TalentSpottingAI | Internships & Graduate Jobs in Greece

Introduction

Welcome to TalentSpottingAI, a career services platform connecting students at Greek universities with employers offering internships, graduate programs, and entry-level positions in Greece.

This Privacy Policy explains how we collect, use, protect, and share your personal data when you use our Services. By "personal data" we mean any information relating to an identified or identifiable natural person as defined by GDPR.

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Personal Data We Collect

From Students

When you create a student account, we collect:

Account Information: Name, email address (university or personal), password (encrypted)
Profile Information: University, major, graduation year, skills, work experience
Documents: CV/resume, cover letters, academic transcripts (if uploaded)
Optional Information: Profile photo, phone number, LinkedIn profile, portfolio links

From Employers

When you create an employer account, we collect:

Company Information: Company name, industry, size, website
Contact Information: Your name, email, phone number, job title
Job Postings: Job descriptions, requirements, salary ranges, locations

From Universities

When career services create an account, we collect:

Institution Information: University name, department, official email domain
Contact Information: Staff name, email, phone number, role
Event Information: Career fair details, dates, locations, participating employers

Automatically Collected Data

When you use the Services, we automatically collect:

Usage Data: Pages visited, features used, time spent, click patterns
Device Data: IP address, browser type, operating system, device type
Communication Data: Messages sent through our platform (encrypted in transit)
Cookies: See our Cookie Policy for details

2. How We Use Your Personal Data

To Provide the Services

Connect students with relevant job opportunities
Enable messaging between students and employers
Manage career event registrations and check-ins
Process job applications and track application status
Provide search and filtering functionality

To Improve the Platform

Analyze usage patterns to improve features
Debug technical issues and optimize performance
Develop new features based on user feedback
Generate anonymized statistics and insights

To Communicate with You

Send important service notifications (account, security, technical updates)
Respond to your support requests
Send relevant job opportunities (if you opted in)
Provide platform updates during beta phase

Legal Basis for Processing (GDPR)

We process your personal data based on:

Contract Performance: To provide the Services you requested
Consent: For optional features, marketing communications (you can withdraw anytime)
Legitimate Interest: Platform security, fraud prevention, service improvement
Legal Obligation: Compliance with Greek and EU law

3. How We Share Your Personal Data

Important: We do NOT sell your data.

We never sell personal data to third parties. Your data is only shared as described below.

With Employers (Student Control)

Student data is shared with employers only when you explicitly choose to:

Apply for a specific job (employer receives your CV and relevant profile info)
Set your profile to "public" (employers can find you in searches)
Register for a career event (event organizers see your registration)
Send a message to an employer (they see your name and basic info)

Private profiles (default setting) are NOT visible to employers. Only you control when employers see your data.

With Universities

If you are a student at a Greek university using our platform:

Your university career services can see your profile (even if set to private)
They can track your career outcomes (internships, job placements)
This helps them improve career support and report employment statistics

With Service Providers

We share data with trusted third-party providers who help us operate the Services:

Authentication: Clerk (user authentication and security, DPF certified)
Hosting: Digital Ocean (EU servers, GDPR compliant)
Email Delivery: Resend (transactional emails, DPF certified)
File Storage: Cloudinary (CV and document storage, GDPR DPA available)
AI Features: OpenAI (career advisor, CV analysis, Standard Contractual Clauses)
Error Tracking: Sentry (EU region, DPF certified)

All providers are contractually required to protect your data and use it only for providing services to us.

Legal Requirements

We may disclose your data if required by law or to:

Comply with legal obligations (court orders, regulatory requests)
Protect our rights and property
Prevent fraud or illegal activity
Protect the safety of our users

4. Your Rights Under GDPR

As an EU-based service, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Delete your account and personal data ("right to be forgotten")

Right to Data Portability

Export your data in machine-readable format (email [email protected] during beta)

Right to Restrict Processing

Limit how we process your data in certain situations

Right to Object

Object to processing based on legitimate interests

How to Exercise Your Rights

To exercise any of these rights:

Email us at [email protected]
Or use Settings > Privacy > Data Rights in your dashboard

We will respond within 30 days as required by GDPR. If we need more time, we will inform you.

Right to Complain

You have the right to lodge a complaint with the supervisory authority:

Hellenic Data Protection Authority (HDPA)

Website: www.dpa.gr

Email: [email protected]

Athens, Greece

5. Data Security and Storage

Security Measures

We protect your data using industry-standard security measures:

Encryption: Data encrypted in transit (TLS/SSL) and at rest
Access Controls: Role-based access, multi-factor authentication
Regular Backups: Daily automated backups with point-in-time recovery
Security Monitoring: 24/7 error and security event tracking
Penetration Testing: Regular security audits

Data Storage Location

Your data is stored on servers located in the European Union (Frankfurt or Amsterdam region) in compliance with GDPR data localization requirements.

Data Retention

We retain your personal data for as long as:

Your account is active
Needed to provide Services you requested
Required by law (e.g., financial records: 10 years under Greek law)
Necessary to resolve disputes or enforce our agreements

When you delete your account, we permanently delete your personal data within 30 days, except where retention is legally required.

6. Student Privacy Controls

Profile Visibility

Student profiles are private by default to protect your privacy. You can choose to make your profile public to be discovered by employers at any time in Settings > Privacy. This ensures you have full control over who can see your information.

Profile Visibility Options

Public Profile (Default)

Visible to employers when they search for candidates
Employers can send you direct messages about opportunities
You control what information is shown through privacy settings
Can be changed to private at any time

Private Profile (Optional)

NOT visible to employers in searches
Your university career services can still see your profile
You can still apply for jobs (employer sees application only)
Reduces job discovery opportunities

You have full control: Change between public and private at any time in Settings > Privacy > Profile Visibility.

7. Cookies and Tracking

We use cookies and similar technologies to provide and improve the Services. For detailed information, see our Cookie Policy.

Types of Cookies

Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how you use the platform (optional, requires consent)

You can manage cookie preferences at any time through the cookie banner or in Settings > Privacy > Cookies.

8. Children and Minors

The Services are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16.

If you are under 16, please do not use the Services or provide any personal data. If we discover we have collected data from a child under 16, we will delete it immediately.

If you believe we have inadvertently collected data from a child under 16, please contact us at [email protected]

9. International Data Transfers

Your data is primarily stored and processed within the European Union. However, some service providers may process data outside the EU (e.g., Clerk for authentication).

When we transfer data outside the EU, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions (transfers to countries with equivalent data protection)
Explicit consent for transfers (where required)

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

New features or functionality
Changes in data protection laws
Feedback from users or regulators

We will notify you of material changes by:

Email to your registered address
Prominent notice in the Services
Requiring you to accept updated terms before continuing use (for significant changes)

11. Contact Information

For questions about this Privacy Policy or to exercise your data rights:

Data Controller

TalentSpottingAI