EndeavrlyBack to Home

Privacy Policy

Last updated: [DATE]

Placeholder - Replace with actual legal text

1. Introduction

[PLACEHOLDER: Introduce your privacy policy. Explain that this policy describes how Endeavrly collects, uses, and shares personal information. Reference GDPR compliance and Norwegian data protection law (Personopplysningsloven).]

2. Data Controller

[PLACEHOLDER: Identify who is responsible for data processing:]

  • Company name: [Your company name]
  • Organization number: [Norwegian org number]
  • Address: [Your registered address]
  • Email: [privacy@endeavrly.com]
  • Data Protection Officer (if applicable): [Contact details]

3. Information We Collect

3.1 Information You Provide

[PLACEHOLDER: List all data collected directly from users:]

  • Account information (email, password)
  • Profile information (name, age bracket, skills, profile photo)
  • Job application data
  • Messages and communications
  • Payment information (if applicable)

3.2 Information Collected Automatically

[PLACEHOLDER: List automatically collected data:]

  • Device information
  • IP address
  • Browser type
  • Usage data and analytics
  • Cookies (reference Cookie Policy)

3.3 Special Categories of Data

[PLACEHOLDER: Address any sensitive data. Note: Age data for minors requires special consideration under GDPR Article 8.]

4. How We Use Your Information

[PLACEHOLDER: Explain all purposes for data processing:]

  • Providing and maintaining the platform
  • Matching youth with job opportunities
  • Communicating with users
  • Processing applications and payments
  • Improving our services
  • Ensuring safety and security
  • Compliance with legal obligations

5. Legal Basis for Processing

[PLACEHOLDER: Under GDPR, explain the legal basis for each type of processing:]

  • Contract: Processing necessary to provide our services
  • Consent: Where you have given explicit consent (e.g., marketing)
  • Legitimate Interests: For improving and securing our services
  • Legal Obligation: Where required by law

[PLACEHOLDER: Note special rules for processing data of minors under 16 - requires parental consent under GDPR Article 8.]

6. Data Sharing and Disclosure

6.1 Sharing Between Users

[PLACEHOLDER: Explain what information is shared between youth and employers when they connect through the platform.]

6.2 Third-Party Service Providers

[PLACEHOLDER: List categories of third-party processors:]

  • Hosting providers (e.g., Vercel, Supabase)
  • Authentication services
  • Payment processors (if applicable)
  • Analytics providers
  • Email service providers

6.3 Legal Requirements

[PLACEHOLDER: Explain when data may be disclosed to authorities.]

7. International Data Transfers

[PLACEHOLDER: If using services outside the EEA (e.g., US-based services), explain the safeguards in place such as Standard Contractual Clauses or EU-US Data Privacy Framework.]

8. Data Retention

[PLACEHOLDER: Explain how long different types of data are kept:]

  • Active account data: Duration of account
  • Deleted accounts: [X days/months]
  • Job posting history: [X months/years]
  • Application data: [X months/years]
  • Legal/compliance records: As required by law

9. Your Rights

[PLACEHOLDER: Under GDPR, users have the following rights:]

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing
  • Right to Withdraw Consent: Withdraw consent at any time

[PLACEHOLDER: Explain how users can exercise these rights (email, in-app settings, etc.)]

10. Children's Privacy

[PLACEHOLDER: Important section for a youth platform. Address:]

  • Minimum age requirements
  • Parental consent requirements for users under 16
  • Additional protections for minor users
  • How parents/guardians can manage their child's data

11. Data Security

[PLACEHOLDER: Describe security measures in place:]

  • Encryption (in transit and at rest)
  • Access controls
  • Regular security assessments
  • Employee training
  • Incident response procedures

12. Changes to This Policy

[PLACEHOLDER: Explain how users will be notified of privacy policy changes and when changes take effect.]

13. Complaints

[PLACEHOLDER: Explain how to lodge complaints:]

  • Contact us first at: [privacy@endeavrly.com]
  • Norwegian Data Protection Authority (Datatilsynet): datatilsynet.no

14. Contact Us

[PLACEHOLDER: Provide contact information for privacy inquiries:]

  • Email: [privacy@endeavrly.com]
  • Address: [Your registered business address]

Important Notes for Implementation:

  • Have this policy reviewed by a GDPR/data protection specialist
  • Ensure compliance with Norwegian Data Protection Authority guidelines
  • Special attention needed for processing data of minors (under 16)
  • Document all data processing activities in a Record of Processing Activities (ROPA)
  • Consider appointing a Data Protection Officer if required
  • Keep this policy updated as your data practices change