Publushed: December 2, 2025.
Effective: December 2, 2025.
1.
INTRODUCTION
This Privacy Notice (“Notice”) explains how Apliteni OÜ (“Apliteni”, “we”, “us”, “our”) collects, uses, and protects personal data in connection with your use of our corporate website https://apliteni.com (the “Website”) and during recruitment activities. We act as a data controller under the General Data Protection Regulation (GDPR) for all personal data described in this Notice. For any questions or concerns, you may contact us at privacy@apliteni.com.
2.
MODIFICATIONS TO THIS NOTICE
We reserve the right to amend this Notice at any time. Should any material changes be made, we will provide notice on our Website or by other means of communication to provide you with an opportunity to review the changes before they become effective.
3.
CATEGORIES OF DATA WE COLLECT
We process the following types of personal data:
a) Website visitors Device and browser information, IP address, cookies (via Cookiebot consent banner). Pages visited, time of access, referring URLs.
b)Contact forms Name, company, email address, phone number, message content.
c) Job applicants CVs, cover letters, employment history, education, skills, portfolio links. Contact details (email, phone, address) provided in the application. We do not intentionally collect or process special categories of personal data (sensitive data) via the Website.
4.
PURPOSES AND LEGAL BASIS OF PROCESSING
We process your personal data for the following purposes:
Purpose
Data
Legal Basis
Retention
Provide and secure the Website
Logs, IP, cookies
Legitimate interest (Art. 6(1) (f) GDPR)
Up to 12 months
Analytics and performance
Cookies, usage data
Consent (Art. 6(1) (a))
Up to 12 months
Respond to contact requests
Contact details, message
Contract / legitimate interest
Until query is resolved + 2 years
Recruitment (evaluate applications, manage hiring)
CV, contact info, experience
Contract (Art. 6(1) (b)) and legitimate interest (Art. 6(1) (f))
Up to 6 months after the position is filled
Talent pool
CV, application data
Consent (Art. 6(1) (a))
Up to 3 years with explicit consent
You can withdraw consent at any time by emailing privacy@apliteni.com.ocess your personal data for the following purposes:
5.
DATA STORAGE AND TRANSFERS
The Website is hosted on secure servers operated by a third-party hosting provider.
Recruitment data is stored in ClickUp, which is hosted on Amazon Web Services (AWS). Default data residency for EU-based workspaces is the EU (Dublin, Ireland) region. Where personal data is transferred outside the EU (e.g. AWS regions in the US), we rely on SCCs and ClickUp’s Data Processing Addendum.
Some service providers (e.g., hosting or recruitment tooling infrastructure) may process data outside the EU/EEA. Where such transfers occur, we implement appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), and assess supplementary measures as needed.
6.
ACCESS TO PERSONAL DATA
Personal data is accessible only to authorized personnel:
a) People Ops (recruitment data), and authorized contractors/consultants involved in hiring.
b) IT/marketing staff (website logs/analytics). We do not sell or rent personal data to third parties.
7.
RETENTION AND DELETION
Job applications: retained for up to 6 months after the position is filled.
Talent pool: retained up to 3 years with explicit consent.
Contact form submissions: retained until your query is resolved, then up to 2 years.
Website logs/cookies: up to 12 months as stated in Section 4.
You may request deletion at any time via privacy@apliteni.com
Retention and deletion practices may be updated if new tools or processes are introduced.
8.
YOUR RIGHTS
Under GDPR, you have the right to: access your personal data; rectify inaccurate data; erase data (“right to be forgotten”); restrict processing; data portability; object to processing (including for analytics/marketing); withdraw consent at any time; and lodge a complaint with a supervisory authority.
Requests: privacy@apliteni.com. We typically respond within 30 days (or up to 60 days for complex requests, with notice).
Our lead supervisory authority under the GDPR is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), with whom you have a right to lodge a complaint.
9.
COOKIES
We use Cookiebot to manage cookie consent in compliance with GDPR. Strictly necessary cookies are always active. Analytics cookies are optional and require your prior consent.
You can change or withdraw consent via the cookie banner or browser settings.
10.
SECURITY MEASURES
We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, and monitoring. ClickUp and AWS provide GDPR-aligned security controls.
In the unlikely event of a personal data breach, we will notify the competent supervisory authority within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Should the breach be likely to result in a high risk to your rights and freedoms, we will communicate the breach to you without undue delay.
11.
DISCLAIMER
This Notice is provided for transparency and compliance with GDPR. It does not form part of any contract between you and Apliteni, except to the extent required by applicable data protection law.
