Privacy Policy
How LandingRoom handles personal data for customers, recruiters, and candidates.
How we handle your data
Data Controller vs Data Processor
For candidate and recruiter data entered into a customer workspace, the customer company determines the purposes and means of processing and acts as the data controller. LandingRoom processes that data only to provide the service and acts as the data processor.
LandingRoom is operated by Webtential ApS (CVR no. 44959925), Natsværmervej 48, 2610 Rødovre, Denmark, which may act as an independent controller for limited business data such as billing, account administration, service communications, and compliance records.
Categories of Data Processed
LandingRoom may process recruiter PII such as names, work email addresses, roles, authentication details, and activity metadata; candidate PII such as names, contact details, CV text, employment history, education, and profile materials; and application data such as pipeline status, notes, uploaded documents, room content, communications, evaluations, and engagement signals.
Lawful Basis Per Category
Customers are responsible for identifying the lawful basis for processing candidate and recruiter personal data in their role as controller. Typical bases may include legitimate interests, contract steps requested by the candidate, consent where required, and legal obligations. LandingRoom relies on customer instructions when acting as processor and may rely on contract performance, legitimate interests, and legal obligations for its own controller activities.
Data Retention
Customer workspace data is retained for the duration of the subscription. When an account is closed, its data is permanently deleted within 30 days, unless a longer period is required by law. Candidate personal data tied to an application is retained for the customer's configured retention window (12 months after a hiring decision by default), after which it is deleted or anonymised.
Sub-processors
LandingRoom uses selected sub-processors to provide hosting, storage, email, AI processing, and import features. The current list is available on the sub-processors page.
Data Subject Rights
Data subjects may have rights to access, rectification, erasure, portability, restriction, objection, and other rights under applicable law. Where LandingRoom acts as processor, it will assist the relevant customer controller in responding to valid requests.
International Transfers
Some service providers may process data outside the European Economic Area. Where required, LandingRoom relies on appropriate safeguards such as Standard Contractual Clauses and transfer risk assessments.
Security Measures
LandingRoom applies technical and organizational measures designed to protect personal data, including encryption in transit, storage protections, authentication, and role-based access controls. More detail is available on the security page.
DPO Requests
Requests related to privacy, data protection, or DPO matters can be sent to [email protected].
Right to Complain
Data subjects have the right to complain to their competent supervisory authority if they believe their personal data has been processed unlawfully.