Modern Data Practices for Global Talent

1) Who We Are (Controller)

UAB Skillaxis, operating as Sufoniq (the “Company,” “we,” “us,” or “our”), is the data controller for the processing activities described in this policy, unless otherwise stated.

• Legal entity: UAB Skillaxis
• Company code: 307395574
• Registered address: Architektų g. 56-101, LT-04111, Vilnius, Lithuania
• Trading/brand name: Sufoniq (sufoniq.com)
• EU/EEA establishment: Lithuania
• UK representative (UK GDPR Art. 27): We target users in the UK. Our UK representative details will be published at /legal/uk-representative once appointed. Until then, UK users can contact our DPO below.
• Data Protection Officer (DPO): privacy@sufoniq.com

Where we provide services to employers or other clients who instruct us (e.g., background screening facilitated by a partner), we may act as a processor and the client is the controller; their privacy policy applies to their own use of personal data.

2) Scope

This policy applies to our websites, web and mobile apps, and services that link to it (collectively, the “Services”). It covers users such as job seekers, talent, employer contacts, and visitors.

3) At-a-glance Summary

• We collect account, profile/CV, usage, device, and approximate location data.
• We use AI models to extract skills, match opportunities, and personalize guidance. Outputs are decision support; humans make final hiring decisions.
• We do not sell or share personal information for cross-context behavioral advertising.
• You have rights to access, correct, delete, port, and object, and to appeal where applicable.
• International transfers are protected by Standard Contractual Clauses (and UK IDTA where applicable).
• Retention is limited and purpose-based (see Retention).

4) Data We Collect

We collect the following categories (examples are illustrative):

• Identifiers & contact — name, email, phone, country, account IDs.
• Professional & CV data — employment history, skills, education, certificates, portfolio links.
• Inferences & profile signals — derived skills, seniority, job match scores.
• Device & internet activity — IP address, device type, OS, browser, pages viewed, events (crash logs).
• Approximate location — city/country based on IP or user preference.
• Support & communications — messages, tickets, survey responses.
• Partner data — (if you choose) information from background-check and mobility partners, or publicly available professional sources.

Children: Our Services are not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

5) Sources of Data

• Directly from you (account creation, profile uploads, forms, communications).
• Automatically from your device and interactions (cookies, SDKs, logs).
• From partners and publicly available professional sources, under contract or where permitted by law.

6) Notice at Collection (California/CPRA)

Right to opt-out: We do not sell/share PI. You can still reach us for any request at privacy@sufoniq.com.

Limit SPI: If SPI is collected for a limited purpose, we use it only for that purpose and permit you to limit additional uses.

7) Purposes & Legal Bases (GDPR/EEA)

Legitimate interests: providing relevant opportunities, protecting platform integrity, and improving the Services. You may object at any time; see Rights below. For Sensitive Personal Information collected for compliance/background checks, we limit use to those purposes and provide controls on request at privacy@sufoniq.com.

8) AI, Profiling & Human Oversight

We use machine learning to: (i) parse CVs and extract skills; (ii) align experience to role requirements; (iii) compute match scores; (iv) suggest destinations and relocation pathways.

• Models are routinely evaluated for fairness, drift, and relevance; we monitor for disparate impact indicators.
• Outputs are assistive. Employers and Sufoniq staff make final decisions.
• Your rights: request human review, express your view, and contest a recommendation; you may object to profiling used for personalization.

9) Cookies & Tracking

• By default, we use essential cookies for authentication, security, and load-balancing.
• Non-essential analytics/personalization cookies will operate only if we enable them and obtain your consent in the EEA/UK.
• You can manage preferences via our banner (when present) or your browser settings.

Unsure whether your current build sets any cookies? Open DevTools → Application/Storage → Cookies. If none appear beyond session/auth, you’re using essential-only at this time.

10) Sharing & Disclosures

We do not sell or share PI for cross-context behavioral advertising. We disclose data as follows:

• Service providers (processors): cloud hosting, analytics (if enabled), support tooling, document parsing, background screening facilitators, and mobility partners—each under a Data Processing Agreement.
• Employers & independent controllers: when you apply to a role or request introduction, the employer (or partner) becomes an independent controller; their notices govern their use.
• Legal & safety: to comply with law, enforce terms, or protect rights, safety, or security.
• Corporate events: in a merger, acquisition, or reorganization, we may transfer data subject to this policy and law.

11) International Transfers

If data is transferred outside the EEA/UK, we use Standard Contractual Clauses (and the UK IDTA where applicable), implement supplementary measures where required, and rely on adequacy decisions where available. You may request a copy of relevant safeguards.

12) Retention

We keep personal data only as long as necessary for the purposes described or as required by law. Examples:

We periodically de-identify and aggregate data for metrics and product improvement.

13) Your Rights & Privacy Choices

EEA/UK: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.

US (CA, CO, CT, VA, UT): know/access, delete, correct, portability, opt-out of sale/share/targeted advertising, limit SPI, and appeal a rights decision (where applicable).

Marketing choices: We send product/service emails necessary to operate the Services. Marketing emails are sent only with your consent in the EEA/UK. You can withdraw consent or opt out at any time via the unsubscribe link or by emailing privacy@sufoniq.com.

SPI limits: Where we collect Sensitive Personal Information (e.g., national IDs for compliance or background checks), we limit its use to the specific purpose. For limits or questions, contact privacy@sufoniq.com.

How to exercise rights: Email privacy@sufoniq.com. Expected timelines: 1 month (GDPR; extendable by 2 months if complex) and 45 days (CCPA/CPRA; extendable by 45 days where reasonable).

14) Cookie List (current)

Below is our current cookie overview. If non-essential analytics are not enabled in your region, only essential cookies will appear.

To check your current build: DevTools → Application/Storage → Cookies.

15) Security

We implement defense-in-depth controls: encryption in transit and at rest; role-based, least-privilege access; zero-trust network posture; vulnerability management and logging/monitoring; vendor due diligence; and incident response procedures. No system is perfectly secure; we cannot guarantee absolute security.

16) Changes to this policy

We may update this policy from time to time. We will post the updated version with a new effective date and, if changes are material, provide a more prominent notice or obtain consent where required.

17) Contact Us

Data Protection Officer: privacy@sufoniq.com

Postal address: UAB Skillaxis (Sufoniq), Architektų g. 56-101, LT-04111, Vilnius, Lithuania

Supervisory authority (EU): You have the right to lodge a complaint with your local authority. In Lithuania: State Data Protection Inspectorate (vdai.lrv.lt).

United States: For CPRA purposes, you may contact us at privacy@sufoniq.com.