provides for national authorities for personal data protection (including around Article 11 on independent supervisory authorities). You may contact the competent authority in your country under applicable law.

To exercise your rights with Hannah Ibawi RH, write to the contact details on the Contact page. We will respond within the time limits set by applicable law. Additional rights may arise under national laws in the countries where we operate; for international assignments, EU, Canadian or US law may also apply where processing is subject to those jurisdictions; we assess each request against the relevant texts.

8. Cookies and trackers

A consent banner appears on first visit (or until a choice is saved): you can accept or refuse “optional” trackers. Strictly necessary cookies (session, security, storing your consent preferences in the browser) are used without prior consent, within regulatory limits.

With your agreement, the site may load performance measurement scripts (Core Web Vitals) from our own servers, without advertising or third-party profiling. You can change your choice at any time via “Cookie preferences” in the site footer (when available). You may also restrict cookies in your browser settings, subject to the site working correctly.

9. Security

The firm applies appropriate technical and organisational measures (restricted access, passwords, secure connections where used, professional-grade hosting) to protect data against accidental or unlawful destruction, loss, alteration or unauthorised access. No system is perfectly secure on the internet; users should protect their credentials and report any anomaly.

10. Changes to this policy

This policy may be updated to reflect legal, technical or organisational changes. The last updated date appears at the top of the page. Material changes may be announced on the site or, where required by law, by an appropriate notice to affected individuals.

11. Contact

For data protection questions, use the site’s Contact page.