Legal

Privacy Policy

Effective date:
May 7, 2026
Operated by:
Avenor Holdings LLC

How we collect, use, store, disclose, and protect personal data relating to individuals who access or use the Hab Jobs platform. Designed to comply with US privacy standards, the GDPR, and the UK GDPR.

This Privacy Policy explains how Avenor Holdings LLC ("Company", "we", "us", "our"), operator of the Hab Jobs platform at https://www.habposlovi.com/ ("Platform"), collects, uses, stores, discloses, and protects personal data relating to individuals who access or use the Platform ("Users", "you").

This Policy applies to all Users globally and has been designed to comply with both United States privacy standards and the European Union General Data Protection Regulation (EU) 2016/679 ("GDPR"), as well as other applicable data protection frameworks including the UK GDPR and relevant national implementations.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Platform immediately.

1. Data Controller and Contact Details

For the purposes of applicable data protection law, the data controller responsible for processing your personal data is:

Avenor Holdings LLC
Address: 75 E 3rd St, Sheridan, WY 82801, United States
Email: info@habposlovi.com
Website: https://www.habposlovi.com/

For all privacy-related inquiries, data subject requests, or complaints, please contact us at the email address above, marking your message with the subject line "Privacy Request" or "Data Subject Request" as appropriate.

Where required by applicable law and where we have appointed a representative in the European Economic Area or the United Kingdom, their contact details will be provided in a supplementary notice on the Platform.

2. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, IP address, location data, and online identifiers.
  • "Processing" means any operation performed on personal data, including collection, recording, storage, adaptation, retrieval, use, disclosure, or erasure.
  • "Candidate" means an individual who registers on the Platform to search for and apply for employment opportunities.
  • "Employer" means a company or individual who registers on the Platform to post job listings and search for candidates.
  • "Sensitive Data" or "Special Category Data" has the meaning given under Article 9 of the GDPR, including data revealing racial or ethnic origin, health, religious beliefs, or trade union membership.
  • "Third Party" means any natural or legal person other than the data subject, the Company, or persons under the direct authority of the Company.

3. Personal Data We Collect

3.1 Data Provided Directly by Users

When you register an Account or use the Platform, we may collect the following categories of personal data that you provide directly:

  • Full name or company name
  • Email address
  • Password (stored in encrypted, hashed form; we do not store plaintext passwords)
  • Phone number (if provided)
  • Physical address or city of residence
  • Professional information including work history, education, skills, certifications, and qualifications (Candidates)
  • CV or resume documents uploaded to the Platform
  • Company registration details, tax identification numbers, and business address (Employers)
  • Profile photographs or company logos (if uploaded)
  • Job listing content including role descriptions, requirements, and compensation details (Employers)
  • Communications sent through the Platform's messaging or support features
  • Subscription and billing information, including payment method details (processed and stored by Stripe; the Company does not store full card numbers)

3.2 Data Collected Automatically

When you access or use the Platform, we and our service providers may automatically collect the following technical data:

  • IP address and approximate geolocation derived from IP
  • Browser type, version, and operating system
  • Device type and unique device identifiers
  • Pages visited, time spent on each page, and navigation paths
  • Search queries entered on the Platform
  • Referring URL and exit URL
  • Session duration and frequency of visits
  • Cookies and similar tracking technologies (detailed in our Cookie Policy)

3.3 Data Received from Third Parties

We may receive personal data about you from the following third-party sources:

  • Payment processors (such as Stripe), who may share transaction confirmation and fraud risk data
  • Analytics providers who aggregate usage data to help us understand how the Platform is used
  • Business verification services used to confirm the legitimacy of Employer accounts
  • Public business registries, where we verify Employer information

3.4 Sensitive Data

The Platform is not designed to collect special category data as defined under Article 9 GDPR. You should not include sensitive personal data such as information about your health, religion, ethnicity, or trade union membership in your profile or job applications unless strictly required by a specific role and explicitly requested by the Employer in compliance with applicable law. If such data is inadvertently submitted, we will handle it with heightened protection and delete it where it is not necessary for the purposes of the Platform.

4. Purposes and Legal Bases for Processing

We process your personal data only where we have a lawful basis to do so. The following sections set out our principal processing activities, their purposes, and the corresponding legal bases:

4.1 Account Creation and Management

Purpose: To create and maintain your User account, verify your identity, and provide access to Platform features.

Legal Basis (GDPR): Performance of a contract (Article 6(1)(b)). For users outside the EEA: legitimate business necessity.

4.2 Job Listings and Applications

Purpose: To enable Employers to post job listings and Candidates to apply for positions, including transmitting application materials to the relevant Employer.

Legal Basis (GDPR): Performance of a contract (Article 6(1)(b)); legitimate interests (Article 6(1)(f)) in facilitating the core marketplace service.

4.3 Payment Processing

Purpose: To process payments for Employer subscriptions and listing fees.

Legal Basis (GDPR): Performance of a contract (Article 6(1)(b)); compliance with legal obligations regarding financial record-keeping (Article 6(1)(c)).

4.4 Platform Security and Fraud Prevention

Purpose: To detect, investigate, and prevent fraudulent activity, abuse, security incidents, and violations of our Terms of Service.

Legal Basis (GDPR): Legitimate interests (Article 6(1)(f)) in protecting the Platform, its Users, and the Company from harm.

4.5 Platform Improvement and Analytics

Purpose: To analyze usage patterns, improve Platform functionality, fix technical errors, and develop new features.

Legal Basis (GDPR): Legitimate interests (Article 6(1)(f)) in maintaining and improving the Platform.

4.6 Marketing and Communications

Purpose: To send newsletters, product updates, and promotional communications where you have opted in. To send transactional communications (such as account confirmations, password resets, and billing notices) as necessary.

Legal Basis (GDPR): Consent (Article 6(1)(a)) for marketing communications; legitimate interests or contractual necessity for transactional communications. You may withdraw consent for marketing communications at any time without affecting the lawfulness of prior processing.

4.7 Legal Compliance

Purpose: To comply with applicable laws, regulations, court orders, or lawful requests from public authorities.

Legal Basis (GDPR): Legal obligation (Article 6(1)(c)).

5. How We Share Personal Data

We do not sell your personal data to third parties. We may share personal data in the following circumstances:

5.1 With Employers

When a Candidate submits a job application, their application materials and profile information are shared with the Employer who posted the relevant listing. Candidates should be aware that once data is shared with an Employer, the Employer becomes an independent data controller with respect to that data and is subject to their own data protection obligations.

5.2 With Service Providers

We engage trusted third-party service providers who process personal data on our behalf under data processing agreements. These include:

  • Stripe, Inc.: Payment processing. Stripe's privacy policy is available at https://stripe.com/privacy
  • Cloud hosting and infrastructure providers
  • Email delivery service providers
  • Analytics and performance monitoring tools
  • Customer support software providers

All service providers are required to process data only as instructed by us and to implement appropriate technical and organizational security measures.

5.3 With Verification and Compliance Partners

We may share Employer registration data with business verification services to confirm the legitimacy of employer accounts as part of our platform integrity procedures.

5.4 Legal and Regulatory Disclosures

We may disclose personal data to law enforcement agencies, regulatory bodies, courts, or other public authorities where required by law or where we have a good-faith belief that disclosure is necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of the Company, its Users, or the public; or (c) detect, investigate, or prevent fraud or illegal activity.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or similar corporate transaction, personal data held by the Company may be transferred to the acquiring or successor entity. We will provide notice of any such transfer and the applicable privacy terms before personal data is transferred and becomes subject to a different privacy policy.

5.6 With Your Consent

We may share personal data with third parties in any other circumstances where we have obtained your explicit consent.

6. International Data Transfers

Avenor Holdings LLC is incorporated in the United States. Personal data collected from Users in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with cross-border transfer restrictions may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home country.

Where we transfer personal data from the EEA or the UK to countries not recognized as providing an adequate level of protection, we implement appropriate safeguards in accordance with applicable law, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Reliance on derogations under Article 49 GDPR where appropriate (e.g., where the transfer is necessary for the performance of a contract between you and the Company)

You may request information about the specific safeguards we have in place for cross-border transfers by contacting us at info@habposlovi.com.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, subject to any longer retention periods required by law. Our general retention schedule is as follows:

  • Active Account data: Retained for the duration of the Account and for a period of 3 years following account closure, unless a shorter period is required by applicable law or requested by the data subject.
  • Job application data: Retained for a period of 12 months following the closure of the relevant listing or the rejection of the application, whichever is later, to allow for follow-up hiring or audit purposes.
  • Financial and billing records: Retained for a minimum of 7 years in accordance with US federal tax and accounting requirements.
  • Server and access logs: Retained for up to 12 months for security and fraud prevention purposes.
  • Marketing consent records: Retained for 3 years following the withdrawal of consent, as evidence of the prior consent.
  • Data subject request records: Retained for 3 years to demonstrate compliance.

At the expiry of applicable retention periods, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

8. Your Rights as a Data Subject

Depending on your location and applicable law, you may have the following rights with respect to your personal data. EEA and UK residents have these rights under the GDPR and UK GDPR. Residents of other jurisdictions may have similar rights under applicable local law.

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you. Many corrections can be made directly through your Account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (where consent was the legal basis), or where the data has been unlawfully processed.

This right is subject to limitations where we are required to retain data to comply with a legal obligation, exercise or defend legal claims, or protect the rights of others.

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while a dispute about accuracy is being resolved, or where processing is unlawful but you prefer restriction over deletion.

8.5 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing for that purpose immediately.

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects on you. The Platform does not currently make legally significant automated decisions about Users.

8.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

8.9 Exercising Your Rights

To exercise any of the above rights, please submit a written request to info@habposlovi.com with the subject line "Data Subject Request". We will acknowledge receipt within 5 business days and respond within 30 calendar days. In complex or high-volume cases, we may extend this period by an additional 60 days, in which case we will notify you.

We may request identity verification before processing a data subject request to prevent unauthorized disclosure. We will not charge a fee for reasonable requests, but may charge a fee for manifestly unfounded or excessive requests.

8.10 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority. For EEA residents, this is the data protection authority in your country of residence. For UK residents, this is the Information Commissioner's Office (ICO). Contact details for EEA supervisory authorities are available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive stored data including passwords using industry-standard hashing algorithms
  • Access controls limiting personal data access to authorized personnel on a need-to-know basis
  • Regular security assessments and vulnerability monitoring
  • Payment card data handled exclusively through PCI-DSS compliant payment processors; we do not store full card numbers on our systems
  • Incident response procedures to detect, report, and investigate data breaches

Despite these measures, no system is completely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by applicable law. We will also notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, as required by the GDPR.

10. Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies to enhance your experience, analyze usage, and support Platform functionality. Detailed information about the types of cookies we use, their purposes, the third parties involved, and your choices regarding cookies is provided in our Cookie Policy, which is available at https://www.habposlovi.com/ and incorporated herein by reference.

Where required by applicable law, we obtain your consent before placing non-essential cookies on your device. You may withdraw your cookie consent at any time through the cookie preference settings on the Platform.

11. Children's Privacy

The Platform is not directed at individuals under the age of 18 and we do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without appropriate parental consent, we will take steps to delete that data as soon as reasonably practicable.

If you believe that a minor has submitted personal data through the Platform without your consent, please contact us immediately at info@habposlovi.com.

12. Third-Party Websites and Services

The Platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to the Hab Jobs Platform. We are not responsible for the privacy practices of third-party websites or services and encourage you to review their privacy policies before submitting any personal data.

13. Employer Data Responsibilities

Where Employers access Candidate personal data through the Platform (for example, by receiving job applications), the Employer acts as an independent data controller with respect to that data. The Company acts as a data processor in transmitting the data and as a data controller with respect to the Platform's own processing activities.

Employers are solely responsible for ensuring their own processing of Candidate data complies with applicable data protection laws, including the GDPR where applicable. The Company's Data Processing Agreement (DPA), available upon request to Employers, sets out the respective responsibilities of the Company and Employers with respect to personal data processed through the Platform.

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will post the updated Policy on the Platform with a revised Effective Date and, where required by law, notify registered Users by email. We encourage you to review this Policy periodically.

Continued use of the Platform after the updated Policy becomes effective constitutes acceptance of the revised terms.

15. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact:

Avenor Holdings LLC
Address: 75 E 3rd St, Sheridan, WY 82801, United States
Email: info@habposlovi.com
Website: https://www.habposlovi.com/