Privacy Policy

1. Data Controller

Resential (Eenmanszaak) is the data controller responsible for processing your personal data. You can contact us at:

Address: Eikenweg 21B, 1092BX Amsterdam, Netherlands
KvK: 99423286
Email: [email protected]
Phone: 0615574740

2. Personal Data We Collect

2.1 Information You Provide

When creating your resume, we collect:

• Personal Information: Full name, email address, phone number, location/city
• Professional Information: Work experience (companies, job titles, dates, accomplishments), education (schools, degrees, dates), skills, LinkedIn profile URL (optional), portfolio URL (optional)
• Target Job Information: Target company and position you're applying for
• Q&A Responses: Your answers to AI-generated questions about your experience (up to 5,000 characters each)
• Contact Form Data: Name, email, subject, message when you contact support

2.2 Information We Collect Automatically

• Session Cookies: A unique identifier (cookie ID) to maintain your resume session
• IP Address: Your internet protocol address for security and spam prevention
• User Agent: Browser and device information for technical support
• Referrer URL: The website you came from (for marketing attribution)

2.3 Information from Third Parties

If you provide a LinkedIn profile URL and consent to LinkedIn scraping, we use RapidAPI to retrieve your public LinkedIn profile data (name, headline, work experience, education, skills). This is only done with your explicit consent.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

4. Sharing Your Personal Data

We share your personal data with the following third-party service providers (processors):

International Transfers: Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

5. Data Retention

We retain your personal data for the following periods:

• Resume Data: 60 days after creation, then automatically deleted
• AI Conversation Logs: 60 days, then automatically deleted
• Contact Form Submissions: 60 days, then automatically deleted
• Payment Records: 2555 days (approximately 7 years) for accounting and legal compliance
• Session Cookies: 1 year or until you clear your browser cookies
• Laravel Session Data: 120 minutes of inactivity, then automatically cleaned up

After these retention periods, your data is permanently deleted from our systems through automated processes that run daily.

6. Cookies and Tracking

We use strictly necessary cookies to provide our service. We do not use analytics or marketing cookies.

For detailed information about the cookies we use, please see our Cookie Policy.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Art. 15): You can request a copy of the personal data we hold about you
• Right to Rectification (Art. 16): You can correct inaccurate or incomplete data. You can edit your resume before payment using our edit interface
• Right to Erasure (Art. 17): You can request deletion of your personal data, subject to legal retention requirements
• Right to Restriction (Art. 18): You can request that we limit how we use your data
• Right to Data Portability (Art. 20): You can receive your data in a structured, machine-readable format
• Right to Object (Art. 21): You can object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): You can withdraw consent for AI processing at any time, though this will prevent us from completing your resume

To exercise any of these rights, please email us at [email protected] with the subject line "Privacy Request". We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all data transmission
• Secure cookie settings (HttpOnly, Secure, SameSite)
• CSRF protection against cross-site request forgery
• Stripe's PCI-DSS compliant payment processing (we never store credit card data)
• Webhook signature verification for payment callbacks
• Regular security updates and patches

9. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top indicates when the policy was last updated. We will notify you of material changes by email or prominent notice on our website.

11. How to Complain

If you have concerns about how we handle your personal data, please contact us first at [email protected]. We will investigate and respond to your complaint.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Website: autoriteitpersoonsgegevens.nl

12. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: [email protected] (Subject: "Privacy Request")
Phone: 0615574740
Address: Eikenweg 21B, 1092BX Amsterdam, Netherlands