EU AI Act & GDPR Transparency Notice

This notice explains how WE HUMAN, MB uses artificial intelligence within its platform, which AI systems are deployed, how they are classified under the EU AI Act (Regulation (EU) 2024/1689), and what rights you have. It supplements our Privacy Policy.

The EU AI Act classifies AI systems by risk level. Hiring and employment-related AI is explicitly listed as high-risk under Annex III, point 4 of the Regulation. Happr acknowledges this classification and applies the corresponding obligations.

2.1 AI systems we operate

2.2 High-risk obligations we apply

Pursuant to EU AI Act Articles 9–17 we maintain:

• Risk management system — documented assessment of foreseeable risks including discrimination, inaccuracy, and misuse, reviewed at least annually.
• Data governance — training and validation data for matching models is reviewed for demographic bias before model updates are deployed.
• Technical documentation — internal documentation of model architecture, training data sources, performance benchmarks, and known limitations, available to supervisory authorities on request.
• Record-keeping — automated logs are kept for each matching decision for a minimum of 3 years, recording inputs, outputs, and the human decision that followed.
• Transparency — users are informed whenever they interact with AI-generated content or AI-derived assessments (this notice, in-app labels).
• Human oversight — all high-risk AI outputs are flagged as AI-generated in the UI, and Hirers are required to confirm they have reviewed outputs before finalising a hire.
• Accuracy, robustness, and cybersecurity — continuous monitoring of model accuracy metrics; anomalous output rates trigger human review.

Happr does not use and will never use AI systems that:

• Employ subliminal manipulation or exploit vulnerabilities of individuals.
• Perform social scoring of natural persons for general purposes.
• Use real-time biometric identification in publicly accessible spaces.
• Infer sensitive attributes (race, religion, political opinion, sexual orientation) from CV or profile data.

Where Happr uses generative AI (task brief suggestions, submission summaries), the output is visibly labelled "AI-generated" or "AI-assisted" in the interface. Users are never left unaware that they are interacting with AI-produced content.

The EU AI Act operates alongside, and does not replace, GDPR obligations. For automated processing of personal data that significantly affects individuals, we apply GDPR Article 22 safeguards:

• No purely automated decisions with legal effect. Every matching recommendation requires a human Hirer to confirm before a candidate is advanced or rejected.
• Right to explanation. Any Candidate may request a plain-language explanation of why they were (or were not) presented to a Hirer by emailing privacy@happr.dev.
• Right to human review. Any Candidate may contest an AI-derived assessment and request that a Happr team member manually reviews and if necessary corrects it.
• Right to object. You may opt out of AI-assisted matching entirely. This will reduce the visibility of your profile to Hirers but will not prevent you from applying to tasks manually.

We do not ask for or intentionally collect special category data (Art. 9 GDPR) such as racial or ethnic origin, health data, or trade union membership. If such data appears incidentally in a CV or submission, it is not processed for matching purposes and is subject to immediate deletion on request.

Our CV parsing model is instructed to extract only professional and technical attributes. Regular audits verify that outputs do not include inferred sensitive attributes.

Happr uses the following third-party AI services in its pipeline:

We do not use AI providers that train on customer data by default. All provider agreements include a zero-training-on-inputs clause or are configured to opt out of model training.

Happr recognises that AI matching systems can perpetuate or amplify historical hiring biases. We take the following steps to mitigate this:

• Matching is based on demonstrated task output and measurable technical skills — not CV formatting, photo, or name.
• Periodic statistical audits compare match rates across demographic proxies (where data is available and consented to) to detect disparate impact.
• Hirers are shown candidate profiles with a randomised ordering within the same score band to prevent position bias.
• Audit findings are reviewed by a designated team member and, if material disparities are found, model retraining is initiated within 30 days.

In addition to standard GDPR rights (see our Privacy Policy), you may:

• Request a copy of any AI-generated assessment of your profile.
• Request correction of inaccurate AI-derived attributes (e.g. incorrectly parsed skills).
• Request that your profile be excluded from AI-assisted matching.
• Lodge a complaint regarding an AI decision to the Lithuanian SDPI (vdai.lrv.lt) or the relevant supervisory authority in your country.

Contact: privacy@happr.dev. We respond within 30 days.

Questions about this notice or our AI practices should be directed to privacy@happr.dev.

As a provider of high-risk AI in the EU, Happr will register the above systems in the EU AI Act public database (Article 71) once the relevant provisions become applicable to our risk class.