Privacy Policy

Last updated: April 2026

1. Data Controller

RINKIS DARBĄ (rinkisdarba.lt), operated from Vilnius, Lithuania. Contact: info@rinkisdarba.lt.

2. Data We Collect

When you use RINKIS DARBĄ, we may collect:

  • Email address — required for registration and login.
  • Name — optional, used for display only.
  • Hashed password — stored using bcrypt; your original password is never stored.
  • Job preferences — target title, skills, location, salary expectations, seniority, remote preferences, and target industries you enter in your profile.
  • CV-extracted data — skills, work experience, education level, and career functions extracted from your CV using AI. The CV file itself is not stored after processing.
  • Employer reviews — text and ratings you submit about companies.
  • Saved jobs — job listings you bookmark.
  • Match feedback — thumbs up, thumbs down, or dismiss signals on job matches.
  • Email preferences — weekly email shortlist opt-in/out status.
  • Email confirmation status — whether your email has been confirmed and when.
  • Session data — login timestamps and session identifiers, used for authentication and security.
  • IP address — used for login rate limiting and security only; not used for tracking or analytics.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Art. 6:

  • Account registration, authentication, and profile management → Performance of contract (Art. 6(1)(b)).
  • CV processing and personalised job matching → Performance of contract (Art. 6(1)(b)) — you initiate this by uploading your CV.
  • Weekly email shortlist → Consent (Art. 6(1)(a)) — you opt in via Account Settings; you can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Market analytics and salary statistics → Legitimate interest (Art. 6(1)(f)) — providing aggregated market intelligence. No individual personal data is used in public analytics.
  • Security (rate limiting, session management, fraud prevention) → Legitimate interest (Art. 6(1)(f)).
  • Service improvement → Legitimate interest (Art. 6(1)(f)).
  • Compliance with legal obligations → Legal obligation (Art. 6(1)(c)).

We do not sell your data to third parties or use it for advertising.

4. AI Processing

When you upload a CV, its extracted text is sent to the Google Gemini API for skill and experience extraction. Only the text content is transmitted — the original file is never sent externally. Google processes this data as a data processor under their Cloud Data Processing Addendum. Your CV data is not used by Google or RINKIS DARBĄ to train AI models.

We also use AI (Google Gemini) to enrich job listing data: extracting skills, classifying job functions, inferring seniority levels, normalising salaries, and translating job titles. This processing applies to job listing content, not to your personal data.

We have assessed the data protection implications of our AI processing in accordance with GDPR requirements.

5. Automated Decision-Making and Profiling

In the interest of transparency (GDPR Art. 22 / Art. 13(2)(f)):

  • Match scores — when you upload a CV, our system automatically generates match scores for all active job listings. These scores reflect how closely a listing matches your profile based on skills, experience, seniority, and job function. Match scores are AI-assisted estimates — they do not determine your eligibility for any position.
  • Salary estimates — salary figures displayed on the platform are statistical calculations from aggregated listing data. They are estimates, not guarantees.

You are not subject to decisions based solely on automated processing that produce legal effects or similarly significant effects concerning you. Match scores and salary estimates are informational tools to help you discover relevant listings.

You can contact us at info@rinkisdarba.lt to request an explanation of how your match scores are generated or to raise any concerns about automated processing.

6. Analytics

We use Umami Cloud for aggregate traffic statistics. Umami is privacy-focused: it does not use cookies, does not collect personal data, and does not track individual users. We see page view counts and referral sources — nothing tied to individual users.

7. Cookies

We use two cookies, both strictly necessary for the service to function:

  • A session cookie (HttpOnly, Secure) that keeps you logged in.
  • A CSRF token cookie for security on form submissions.

We do not use any tracking, advertising, or analytics cookies. Because we use only strictly necessary cookies, no cookie consent banner is required under the Lithuanian Electronic Communications Law (Elektroninių ryšių įstatymas).

8. Data Storage and International Transfers

Your data is stored on a Hetzner Cloud server located in Helsinki, Finland (EU). Passwords are hashed with bcrypt and never stored in plain text. All connections to the site use HTTPS.

International transfers: When you upload a CV, the extracted text is transmitted to Google's API infrastructure for processing. Google is certified under the EU–US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795). Standard Contractual Clauses (SCCs) are also in place as a supplementary transfer mechanism.

Transactional emails are sent via Resend, a US-based service certified under the EU–US Data Privacy Framework with SCCs as backup.

Error monitoring data may be processed by Sentry (US-based, DPF-certified, SCCs in place). This data is technical in nature and may include IP addresses in error reports.

9. Data Retention

  • Account data — retained until you delete your account.
  • Account deletion — when you delete your account, all personal data (profile, CV data, saved jobs, reviews, feedback, preferences) is removed without undue delay, and no later than 30 days from your request, in accordance with GDPR Art. 17. Data in automated backups is overwritten on the next backup rotation cycle. We notify our processors (Google, Resend, Sentry) of deletion requests where applicable (GDPR Art. 19).
  • Job listing data — sourced from public job boards and does not contain personal data about job seekers. This data is retained indefinitely for historical market analysis purposes.
  • Session data — login sessions are automatically cleaned up periodically.

10. Your Rights (GDPR)

As a data subject under GDPR, you have the following rights:

  • Access (Art. 15) — download all your data as JSON via Account Settings → Export Your Data.
  • Erasure (Art. 17) — permanently delete your account and all associated data via Account Settings → Delete Account.
  • Rectification (Art. 16) — edit your profile and preferences at any time via your Profile.
  • Portability (Art. 20) — your data export is provided in machine-readable JSON format.
  • Restriction (Art. 18) — request restriction of processing by contacting info@rinkisdarba.lt.
  • Objection (Art. 21) — object to processing based on legitimate interest by contacting info@rinkisdarba.lt.
  • Withdraw consent (Art. 7(3)) — you may withdraw consent at any time (e.g. unsubscribe from weekly emails via Account Settings). Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Complaint — you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (VDAI):
    Valstybinė duomenų apsaugos inspekcija, L. Sapiegos g. 17, 10312 Vilnius
    ada@ada.lt · https://vdai.lrv.lt
    Under Lithuanian law (ADTAĮ), you are encouraged to contact us first to resolve the matter directly before filing with VDAI.

To exercise any of these rights, contact us at info@rinkisdarba.lt. We will respond within 30 days.

11. Third-Party Services

  • Google Gemini API — AI processing of CV text (skills/experience extraction) and job listing enrichment. Processes: extracted CV text and public listing content. Location: Google Cloud infrastructure (DPF-certified, SCCs in place).
  • Resend — transactional email delivery. Processes: your email address, email content. Purpose: password resets, email confirmations, weekly job match shortlists. Location: US (DPF-certified, SCCs in place).
  • Sentry — error monitoring. Processes: technical request data, which may include IP addresses. Purpose: identifying and fixing software errors. Location: US (DPF-certified, SCCs in place).
  • Umami Cloud — privacy-preserving analytics. Processes: no personal data; no cookies. Purpose: aggregate page view statistics.
  • Hetzner Cloud — server hosting. Location: Helsinki, Finland (EU). All platform data is stored on Hetzner infrastructure.
  • Zoho Mail — inbound email reception (info@rinkisdarba.lt). Processes: sender email addresses and message content. Purpose: handling contact enquiries. Location: EU data centres (GDPR compliance policy in place).

No data is shared with advertisers or data brokers.

12. Children

RINKIS DARBĄ is not intended for users under the age of 14. We do not knowingly collect personal data from children under 14.

If we become aware that we have collected personal data from a child under 14, we will delete it promptly.

13. Email Communications

Transactional emails (password resets, email confirmations) are sent as part of the service and do not require marketing consent.

Weekly job match shortlist is an opt-in feature. You can enable or disable it at any time via Account Settings. Your preference is stored and respected immediately.

We do not send unsolicited marketing emails. Your consent for the weekly shortlist is separate from your agreement to the Terms of Use and Privacy Policy.

Every email includes an unsubscribe link.

14. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of material changes. The date at the top of this page reflects when the policy was last revised.

15. Contact

RINKIS DARBĄ, Vilnius, Lithuania. Email: info@rinkisdarba.lt.

View Terms of Use →