1. Purpose

This policy explains how Spitze ApS (“Spitze”, “we”, “our”, “us”) collects, uses, stores, and protects personal data in connection with its recruitment and business operations.
We are committed to complying with the UK Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), and all other applicable data-protection laws.

2. Scope

This policy applies to all personal data processed by Spitze, whether relating to candidates, clients, suppliers, or other business contacts.
It covers both automated and manual data processing carried out by Spitze or on its behalf.

3. Data controller

Spitze ApS is the data controller for all processing activities described in this policy.
Registered office: Copenhagen, Denmark.
For any data-protection queries, contact trust@spitze.net.

4. Categories of data processed

Spitze processes only the data necessary for legitimate business and recruitment purposes. Typical categories include:

• Identification and contact information (name, email address, telephone number, location).
• Professional information (CVs, qualifications, work history, references, salary expectations).
• Recruitment process data (interview notes, communications, assessment results).
• Limited website or consent data (cookie preferences, form submissions).

Special categories of personal data (e.g. health information) are processed only when necessary and with explicit consent or another lawful basis under Article 9 GDPR.

5. Lawful basis for processing

Processing of personal data by Spitze is based on one or more of the following legal grounds:

• Performance of a contract or pre-contractual measures (e.g. recruitment services).
• Compliance with legal obligations.
• Legitimate interests pursued by Spitze or its clients (e.g. managing recruitment and client relations).
• Consent, where required by law (e.g. marketing communications or retention of profiles).

Where consent is the lawful basis, it may be withdrawn at any time by contacting trust@spitze.net.

6. Data sharing

Personal data may be shared only as necessary for legitimate business purposes, and only with:

• Client companies involved in the recruitment process.
• Carefully selected third-party processors such as IT, hosting, email, and applicant-tracking providers.
• Legal or regulatory authorities where disclosure is required by law.

All third-party processors are bound by written agreements ensuring that data is handled securely and in compliance with GDPR.

7. Data retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected or to meet legal obligations.
Typical retention for recruitment data is up to 24 months after the last contact, unless a longer period is legally required or explicitly agreed.
Data may be anonymised or securely deleted once no longer needed.

8. Data subject rights

Individuals whose data is processed by Spitze have the following rights:

• Access to their personal data.
• Rectification of inaccurate or incomplete information.
• Erasure (“right to be forgotten”) where applicable.
• Restriction of processing.
• Data portability.
• Objection to processing based on legitimate interests.
• Withdrawal of consent (where processing is based on consent).

Requests can be submitted to trust@spitze.net.
Spitze will respond without undue delay and within the time limits prescribed by law.

9. Data transfers

Where data is transferred outside the European Economic Area (EEA) or the United Kingdom, Spitze ensures that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms recognised under applicable law.

10. Security of processing

Spitze maintains appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Details of these measures are described in the Security Policy.

11. Cookies and website data

Spitze uses a GDPR-compliant cookie banner that allows users to provide or withdraw consent for non-essential cookies.
Cookies are categorised as:

• Necessary: essential for website operation.
• Analytics: help improve performance and user experience.
• Marketing: optional and only set with explicit consent.

Users may change their preferences at any time through the “Cookie settings” link in the footer or banner.

Further information is available in our Cookie Policy.

12. Data breach management

In the event of a personal data breach, Spitze will investigate promptly, contain the issue, and notify the relevant supervisory authority and affected individuals when legally required.
All incidents are documented and reviewed to prevent recurrence.

13. Updates to this policy

This policy is reviewed at least annually or when significant changes occur in legislation, operations, or processing activities.
The latest version is published on our website spitze.net.

14. Contact

For questions, requests, or complaints regarding data protection, contact: trust@spitze.net.

If you believe your data protection rights have been infringed, you may lodge a complaint with your local data protection authority.

‍