Privacy Policy
How WHO HAS JOBS? protects your data 🔒
Effective date: January 21, 2025
Quick Navigation
1. Who We Are
WHO HAS JOBS? ("we", "us", "our") is an online service that aggregates publicly available job postings and delivers personalised job‑alert emails to subscribers. Our principal place of business is in Switzerland. For the purposes of the EU General Data Protection Regulation ("GDPR"), we are the data controller for the personal data described in this policy.
Contact Information
📧 Email: [email protected]
📮 Postal: Polyshow GmbH, Oerlikonerstrasse 5, 8057 Zurich, Switzerland
🛡️ Contact Person: Oliver Holl, [email protected]
2. Scope of This Policy
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you:
- • Visit whohasjobs.com or any sub‑domain (the "Site");
- • Sign up or log in via Google OAuth;
- • Receive email notifications from us; or
- • Interact with any of our services, APIs, or customer‑support channels.
Note: This policy does not cover third‑party websites or services that we do not control, even if we link to them.
3. What Data We Collect
| Category | Data Elements | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Account Data | • Google account ID • Display name • Verified email address (encrypted at rest) | Create and manage your account; authenticate you | Art 6(1)(b) – Contract performance |
| Subscription Data | • Workflows and search terms you subscribe to • Preferred notification frequency | Provide job alerts you request | Art 6(1)(b) |
| Communication Data | • Email content (outgoing) • Delivery logs & bounce reports | Send notifications; troubleshoot delivery | Art 6(1)(b); Art 6(1)(f) – Legitimate interests |
| Technical Data | • IP address • Browser user‑agent • Cookies & similar identifiers | Maintain Site security; prevent fraud; analytics | Art 6(1)(f) – Legitimate interests |
✅ We do not intentionally collect sensitive categories of data (as defined in Art 9 GDPR).
5. How We Use Your Data
🔐 Account creation & authentication
We rely on Google OAuth in combination with Supabase Auth. Your email must be verified; otherwise you cannot receive job updates.
📧 Service delivery
We match your subscriptions to new job listings scraped by our partner Kadoa API and email them through Amazon SES.
🛡️ Security & fraud prevention
Emails are encrypted at rest; database row‑level security ensures each user can only access their own data. We monitor logs to protect against abuse.
📊 Analytics & performance
Aggregated, anonymised data helps us understand usage patterns and improve features. Individual‑level analytics are disabled.
🚫 We NEVER sell or rent your personal data.
8. Data Sharing & Third‑Party Processing
We only share personal data with service providers who help us operate the service. Each provider is vetted for security and contractual compliance with GDPR Art 28.
| Provider | Role | Location & Safeguards |
|---|---|---|
| Supabase Inc. | Managed PostgreSQL database & authentication | EU Region datacentres; DPA & SCCs |
| Google LLC | OAuth sign‑in | EU–US Data Privacy Framework (DPF) participant; SCCs |
| Amazon Web Services, Inc. (SES) | Transactional email delivery | EU Region; DPF & SCCs |
| Cloudflare, Inc. | Edge hosting & security | Global CDN; DPF & SCCs |
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Until you delete your account or after 24 months of inactivity |
| Subscription & workflow data | Until you delete the subscription or account |
| Email delivery logs | 12 months for troubleshooting and compliance |
| Server logs & IP addresses | 30 days, unless required for security investigations |
We may retain backups for up to 90 days. When retention limits expire, data are deleted or irreversibly anonymised.
11. Your Rights (EEA, UK & Switzerland)
Subject to conditions, you have the right to:
1. Access
Your personal data
2. Rectify
Inaccurate data
3. Erase
Data ("right to be forgotten")
4. Restrict
Processing
5. Data portability
Export your data
6. Object
To processing based on legitimate interests
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
12. Security Measures
Encryption in transit
via TLS 1.2+ for all network communications
Encryption at rest
for database storage (email addresses encrypted using AES‑256)
Row‑Level Security
in Supabase restricts data access to the owning user
⚠️ Despite our efforts, no system is 100% secure. We encourage you to use a strong, unique Google account password and enable two‑factor authentication (2FA).
15. How to Contact Us
If you have questions or concerns about this Privacy Policy or our data practices:
Email us
[email protected]Write to us
at the address in Section 1
We would appreciate the chance to deal with your concerns before you approach a data‑protection authority (such as the Swiss FDPIC), so please contact us first.