Last updated: 2026-07-10

Version: 1.0

Privacy Policy

How LandingRoom handles personal data for customers, recruiters, and candidates.

How we handle your data

Data Controller vs Data Processor

For candidate and recruiter data entered into a customer workspace, the customer company determines the purposes and means of processing and acts as the data controller. LandingRoom processes that data only to provide the service and acts as the data processor.

LandingRoom is operated by Webtential ApS (CVR no. 44959925), Natsværmervej 48, 2610 Rødovre, Denmark, which may act as an independent controller for limited business data such as billing, account administration, service communications, and compliance records.

Categories of Data Processed

LandingRoom may process recruiter PII such as names, work email addresses, roles, authentication details, and activity metadata; candidate PII such as names, contact details, CV text, employment history, education, and profile materials; and application data such as pipeline status, notes, uploaded documents, room content, communications, evaluations, and engagement signals.

Lawful Basis Per Category

Customers are responsible for identifying the lawful basis for processing candidate and recruiter personal data in their role as controller. Typical bases may include legitimate interests, contract steps requested by the candidate, consent where required, and legal obligations. LandingRoom relies on customer instructions when acting as processor and may rely on contract performance, legitimate interests, and legal obligations for its own controller activities.

Data Retention

Customer workspace data is retained for the duration of the subscription. When an account is closed, its data is permanently deleted within 30 days, unless a longer period is required by law. Candidate personal data tied to an application is retained for the customer's configured retention window (12 months after a hiring decision by default), after which it is deleted or anonymised.

Sub-processors

LandingRoom uses selected sub-processors to provide hosting, storage, email, AI processing, and import features. The current list is available on the sub-processors page.

Data Subject Rights

Data subjects may have rights to access, rectification, erasure, portability, restriction, objection, and other rights under applicable law. Where LandingRoom acts as processor, it will assist the relevant customer controller in responding to valid requests.

International Transfers

Some service providers may process data outside the European Economic Area. Where required, LandingRoom relies on appropriate safeguards such as Standard Contractual Clauses and transfer risk assessments.

Security Measures

LandingRoom applies technical and organizational measures designed to protect personal data, including encryption in transit, storage protections, authentication, and role-based access controls. More detail is available on the security page.

DPO Requests

Requests related to privacy, data protection, or DPO matters can be sent to [email protected].

Right to Complain

Data subjects have the right to complain to their competent supervisory authority if they believe their personal data has been processed unlawfully.