Privacy Policy

Last Updated: December 2025
Effective Date: 18.12.2025

1. Introduction

ESTEL (“we”, “us”, “our”, or the “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and related services (collectively, the “Services”).

We act as a data controller under the General Data Protection Regulation (GDPR) and process personal data lawfully, fairly, and transparently. This Policy applies to all individuals who access or use our Services (“Users” or “you”).

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

User Account Information
When you create an account and complete our onboarding process, we may collect:

  • Name
  • Email address
  • Company name
  • Job title or role
  • Sales preferences (target markets, industries, job titles, skills)
  • Contact information
  • Any other information you voluntarily provide

Communication Data

  • Email inquiries and support requests
  • Chat interactions with our platform
  • Feedback and survey responses

2.2 Information We Collect Automatically

Platform Usage Data

  • Login and logout timestamps
  • Features and functions accessed
  • Lead interactions and engagement metrics
  • Search queries and filter preferences
  • Time spent on platform sections
  • Error and crash logs

Device and Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Cookies and similar tracking technologies
  • Referrer URLs

2.3 Data We Collect from Third Parties

Labor Market Intelligence
We obtain data from multiple sources to verify staffing demand and identify qualified leads, including:

  • Job boards (e.g. LinkedIn, Indeed, Karriere.at)
  • B2B data brokers and sales intelligence providers
  • Career portals and recruitment platforms
  • Publicly available company and hiring information

Decision-Maker and Buyer Information
We process personal data of business decision-makers (such as names, job titles, email addresses, and phone numbers) obtained from commercial providers to match verified staffing demand with relevant buyers on behalf of our Users.

Analytics and Marketing Data

  • Data from analytics platforms (Google Analytics, Matomo)
  • Pixel and conversion data from advertising platforms (Google Ads, Facebook, LinkedIn)
  • Session recording and usability data (Hotjar)

3. Legal Basis for Processing

We process personal data on the following lawful bases under GDPR:

3.1 Contractual Necessity

  • Providing the Services under our Terms of Service
  • User account creation, management, and service delivery

3.2 Legitimate Business Interests

  • Improving and optimizing our platform
  • Fraud prevention and security
  • Platform analytics and performance monitoring
  • Business development and direct marketing (subject to opt-out rights)
  • Protecting our legal rights and interests

3.3 Consent

  • Optional marketing communications
  • Certain cookies and tracking technologies
  • Session recording and user experience tools

3.4 Legal Obligations

  • Compliance with applicable laws and regulations
  • Responding to lawful requests from authorities

3.5 Data About Decision-Makers and Buyers

We process data of non-user individuals based on:

  • Legitimate business interests
  • Consent obtained via commercial data sources
  • Publicly available business information

4. How We Use Your Information

4.1 Service Delivery

  • Providing, maintaining, and improving the Services
  • Creating and managing user accounts
  • Processing onboarding preferences
  • Generating ranked lead lists and buyer matches
  • Delivering outreach content and insights
  • Responding to support requests

4.2 Platform Optimization

  • Analyzing usage patterns and feature adoption
  • Testing and improving functionality
  • Enhancing user experience and interface design
  • Monitoring system reliability

4.3 Communication

  • Transactional emails (account confirmations, password resets, billing notices)
  • Support and inquiry responses
  • Product updates and service notifications

4.4 Marketing and Business Development

  • Promotional communications (with opt-out options)
  • Targeted advertising and retargeting
  • Market and industry research
  • Lead generation and growth initiatives

4.5 Security, Compliance, and Analytics

  • Detecting and preventing fraud or abuse
  • Ensuring platform security
  • Legal compliance and dispute resolution
  • Aggregated and anonymized analytics and reporting

5. How We Share Your Information

5.1 Third-Party Service Providers

We share data with trusted third-party processors, including:

Cloud Infrastructure

  • Amazon Web Services (AWS) – EU region (Stockholm, Sweden)

Analytics and Tracking

  • Google Analytics
  • Matomo
  • Hotjar
  • Google Ads, Facebook Pixel, LinkedIn Ads

Artificial Intelligence

  • OpenAI (GPT models)
    Only anonymized preferences and demand-related data are processed. No personal identifiers such as names or emails are shared.

5.2 Lead Data Shared with Users

As part of the core Service, Users may receive:

  • Verified job and hiring demand data
  • Business contact details of decision-makers
  • Company and organizational context
  • AI-generated outreach templates

5.3 Legal and Business Disclosures

We may disclose information:

  • When required by law or legal process
  • To protect rights, safety, or property
  • In connection with mergers, acquisitions, or corporate restructuring

5.4 Aggregated and De-Identified Data

We may share anonymized or aggregated information that cannot identify individuals.

6. International Data Transfers

Data is primarily stored in the EU/EEA. Some services may involve transfers outside the EU, including to the United States. These transfers rely on:

  • Standard Contractual Clauses (SCCs)
  • Additional safeguards where required

By using our Services, you acknowledge these transfers.

7. Data Retention

7.1 Retention Periods

Data CategoryRetention PeriodUser account dataActive use + 12 monthsPlatform usage logs12–24 monthsSupport communications24–36 monthsBilling dataUp to 7 years (legal requirement)Marketing and analytics12–24 monthsLead and buyer dataPer data provider agreementsCookiesAs defined in Cookie Policy

8. Your Privacy Rights

8.1 GDPR Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing and marketing
  • Data portability
  • Lodge a complaint with a supervisory authority

8.2 CCPA Rights (California Residents)

California residents may exercise rights to know, delete, correct, opt out of data sharing, and limit use of sensitive personal information.

8.3 Marketing Opt-Out

You may opt out at any time via:

9. Security and Data Protection

We implement appropriate technical and organizational measures, including:

  • Encryption in transit and at rest
  • Secure cloud infrastructure
  • Access controls and employee training
  • Incident response and breach notification procedures

No system is entirely secure, and absolute security cannot be guaranteed.

10. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. Exercising Your Rights

Email: info@estel.tech
Subject: Privacy Rights Request

Requests are acknowledged within 5 business days and resolved within applicable legal timeframes.

12. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

13. Cookies and Tracking

For details on cookies and tracking technologies, please see our Cookie Policy.

14. Contact Information

Privacy Contact: privacy@estel.tech
Company: ESTEL
Location: Sofia, Bulgaria

You may also contact the Commission for Personal Data Protection (CPDP) in Bulgaria.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be reflected by the “Last Updated” date and, where required, additional notice or consent.

16. Governing Law

This Privacy Policy is governed by the laws of Bulgaria and applicable EU data protection laws.

17. Definitions

  • Personal Data
  • Processing
  • Data Controller
  • Data Processor
  • Data Subject
  • Legitimate Interests

Acknowledgment

By using ESTEL’s Services, you acknowledge that you have read and understood this Privacy Policy.

Version: 1.0
Effective as of: [Launch Date]