Privacy Policy

This Privacy Policy explains how Bubble Marble Ltd (“Recruitment Signals”, “we”, “us”) collects, uses, and protects personal data when you visit recruitmentsignals.com or use our service.

1. Who we are

Recruitment Signals is operated by Bubble Marble Ltd, a company registered in the Republic of Cyprus. We are the data controller for the personal data described in this policy.

If you have questions about this policy or how we handle your data, contact us at info@recruitmentsignals.com.

2. What personal data we collect

We collect personal data in two categories.

2.1 Data we collect from you

When you create an account, use the service, or contact us, we collect:

• Identification and contact data such as name, work email, job title, company, and country
• Account credentials and authentication data
• Billing data such as company name, billing address, VAT number, and payment method details (handled by our payment processor, we do not store full card numbers)
• Communications with us, including support requests and survey responses
• Usage data such as features used, searches performed, filters applied, and items saved
• Technical data such as IP address, device type, browser, language, and timestamps
• Cookie and analytics data as described in our cookie disclosure below

2.2 Data we collect from public sources

The core function of Recruitment Signals is to aggregate publicly available signals from job boards, company career pages, and press rooms. This processing may include personal data about individuals such as:

• Names, job titles, and professional roles mentioned in job postings, press releases, or company announcements
• Professional context such as employer, location, hiring responsibility, or quoted statements

We collect this data only from sources that are publicly accessible at the time of collection. We do not scrape data from sources that require authentication, that are gated by terms prohibiting collection, or that are designated as private.

3. How we use personal data

We process personal data to:

• Provide, operate, and maintain the service
• Authenticate users and secure accounts
• Process payments and manage subscriptions
• Communicate with you about the service, including updates, security notices, and support
• Deliver market signals, alerts, and search results based on aggregated public data
• Improve the service, including analytics, debugging, and product development
• Send marketing communications where permitted, and let you opt out at any time
• Comply with legal obligations and enforce our terms

4. Legal basis for processing (GDPR)

Under the EU General Data Protection Regulation, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) for providing the service to account holders
• Legitimate interest (Art. 6(1)(f)) for aggregating publicly available business signals, improving the service, securing our systems, and conducting limited direct marketing to business contacts. Where we rely on legitimate interest, we have weighed our interest against the rights and freedoms of data subjects and concluded that the processing is proportionate. You have the right to object to this processing, see section 9.
• Consent (Art. 6(1)(a)) for optional cookies, certain marketing communications, and any other processing where consent is required
• Legal obligation (Art. 6(1)(c)) for tax, accounting, and compliance with applicable law

5. Sharing and disclosure

We do not sell personal data. We share personal data only with:

• Sub-processors that help us run the service, including cloud hosting, database, email delivery, payment processing, analytics, customer support, and error monitoring providers. A current list of sub-processors is available on request.
• Professional advisors such as lawyers, accountants, and auditors when necessary
• Authorities when required by law, court order, or to protect our rights and safety
• Acquirers in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections

All sub-processors are bound by data processing agreements that require appropriate safeguards.

6. International transfers

Some of our sub-processors are located outside the European Economic Area, primarily in the United States. When we transfer personal data outside the EEA, we rely on:

• Adequacy decisions where available
• Standard Contractual Clauses approved by the European Commission
• Supplementary safeguards where required

You can request more information about specific transfers and safeguards at info@recruitmentsignals.com.

7. Data retention

We retain personal data for as long as necessary to provide the service and fulfill the purposes set out in this policy.

• Account data is retained for the duration of your account and for up to 12 months after closure, unless a longer retention period is required by law
• Billing and tax records are retained for 6 years in accordance with applicable Cyprus accounting and tax law
• Usage and analytics data is retained in aggregated form for product analysis
• Public signal data is refreshed continuously and removed when no longer relevant to the service

When data is no longer needed, we delete or anonymize it.

8. Security

We apply technical and organizational measures appropriate to the risk, including encryption in transit, access controls, logging, regular backups, and ongoing security review. No system is completely secure. If we become aware of a personal data breach that affects you, we will notify you and the relevant supervisory authority in accordance with applicable law.

9. Your rights

If you are in the EEA, the United Kingdom, or another jurisdiction with comparable laws, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request erasure of your data
• Restrict or object to certain processing, including processing based on legitimate interest and direct marketing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection, www.dataprotection.gov.cy

To exercise any of these rights, contact us at info@recruitmentsignals.com. We respond within one month and may ask you to verify your identity.

If you are an individual mentioned in publicly aggregated signals and want to know what we hold about you or request removal, please use the same address.

10. Cookies and similar technologies

We use strictly necessary cookies to operate the service and, with your consent, analytics and functional cookies to understand usage and improve the product. You can manage your preferences through the cookie banner on the site or your browser settings.

11. Children

The service is intended for business users and is not directed to anyone under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. The current version is always available at recruitmentsignals.com/privacy and dated at the top. If we make material changes, we will notify account holders by email or through the service.

13. Contact

Bubble Marble Ltd
info@recruitmentsignals.com