Privacy Policy & GDPR

Last updated: 20.03.2026

1. Introduction

1.1. Thank you for trusting the JoburiOnline.ro platform! Protecting your personal data is a priority for -.

1.2. This document ("Privacy Policy") describes how we collect, use, store, disclose and protect your personal data when you use the JoburiOnline.ro platform and its associated services, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR) and Romanian Law no. 190/2018 on GDPR implementation measures.

1.3. We recommend reading this policy carefully before using the platform. For information about your general rights and obligations of use, please consult the Terms and Conditions page.

1.4. By accessing and using the platform, you confirm that you have read this Privacy Policy.

2. Who is responsible for processing your data?

2.1. The data controller is -, headquartered at - ("the Company", "We" or "the Controller").

2.2. As controller, we determine the purposes and means of processing personal data collected through the JoburiOnline.ro platform.

2.3. The platform's role in relation to employer companies: When an employer company accesses candidate CVs through the platform (through direct candidate application or CV database access), that company becomes an independent controller for the data it processes for its own recruitment purposes. The platform acts, in this specific relationship, as a processor pursuant to Art. 28 GDPR, facilitating data transmission according to instructions and based on a processing agreement.

2.4. For any questions or requests regarding the processing of your personal data, please contact us at: -.

3. What personal data do we collect?

3.1. Data provided directly by you

We collect data you voluntarily provide when using the platform:

Account creation: name, surname, email address, phone number, password (stored encrypted);
Profile and CV completion: professional experience (previous jobs, periods, descriptions), education and certifications, technical and professional skills, known foreign languages, profile photo, job preferences (city, field of activity, schedule type, desired salary);
Applying to a job posting: your complete CV and profile data are transmitted to the employer company, possibly accompanied by a cover letter or personalized message;
Contacting the support team: content of messages sent and responses received, including any attachments;
Participating in surveys, questionnaires or contests: responses provided and data necessary for participation.

3.2. Automatically collected data (technical)

When you access the platform, we automatically collect certain technical data necessary for the operation and security of services:

IP (Internet Protocol) address;
Web browser type and version;
Operating system;
Device type (desktop, mobile, tablet) and screen resolution;
Pages visited on the platform, actions performed (clicks, searches, applications), date and time of each access;
Internet Service Provider (ISP);
General geolocation data, determined based on IP address (city/region level, not exact location).

3.3. Data obtained through cookies and similar technologies

The platform uses cookies and similar technologies (tracking pixels, local storage) to ensure proper functioning, personalize the experience and analyze traffic. Full details about the types of cookies used, their purposes and management options are presented in section 10 of this document.

3.4. Data obtained from third parties

Third-party authentication: If you choose to create your account or authenticate through Facebook, LinkedIn or Google, the platform receives public data from your profile on that service (typically: name, surname, email address, profile photo). The volume of data transmitted depends on your privacy settings on the respective service;
Advertising partners: We may receive aggregate or pseudonymized data from advertising partners through third-party cookies, for the purpose of displaying relevant advertisements.

4. For what purposes and on what legal basis do we process data?

We process your personal data for specific purposes and always based on a valid legal basis. Below we detail each purpose and the corresponding legal ground:

4.1. Providing platform services (candidates)

What we do: We create and manage your account, allow you to complete and update your CV, search and apply to job postings, receive job alerts and track application status.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of the contract (the platform's Terms and Conditions).

4.2. Providing platform services (employer companies)

What we do: We allow companies to publish job postings, access the candidate CV database, manage applications received and communicate with candidates.

Legal basis:

For authorized individuals (self-employed): Art. 6(1)(b) GDPR — contract performance;
For representatives of legal entities: Art. 6(1)(f) GDPR — our legitimate interest in conducting the commercial relationship and providing contracted services.

4.3. Job recommendations and intelligent matching

What we do: We analyze data from your profile and CV (professional experience, education, skills, location, salary preferences) to suggest relevant job postings and calculate a match score between your profile and each job's requirements.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest.

Legitimate interest justification: Personalized recommendations significantly improve service quality, maximize candidates' employment chances and streamline the recruitment process for companies. We consider that this interest prevails over any potential negative effects on data subjects, given that:

Recommendations are based exclusively on professional data voluntarily provided by the candidate;
The candidate can ignore recommendations at any time without any consequence;
The algorithm does not make automated decisions with legal or similarly significant effects on you, within the meaning of Art. 22 GDPR.

4.4. Service-related communications

What we do: We send you notifications about your application status, expiry of saved postings, CV update suggestions, messages received from employers and other operational information related to platform use.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in informing you about the functioning of services you use.

You can disable certain notification categories at any time from the Settings > Notifications section of your account.

4.5. Commercial communications (marketing)

What we do: We send newsletters, special offers, survey invitations, promotional materials and information about new platform features.

Legal basis: Art. 6(1)(a) GDPR — your consent, expressed at account creation or subsequently by opting in.

How to unsubscribe: At any time, through the unsubscribe link in each commercial email or from the Settings > Notifications section of your account. Unsubscribing is free and immediate.

Tracking pixels: Our commercial emails may contain tracking pixels (invisible 1x1 pixel images) that allow us to measure open rates and content interaction for the purpose of optimizing future communications. Unsubscribing from commercial emails automatically disables this tracking as well.

4.6. Analytics and statistics

What we do: We collect and process aggregate and anonymized data about platform usage (search trends, application rates, popular job types) to improve services and develop new features.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in understanding and improving platform performance.

4.7. Security and fraud prevention

What we do: We monitor platform access to prevent and detect unauthorized access, cyberattacks, fake account creation, spam and other forms of abuse. We temporarily store IP addresses associated with authentication sessions for 30 days, after which they are anonymized or deleted.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in ensuring platform security and protecting users and infrastructure against threats.

4.8. Fulfilling legal obligations

What we do: We process and retain certain data to comply with tax and accounting obligations (invoice issuance and archiving), reporting obligations to authorities, and to respond to legal requests from competent authorities.

Legal basis: Art. 6(1)(c) GDPR — processing is necessary for compliance with a legal obligation to which we are subject.

4.9. Establishing, exercising or defending legal claims

What we do: We may process and retain personal data to the extent necessary for establishing, exercising or defending the Company's or users' rights in judicial, administrative or extrajudicial proceedings.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in protecting our rights and interests before courts.

5. Your CV visibility

We understand that the degree of exposure of your professional information is an important personal decision. That is why we give you full control over your CV's visibility:

5.1. Private CV (confidential)

Your CV can only be used to apply directly to job postings on the platform;
Employer companies cannot see your CV in the database and cannot contact you on their own initiative;
Only companies to which you have actually applied have access to your CV data, for the purpose of evaluating your candidacy.

5.2. Public CV

Your CV is visible to employer companies that have purchased CV database access;
Companies can view professional information from your CV (experience, education, skills), but contact details (full name, email, phone) are protected separately and are not visible without unlocking;
To access your contact details, an employer must request unlocking through the platform;
The platform makes reasonable efforts to limit CV database access to employers, HR firms and recruitment specialists. However, we cannot absolutely guarantee that no unauthorized third party will access the database.

5.3. Changing visibility

You can change your CV status at any time (from public to private and vice versa) from the Settings > Privacy section of your account;
If you switch your CV to private mode, employer companies will no longer have access to it in the database, except for companies that downloaded or saved your CV before the visibility change — they may still hold a copy of your data.

6. To whom do we disclose your data?

We do not sell, rent or trade your personal data. We disclose data only in the following situations and to the following categories of recipients:

6.1. Employer companies

When you apply to a job posting, your profile and CV data are transmitted to the respective company. If your CV is set to "public", companies that have purchased CV database access can view your professional information and request unlocking of your contact details.

6.2. Service providers (processors)

We work with service providers who help us operate the platform and who process data on our behalf, exclusively according to our instructions and based on processing agreements compliant with Art. 28 GDPR. Provider categories include:

Hosting and IT infrastructure service providers;
Web traffic analysis service providers;
Email communication service providers (sending notifications, newsletters);
Payment processing service providers;
Cybersecurity and monitoring service providers;
Data storage and backup service providers.

All our service providers are carefully selected and contractually obligated to protect your data according to GDPR standards. A detailed list of providers can be requested by email at -.

6.3. Public authorities

We may disclose your data to competent authorities when the law requires us to do so, including: tax authorities, courts, criminal investigation bodies, the National Supervisory Authority for Personal Data Processing (ANSPDCP).

6.4. In case of corporate reorganization

In the event of a merger, acquisition, asset transfer or insolvency proceedings, the platform's database (including user data) may be transferred to the new operator or successor. In this situation, users will be notified by email before the transfer takes place, indicating the new operator and their rights regarding personal data.

7. International data transfers

7.1. Your data is stored on servers located in the European Union.

7.2. Some of our service providers (e.g., web analytics or email communication services) may be located or process data outside the European Union or European Economic Area (EU/EEA).

7.3. For international data transfers, we ensure adequate safeguards are implemented in accordance with GDPR:

Standard Contractual Clauses (SCCs) adopted by the European Commission;
Adequacy decisions issued by the European Commission (e.g., EU-US Data Privacy Framework);
Other GDPR-recognized transfer mechanisms.

7.4. If an employer established outside the EEA accesses your CV following a direct application to a job posting, the transfer basis is Art. 6(1)(b) GDPR — contract performance (your application constituting the contractual step initiated by you).

8. How long do we keep data?

We retain your personal data only for as long as necessary for the purposes for which it was collected or as required by applicable legislation:

8.1. Candidate account data

Account data is retained for the entire duration of the active account;
After account deletion at your request: data is anonymized or permanently deleted within 30 days;
If your account is inactive for more than 3 years (no login, application or CV update), the platform may delete the account and associated data, after sending a prior notification by email 30 days before deletion.

8.2. CVs in employer accounts

CVs saved or unlocked by employers through the platform are automatically deleted after 12 months from the employer's account;
Employer companies that have downloaded or copied CVs to their own systems are independently responsible, as controllers, for the data thus extracted and for compliance with applicable GDPR obligations.

8.3. Technical data (IP addresses, access logs)

Stored for 30 days from the collection date, then anonymized or permanently deleted.

8.4. Accounting and tax data

Retained according to mandatory archiving periods provided by Romanian legislation (minimum 5 years for accounting documents, or according to other applicable legal deadlines).

8.5. Support communications and correspondence

Retained until the subject is fully resolved, plus a reasonable archiving period (generally 12 months), then deleted.

9. Your rights under GDPR

The General Data Protection Regulation grants you a series of rights regarding your personal data. We present them in detail below, along with how to exercise them:

9.1. Right of access (Art. 15 GDPR)

You have the right to obtain confirmation from us whether or not we process personal data concerning you. If so, you can request a copy of all data we hold about you, as well as information about processing purposes, data categories, recipients and retention periods.

9.2. Right to rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate data or completion of incomplete data. You can also do this directly from your account by editing your profile and CV in the Profile section.

9.3. Right to erasure — "right to be forgotten" (Art. 17 GDPR)

You can request deletion of your personal data in the following situations: the data is no longer necessary for the purposes for which it was collected; you withdraw consent and no other legal basis exists; processing is unlawful. Erasure does not apply where processing is necessary for compliance with a legal obligation or for establishing, exercising or defending legal claims.

9.4. Right to restriction of processing (Art. 18 GDPR)

You have the right to request limitation of processing in the following cases: you contest data accuracy (during verification); processing is unlawful but you prefer restriction over erasure; we no longer need the data but you require it for establishing, exercising or defending legal claims.

9.5. Right to data portability (Art. 20 GDPR)

You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format (e.g., JSON or CSV). You also have the right to request direct transmission of this data to another controller, where technically feasible.

9.6. Right to object (Art. 21 GDPR)

You can object to the processing of your data based on our legitimate interest, on grounds relating to your particular situation. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You can object at any time and without justification to the processing of your data for direct marketing purposes.

9.7. Right not to be subject to automated decision-making (Art. 22 GDPR)

You will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Job recommendations and match scores are provided as guidance only and do not produce legal effects on you.

9.8. Right to withdraw consent

For processing based on your consent (e.g., marketing communications, non-essential cookies), you can withdraw consent at any time without needing to justify your decision. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

9.9. Right to lodge a complaint

If you believe that the processing of your personal data violates GDPR provisions, you have the right to lodge a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

9.10. How to exercise your rights

You can exercise the above rights through the following means:

By email: send a request to -, specifying the right you wish to exercise;
Directly from your account: the Settings > Privacy section allows you to edit, download or request deletion of your data, as well as manage notification preferences and CV visibility;
We will confirm receipt of your request and respond within a maximum of 30 days. For complex requests or high volume of requests, the deadline may be extended by an additional 60 days, with your prior notification.

10. Cookies and similar technologies

10.1. What are cookies

Cookies are small text files that the website places on your device (computer, phone, tablet) when you visit the platform. They allow the platform to recognize your device, remember your preferences and collect browsing information.

10.2. Types of cookies used

Category	Purpose	Legal basis	Can be disabled?
Necessary	Basic platform operation: authentication, session, security, CSRF protection	Legitimate interest	No
Functional	Saving preferences: chosen language, display settings, pre-filled forms	Consent	Yes
Analytics	Understanding platform usage: pages visited, time spent, technical errors	Consent	Yes
Marketing / Advertising	Personalized ads, remarketing, measuring campaign effectiveness	Consent	Yes

10.3. Third-party cookies

Partners such as Google Analytics, Google Ads and Meta (Facebook) Pixel may place their own cookies on your device when you access the platform. These cookies are governed by the respective partners' privacy policies.

10.4. How to manage cookies

Consent banner: On your first visit, a banner allows you to choose which cookie categories you accept;
Cookie settings page: You can change preferences at any time from: -;
Browser settings: You can configure your browser to block or delete cookies.

Disabling non-essential cookies does not affect basic platform functionality but may limit certain personalized features.

10.5. Tracking pixels in emails

Notifications and commercial emails may contain open pixels (transparent 1x1 pixel images) that allow us to measure whether the email was opened. Unsubscribing from commercial notifications automatically disables this tracking.

11. Data security

11.1. Protecting your data is a responsibility we take very seriously. We implement comprehensive technical and organizational measures:

Technical measures:

Encryption of all data transmitted between your browser and our servers via SSL/TLS (HTTPS);
User password encryption through secure hashing algorithms (we never store passwords in plain text);
Role-based database access control and principle of least privilege;
Firewalls and intrusion detection systems;
Regular software updates and security patches.

Organizational measures:

Regular encrypted data backups stored in separate locations;
Continuous system monitoring for anomaly and unauthorized access detection;
Documented security incident response procedures;
Confidentiality agreements with all employees and collaborators with access to personal data;
Periodic security measure reviews and compliance auditing.

11.2. Despite all measures, no IT system can guarantee absolute security. We encourage you to protect your own data by using a strong unique password, logging out after use on shared devices, and keeping your browser updated.

11.2. Data breach notification

11.2.1. In the event of a personal data security breach that poses a risk to your rights and freedoms, we will notify the National Supervisory Authority for Personal Data Processing (ANSPDCP) within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR.

11.2.2. If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay by email to the address associated with your account, in accordance with Art. 34 GDPR.

11.2.3. The notification will contain: the nature of the breach, the categories of data affected, the likely consequences and the measures taken or proposed to remedy the situation.

12. Changes to this policy

12.1. We reserve the right to periodically update this Privacy Policy to reflect changes in our processing practices, applicable legislation or platform features.

12.2. For substantial changes, users will be notified by email and/or through a visible notification on the platform.

12.3. Continued use of the platform after the updated policy takes effect constitutes acceptance of the changes.

12.4. The date of last update is displayed at the beginning and end of the page.