Back to Home

PRIVACY POLICY

Effective date: [EFFECTIVE DATE]

This Privacy Policy explains how [COMPANY NAME] ("we", "us", "our") collects, uses, shares and protects personal data when individuals ("you", "users") use our online platform for creating, editing, storing and exporting curricula vitae (CVs) (the "Service").

We are committed to protecting your privacy and processing your personal data in compliance with Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR") and other applicable data protection laws in the European Union (EU) and European Economic Area (EEA).

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction and Scope

1.1. This Privacy Policy applies to all personal data processed in connection with:

  • your access to and use of our web-based CV creation platform and any future mobile applications;
  • your registration and use of a user account;
  • your interaction with us via email or other communication channels; and
  • any other related services that refer to or link to this Privacy Policy.

1.2. This Privacy Policy does not apply to:

  • third-party websites, services, or platforms that we do not own or control, even if you access them via links from our Service;
  • processing carried out independently by third-party recruitment platforms, employers, or others with whom you choose to share your CV.

1.3. In case of any conflict between this Privacy Policy and our Terms of Use, this Privacy Policy shall prevail with regard to the protection of personal data.

2. Who We Are (Controller)

2.1. The controller responsible for the processing of your personal data under this Privacy Policy is:

  • Controller: [COMPANY NAME]
  • Registered address: [FULL ADDRESS]
  • Country of main establishment in the EU: [COUNTRY]
  • Privacy contact email: [CONTACT EMAIL]

2.2. Data Protection Officer (DPO):

If we are required to appoint a Data Protection Officer or choose to do so voluntarily, the contact details are:

  • Data Protection Officer: [DPO NAME]
  • DPO contact email: [DPO EMAIL]

If no DPO is indicated above, you can direct all privacy-related inquiries to [CONTACT EMAIL].

3. What the GDPR Is and Your Basic Rights

3.1. The GDPR (Regulation (EU) 2016/679) is the main data protection law in the European Union. It sets rules on how organizations may process personal data and grants individuals specific rights regarding their personal data.

3.2. Under the GDPR, "personal data" means any information relating to an identified or identifiable natural person, such as name, contact details, identification numbers, online identifiers, or information relating to professional history.

3.3. In accordance with the GDPR, you have several rights in relation to your personal data, including:

  • the right of access to your personal data;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure ("right to be forgotten") in certain circumstances;
  • the right to restriction of processing in certain circumstances;
  • the right to data portability, to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller;
  • the right to object to certain processing activities (including, where applicable, to direct marketing);
  • the right to withdraw consent at any time, where processing is based on your consent;
  • the right to lodge a complaint with a supervisory authority.

More details and how to exercise these rights are provided in Section 11 below.

4. Legal Bases and Purposes of Processing

4.1. We only process your personal data where we have a valid legal basis to do so under Article 6 and, where applicable, Article 9 GDPR. Depending on the specific processing activity, we rely on one or more of the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR):
    To provide the Service to you, including enabling you to create, edit, store and export your CV, to manage your user account, and to provide customer support.
  • Compliance with a legal obligation (Article 6(1)(c) GDPR):
    To comply with obligations under applicable laws, such as accounting, tax, security or data protection requirements, and to respond to lawful requests from public authorities.
  • Legitimate interests (Article 6(1)(f) GDPR):
    To improve and secure our Service, prevent fraud and abuse, maintain our IT systems, perform analytics, and protect our rights and interests, provided that such interests are not overridden by your fundamental rights and freedoms.
  • Consent (Article 6(1)(a) GDPR):
    For certain processing activities, such as sending marketing communications (where required by law) or placing certain non-essential cookies or similar technologies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

4.2. Special categories of personal data (Article 9 GDPR):

Some information contained in CVs might reveal or allow inferences about special categories of personal data, such as trade union membership, religious or philosophical beliefs, health data, ethnic origin, or sexual orientation (for example, via voluntary memberships, associations, or descriptions of personal activities).

  • We do not require you to include any special category personal data in your CV and we discourage you from doing so unless strictly necessary for your intended use of the CV.
  • To the extent that you choose to include such data voluntarily, we will process it only as necessary to provide the Service (creation, storage, formatting and export of your CV) and based on your explicit consent (Article 9(2)(a) GDPR), which you give by actively providing such information and using the Service for that purpose.
  • You remain responsible for ensuring that you have a lawful basis to include any special category personal data, especially where it concerns third parties (see Section 6.4 and Section 9.3).

5. Personal Data We Collect

5.1. Mandatory account data (if you create an account):

  • First name
  • Last name
  • Email address
  • Password (stored in hashed form)
  • Country / region (if requested for account configuration)

5.2. Optional profile and contact data:

  • Address (street, number, postal code, city, country)
  • Phone number
  • Alternative contact details (if provided)

5.3. CV content data (which you may choose to input):

  • Current salary or salary expectations
  • Gender (if you choose to provide it)
  • Professional experience, including:
    • past and current employers,
    • job titles and functions,
    • employment dates,
    • responsibilities and achievements
  • Education and academic background:
    • schools, universities, training institutions,
    • degrees, diplomas, course titles,
    • dates of attendance
  • Languages and proficiency levels
  • Technical and soft skills (competencies and qualifications)
  • Certifications, training courses, professional licenses
  • Projects, publications, portfolio items, references
  • Other information related to your professional history and career objectives that you choose to include.

5.4. Potentially sensitive or inferred data:

Information from your CV content that could directly or indirectly reveal:

  • trade union membership;
  • religious or philosophical beliefs;
  • political opinions;
  • health data or disabilities;
  • ethnic or racial origin;
  • sexual orientation; or
  • other special categories of personal data.

You decide whether to include such data. We do not request it by default.

5.5. Usage data and technical data:

  • IP address and approximate location (derived from IP, where permitted by law);
  • device information (browser type and version, operating system, device identifiers);
  • access logs, usage logs and activity within the Service (e.g., login time, pages viewed, features used);
  • language preferences and time zone;
  • information collected via cookies and similar technologies (see Section 10).

5.6. Communication and support data:

  • Content of your communications with us (e.g., via email or in-app messaging);
  • Support requests, feedback, and related correspondence.

5.7. Payment and billing data (if applicable):

  • Billing name and address;
  • Partial payment information (processed mainly by our payment service providers, who act as separate controllers or processors);
  • Transaction details (date, amount, payment method, subscription plan).

6. How We Collect Personal Data

6.1. Data you provide directly:

  • When you create an account and fill in registration or profile forms;
  • When you use the CV builder to input or edit CV information;
  • When you contact us via email or support channels;
  • When you subscribe to newsletters or marketing communications (if applicable);
  • When you configure your account settings and preferences.

6.2. Data collected automatically:

  • Through cookies and similar tracking technologies placed on your device when you visit or use the Service;
  • Through server logs and technical monitoring tools that register usage events for security, analytics and troubleshooting.

6.3. Data from third parties:

Where allowed by law, we may receive limited information from payment providers or analytics providers (e.g. confirmation that a payment was successful, aggregated or pseudonymised usage statistics).

6.4. Data about third parties:

You may choose to include contact or reference information about third parties (e.g., referees, supervisors, colleagues) in your CV.

You are solely responsible for ensuring that:

  • you have a lawful basis (such as consent or another legal ground) to share such third-party data with us and with any recipients of your CV; and
  • such sharing complies with applicable data protection laws.

We process such third-party data only for the purpose of providing the Service to you.

7. How We Use Your Personal Data (Purposes)

We use your personal data for the following purposes, based on the legal bases indicated in Section 4:

7.1. Provision and operation of the Service:

  • Enabling you to register, log in, and maintain your account;
  • Allowing you to create, edit, store, duplicate, and format your CV(s);
  • Exporting your CV in various formats (e.g., PDF, DOCX) and via different channels (e.g., download, shareable link, integration with recruitment platforms);
  • Providing you with user instructions, tips, and help content;
  • Managing your subscription and payments (if applicable).

Legal basis: performance of contract; legitimate interest (service improvement and security).

7.2. Communications:

  • Sending transactional or service-related communications (e.g., account confirmation, password reset, important service notifications);
  • Responding to your inquiries and support requests;
  • Sending, where permitted, marketing or promotional communications regarding our services and features, subject to your consent where required and including opt-out options.

Legal basis: performance of contract; legitimate interests; consent (for certain marketing).

7.3. Service improvement and analytics:

  • Analysing usage patterns and feedback to improve existing features and develop new ones;
  • Performing aggregated or pseudonymised analytics to understand general trends and performance of the Service.

Legal basis: legitimate interests (improvement of our services).

7.4. Security, fraud prevention and compliance:

  • Protecting the security and integrity of our systems and Service;
  • Detecting and preventing misuse, fraud or other illegal activities;
  • Performing audits, logging and monitoring to ensure compliance and appropriate use;
  • Complying with legal obligations and responding to lawful requests from authorities.

Legal basis: legitimate interests; legal obligation.

7.5. Retention after account closure (limited circumstances):

  • Keeping minimal records necessary to comply with legal obligations (e.g., accounting, tax, fraud prevention);
  • Retaining certain log data for security, legal claims or dispute resolution, for a limited period.

Legal basis: legal obligation; legitimate interests (protection against legal claims).

8. Sharing of Personal Data with Third Parties

8.1. Service providers (processors):

We may share personal data with carefully selected third-party providers who help us operate and improve the Service. These may include:

  • Cloud hosting and infrastructure providers;
  • Data storage and backup providers;
  • Email delivery and communication service providers;
  • Analytics tools and monitoring services;
  • Payment processors and billing platforms (if applicable);
  • Customer support tools.

These third parties act as our processors under the GDPR and are contractually bound to:

  • process personal data only on our documented instructions;
  • implement appropriate technical and organizational security measures; and
  • ensure confidentiality and compliance with applicable data protection laws.

A current list or description of our main processors and sub-processors can be made available upon request to [CONTACT EMAIL].

8.2. Third parties with whom you choose to share your CV:

  • The Service allows you to download your CV, generate shareable links, or integrate with recruitment platforms or other third-party services, at your discretion.
  • We will only share your CV or make it accessible to third parties (e.g., employers, recruiters, job boards) when you actively choose to do so (for example, by generating a public link or exporting and submitting your CV).
  • Once you share your CV with a third party, that third party will process your data under its own privacy policies and legal responsibilities. We are not responsible for the privacy practices of such third parties.

8.3. Authorities and legal disclosures:

We may disclose personal data if we believe it is reasonably necessary to:

  • comply with applicable law or respond to valid legal process (e.g., court orders, supervisory authority requests);
  • enforce our Terms of Use;
  • protect our rights, property, or safety, or that of our users or the public.

8.4. Business transfers:

In the event of a merger, acquisition, reorganization, sale of assets, or insolvency event, personal data may be transferred as part of the relevant transaction, subject to appropriate safeguards and in compliance with the GDPR. We will inform you of any such changes where required by law.

9. International Data Transfers

9.1. We primarily store and process personal data within the EU/EEA, whenever feasible.

9.2. However, some of our service providers or group entities may be located, or may store data, in countries outside the EU/EEA that do not provide an equivalent level of data protection as the GDPR.

9.3. Where such transfers occur, we will ensure that appropriate safeguards are in place, such as:

  • an adequacy decision by the European Commission for the relevant country (Article 45 GDPR); or
  • Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46 GDPR), combined, where necessary, with additional safeguards.

9.4. You may request more information about the safeguards we use for international data transfers and obtain a copy of the relevant contractual protections by contacting us at [CONTACT EMAIL], subject to redaction of confidential information.

10. Retention Periods

10.1. We retain personal data for no longer than necessary for the purposes for which it was collected, in accordance with the principles of data minimisation and storage limitation under the GDPR.

10.2. Indicative retention periods:

  • Account data (such as name, email, hashed password): retained for the duration of your active account. If you request account deletion, we will delete or irreversibly anonymise this data, unless its retention is required by law or justified by legitimate interests (e.g., fraud prevention or legal claims).
  • CV content data: retained for as long as your account is active and you choose to keep the CV within your account. Upon account deletion or removal of a CV, the CV data will be deleted or anonymised, subject to applicable backup and log policies.
  • Backups: stored for a limited period strictly necessary for disaster recovery and business continuity (typically [BACKUP RETENTION PERIOD, e.g. 30–90 days]) and then automatically overwritten.
  • Log and security data: retained for a limited period (typically up to [LOG RETENTION PERIOD, e.g. 6–24 months]) as necessary for security, fraud prevention and system integrity, unless a longer retention is required in the context of legal proceedings or investigations.
  • Billing and transaction data: retained for the period required by applicable financial and tax laws (which may range from 5 to 10 years or more, depending on the jurisdiction).
  • Marketing data: retained until you withdraw your consent or object to the processing (unsubscribe), after which we will stop using your data for marketing and may keep a minimal record of your preference to ensure compliance.

10.3. When personal data is no longer needed, we will delete it or anonymise it in a secure manner.

11. Your Rights as a Data Subject

11.1. Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15 GDPR): to obtain confirmation whether we process your personal data and, if so, to receive a copy and further information about the processing.
  • Right to rectification (Article 16 GDPR): to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (Article 17 GDPR): to request the deletion of your personal data in certain circumstances (for example, when the data is no longer necessary for the purposes for which it was collected or when you have withdrawn your consent).
  • Right to restriction of processing (Article 18 GDPR): to request that we restrict the processing of your personal data in certain situations (e.g., while we verify the accuracy of the data or handle an objection).
  • Right to data portability (Article 20 GDPR): to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible and legally permissible.
  • Right to object (Article 21 GDPR):
    • to object, on grounds relating to your particular situation, to processing based on our legitimate interests;
    • to object at any time to processing for direct marketing purposes (including profiling related to direct marketing). In such cases, we will stop processing your data for marketing.
  • Right to withdraw consent (Article 7(3) GDPR): where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing performed before withdrawal.
  • Right to lodge a complaint: to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, your place of work, or the place of the alleged infringement. You may also contact the data protection authority in [COUNTRY], where [COMPANY NAME] is established.

11.2. How to exercise your rights:

  • You can often review and update certain personal data directly in your account settings;
  • For other requests or to exercise any of the rights above, you can contact us at [CONTACT EMAIL] or, where applicable, at the DPO contact provided in Section 2.2.

11.3. We may need to verify your identity before responding to your request, to protect your privacy and security. We will respond without undue delay and in any event within one month of receipt of your request, subject to extensions permitted by the GDPR.

11.4. In some cases, we may not be able to fully comply with your request, for example if:

  • the data is required to comply with a legal obligation, or
  • the data is necessary for the establishment, exercise or defence of legal claims, in which case we will inform you of the reasons, unless prohibited by law.

12. Information Security

12.1. We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in accordance with Article 32 GDPR.

12.2. Such measures may include, among others:

  • encryption of data in transit (e.g., HTTPS/TLS) and, where appropriate, at rest;
  • access controls, authentication and role-based permissions;
  • secure development and deployment practices;
  • regular security updates and patches;
  • backup and disaster recovery mechanisms;
  • staff training and confidentiality obligations for personnel who have access to personal data.

12.3. However, no system can be completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for:

  • keeping your login credentials confidential and secure;
  • using a strong, unique password and changing it regularly;
  • notifying us promptly at [CONTACT EMAIL] if you suspect any unauthorized access to your account.

13. Cookies and Similar Technologies

13.1. We use cookies and similar technologies (such as local storage or pixels) to:

  • enable core functionality of the Service (e.g., session management, authentication, security);
  • remember your preferences (such as language);
  • perform analytics on how the Service is used, so we can improve it;
  • where permitted, provide or measure the effectiveness of marketing.

13.2. Where required by applicable law, we will request your consent before setting non-essential cookies (e.g. analytics or marketing cookies). You can manage your cookie preferences through:

  • the cookie banner or consent manager presented when you first visit the Service or when settings change; and
  • your browser settings, where you may delete or block cookies.

13.3. Please note that disabling certain cookies may affect the availability or functionality of some features of the Service.

13.4. More detailed information may be provided in a separate Cookie Policy or cookie notice, which is incorporated by reference into this Privacy Policy.

14. Children's Privacy

14.1. The Service is not intended for children under [MINIMUM AGE UNDER LOCAL LAW, USUALLY 16] years of age, and we do not knowingly collect personal data from children below this age without appropriate parental consent where required by law.

14.2. If we become aware that we have collected personal data from a child below the relevant age without proper consent, we will take steps to delete such data as soon as reasonably practicable.

14.3. If you believe that a child has provided personal data to us, please contact us at [CONTACT EMAIL] so we can take appropriate action.

15. User Responsibility for Content and Third-Party Data

15.1. You are solely responsible for:

  • the accuracy, completeness and lawfulness of all information and content that you input, upload or otherwise provide to the Service, including the content of your CV;
  • ensuring that you have a valid legal basis to include any personal data of third parties in your CV (for example, referees' contact details).

15.2. You should avoid including unnecessary sensitive or special category personal data in your CV. If you choose to do so, you acknowledge that you are providing such data voluntarily and granting us explicit consent to process it strictly for the purpose of providing the Service.

15.3. If you include personal data of third parties in your CV, you confirm that:

  • you have informed those individuals about the nature and purpose of such inclusion;
  • you have obtained any necessary consent or have another appropriate legal basis for such processing;
  • you will comply with applicable data protection laws concerning those individuals.

16. Changes to This Privacy Policy

16.1. We may update this Privacy Policy from time to time, for example to reflect changes in our practices, the Service, or applicable laws.

16.2. When we make material changes, we will:

  • update the "Effective date" at the top of this Privacy Policy; and
  • provide you with an appropriate notice, such as a prominent notice within the Service or by email, where required by law.

16.3. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acknowledgement of the changes. If you do not agree to the updated terms, you should stop using the Service and may request deletion of your account.

17. Contact Details

For any questions, requests or concerns regarding this Privacy Policy or our processing of your personal data, you may contact:

  • Controller: [COMPANY NAME]
  • Address: [FULL ADDRESS]
  • Email: [CONTACT EMAIL]

If applicable:

  • Data Protection Officer (DPO): [DPO NAME]
  • DPO email: [DPO EMAIL]

You also have the right to lodge a complaint with your local supervisory authority or with the data protection authority in [COUNTRY].