Privacy Policy

Data Controller vs Data Processor

[Draft — pending legal review] For candidate and recruiter data entered into a customer workspace, the customer company determines the purposes and means of processing and acts as the data controller. LandingRoom processes that data only to provide the service and acts as the data processor.

LandingRoom may act as an independent controller for limited business data such as billing, account administration, service communications, and compliance records.

Categories of Data Processed

[Draft — pending legal review] LandingRoom may process recruiter PII such as names, work email addresses, roles, authentication details, and activity metadata; candidate PII such as names, contact details, CV text, employment history, education, and profile materials; and application data such as pipeline status, notes, uploaded documents, room content, communications, evaluations, and engagement signals.

Lawful Basis Per Category

[Draft — pending legal review] Customers are responsible for identifying the lawful basis for processing candidate and recruiter personal data in their role as controller. Typical bases may include legitimate interests, contract steps requested by the candidate, consent where required, and legal obligations. LandingRoom relies on customer instructions when acting as processor and may rely on contract performance, legitimate interests, and legal obligations for its own controller activities.

Data Retention

[Draft — pending legal review] Customer workspace retention is [Customer-configurable; default TBD]. LandingRoom will retain customer data according to the customer's configured settings, contractual requirements, and legally required retention obligations.

Sub-processors

[Draft — pending legal review] LandingRoom uses selected sub-processors to provide hosting, storage, email, AI processing, and import features. The current list is available on the sub-processors page.

Data Subject Rights

[Draft — pending legal review] Data subjects may have rights to access, rectification, erasure, portability, restriction, objection, and other rights under applicable law. Where LandingRoom acts as processor, it will assist the relevant customer controller in responding to valid requests.

International Transfers

[Draft — pending legal review] Some service providers may process data outside the European Economic Area. Where required, LandingRoom relies on appropriate safeguards such as Standard Contractual Clauses and transfer risk assessments.

Security Measures

[Draft — pending legal review] LandingRoom applies technical and organizational measures designed to protect personal data, including encryption in transit, storage protections, authentication, and role-based access controls. More detail is available on the security page.

DPO Requests

[Draft — pending legal review] Requests related to privacy, data protection, or DPO matters can be sent to martin@martinmouritzen.dk.

Right to Complain

[Draft — pending legal review] Data subjects have the right to complain to their competent supervisory authority if they believe their personal data has been processed unlawfully.