hire.ee

Legal

Privacy policy

Last updated 22 May 2026

How hire.ee handles your personal data, written in plain language. We're a small Estonian job board — we collect what we need to run the service and nothing more.

Who we are

The data controller for hire.ee is the operator of hire.ee, established in Estonia. Contact: info@hire.ee. We don't have a designated EU representative because we're already established in an EU member state.

What we collect

It depends on what you do with the site.

Visitors (no account) — standard server logs (IP address, user-agent, requested URL, timestamp) retained for 14 days. Google Analytics events with IP anonymisation. A theme preference stored in your browser's localStorage (no PII).

Job seekers (with account) — email address, first and last name. Optionally: a CV file you upload, jobs you save, applications you submit, search alerts you set up. We also store an Estonia-language preference cookie. Federated sign-ins (Google, Apple, Microsoft) give us the IdP-provided email and name.

Employers (with account) — account holder's email and name (as above), plus the company name and Estonian registration code you enter at onboarding. Job listings you publish are stored alongside your account.

Why we collect it and on what legal basis

Each category of data has a specific legal basis under GDPR Art. 6:

  • Contract (Art. 6(1)(b)) — account creation, authentication, processing your applications and forwarding your CV to the employer you applied to.
  • Legitimate interest (Art. 6(1)(f)) — server logs, abuse-prevention rate limits, anonymised analytics, fraud detection.
  • Consent (Art. 6(1)(a)) — optional analytics where consent is required, future marketing emails. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — responding to legitimate requests from authorities (court orders, AKI inquiries).

Who we share it with

We don't sell your data. We use the following processors, each bound by a Data Processing Agreement:

  • MailerSend — transactional email (verification codes, password resets, welcome emails). Data leaves the EU under Standard Contractual Clauses.
  • Amazon Web Services — hosting, database, file storage. Data lives in AWS Stockholm (eu-north-1), inside the EU.
  • Google Analytics 4 — anonymised page analytics. IP addresses are anonymised before reaching Google.
  • Amazon Cognito — authentication. EU region; manages session tokens.

How long we keep it

  • Account data: until you delete the account.
  • Applications: visible to the employer indefinitely (they own the recruitment record); deleted from your personal profile when you delete your account.
  • Uploaded CV files: until you delete them or your account.
  • Server logs: 14 days.
  • Google Analytics: 14 months (GA4 default retention).

Your rights

Under GDPR you have the following rights regarding personal data we hold about you:

  • Access — request a copy of what we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (also self-serve via account deletion).
  • Restriction — ask us to stop processing for specific purposes.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — for anything we process based on consent.
  • Complaint — lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or your local DPA.

Cookies and analytics

Details on cookies, local-storage entries and Google Analytics are in our separate cookie policy. We don't run advertising trackers or retargeting pixels.

International data transfers

Most processing happens inside the EU (AWS eu-north-1 / Stockholm). MailerSend and Google Analytics process some data in the US under EU Standard Contractual Clauses with supplementary measures (encryption in transit and at rest).

Security

We use TLS for everything, encryption at rest for all storage (S3, RDS, DynamoDB), short-lived JWT tokens for sessions, hashed passwords (Cognito-managed), and CloudWatch alarms on auth-side failures. No system is perfectly secure, but we follow current best practice for a service of our size.

Children

hire.ee is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you believe we have, contact us and we'll delete it.

Changes to this policy

We'll update this policy as the service evolves. Material changes get a notice on the site and an email to registered users at least 14 days before taking effect. The "Last updated" date at the top always reflects the current version.

Privacy questions, data-subject requests, or anything else? info@hire.ee.