Privacy Policy

privacy policy

Privacy Policy

Workdune (“Workdune”, “we”, “us”, “our”) operates the Workdune platform (the “Service”). We are committed to protecting your personal data and processing it in a transparent and lawful manner in accordance with the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and the rights you have.

Controller: Workdune Supervisory Authority (DK): Datatilsynet (www.datatilsynet.dk)

Last updated: August 26, 2025

1. Who this policy applies to

  • Candidates using Workdune to create profiles, upload CVs, and get matched to jobs.
  • Companies using Workdune to post jobs and receive candidate matches.
  • Visitors to our website and landing pages.

2. What data we collect

2.1 Account & Profile Data

  • Identification (name, email, password hash, user type).
  • Contact information (phone, location/timezone if provided).
  • Preferences (language, communication settings).

2.2 Candidate Data

  • CV/Resume content (experience, education, skills, certifications, languages, links).
  • Derived data generated by our AI match & parsing features (standardized skills/titles, seniority level, summaries, tags, match scores).
  • Application data (applied roles, status, notes, messages).

2.3 Company Data

  • Company profile (name, domain, contact, billing contact).
  • Job posts (titles, descriptions, requirements, salary ranges, locations).
  • Team members and hiring preferences.

2.4 Usage & Technical Data

  • Device, browser, IP address, timestamps, pages viewed, referral source.
  • Log data for security and debugging (error traces, API usage).
  • Cookie identifiers and similar (see Cookie Policy).

2.5 Communications

  • Emails, messages, notifications, and call/SMS metadata if you use built-in communications.

We do not collect special categories of personal data unless you voluntarily provide them (e.g., in your CV). Please avoid including sensitive data not necessary for job applications.

3. Why we process data (Purposes & Legal Bases)

| Purpose | Examples | Legal Basis | |---|---|---| | Provide & operate the Service | Account creation, login, profile management, job posting | Art. 6(1)(b) GDPR (contract) | | AI parsing & matching | Standardize CV data, derive skills, compute match scores | Art. 6(1)(b) (contract); Art. 6(1)(f) (legitimate interest to improve matching) | | Communications | Transactional emails, candidate ↔ company messaging | Art. 6(1)(b) | | Improvement & security | Analytics, troubleshooting, preventing abuse/fraud | Art. 6(1)(f) | | Legal & compliance | Record keeping, tax, responding to authorities | Art. 6(1)(c) | | Marketing (non-essential) | Newsletters, product updates, retargeting | Art. 6(1)(a) (consent) | | Cookies/analytics (non-essential) | Measuring engagement and performance | Art. 6(1)(a) (consent) |

Where we rely on legitimate interests, we have conducted a balancing test and believe our interests are not overridden by your rights and freedoms.

4. How we use AI and automated processing

We use AI models to:

  • Parse CVs to extract experience, education, and skills.
  • Normalize titles/skills and create short summaries.
  • Compute job-to-candidate match scores.

Human oversight: Matches assist recruiters/candidates but final decisions are made by humans (companies choose whom to contact/interview). You may request human review, express your point of view, and contest a decision that is based solely on automated processing producing legal or similarly significant effects.

5. Who we share data with

5.1 Processors (Service Providers)

We use vetted providers for hosting, storage, analytics (consent-based), communications (email/SMS/calling), logging, and security. They process data strictly per our instructions under Data Processing Agreements.

5.2 Companies (when you apply or opt to share)

  • If you apply to a job, or explicitly share your profile or allow introductions, we disclose the relevant candidate data to the hiring company.
  • We do not share your full CV or contact details with companies unless you apply/share or otherwise consent.

5.3 Legal and Safety

We may disclose information if required by law, to protect our rights, users, or the public, or to detect/prevent fraud, abuse, or security incidents.

We do not sell personal data.

6. International transfers

Where data is transferred outside the EEA, we rely on:

  • Adequacy decisions (Art. 45), or
  • Standard Contractual Clauses (Art. 46), plus supplementary measures where required.

You can request a copy of applicable safeguards by contacting Workdune through the platform support channels.

7. Retention

We keep personal data only as long as necessary for the purposes described above:

  • Account data: retained while your account is active; deleted or anonymized within a reasonable period after closure.
  • CV & candidate profile data: retained while your account is active or until you delete it.
  • Company/job post data: retained while the employer account is active or as legally required.
  • Logs & security data: typically 6–24 months unless needed longer for investigations.
  • Marketing data: until you withdraw consent or object.
  • Cookies: per the durations listed in the Cookie Policy.

We may retain minimal information to comply with legal obligations or to resolve disputes.

8. Your rights (GDPR)

Subject to conditions and exceptions, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase data (“right to be forgotten”).
  • Restrict processing.
  • Data portability (receive data in a structured, commonly used format).
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent at any time for consent-based processing (e.g., marketing, non-essential cookies).

To exercise your rights, contact Workdune through the available support channels in the platform. You also have the right to lodge a complaint with Datatilsynet (www.datatilsynet.dk).

9. Security

We use administrative, technical, and organizational measures appropriate to the risk, including:

  • Encryption in transit; strong authentication; access controls (least privilege).
  • Monitoring, logging, and regular reviews.
  • Vendor assessments and contractual safeguards.

No system is perfectly secure; please use a strong, unique password and keep your credentials confidential.

10. Children

Our Service is not intended for children under 16. If you believe a child has provided us personal data, contact us and we will take appropriate steps.

11. Third-party links

Our website may contain links to third-party sites. Their privacy practices are governed by their own policies. We are not responsible for those sites.

12. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the updated version with a new “Last updated” date. Where appropriate, we will notify you by email or in-app notice.

13. Contact

If you have questions or concerns about this policy or our data practices, contact:
Contact: Workdune support team