Cataloop OÜ (“Limbo,” “we” “us” or “Company;” for contact details see the end of this privacy policy) is committed to respecting your privacy and protecting your personal data.
This privacy policy explains how we collect, use, store, share, and otherwise process your personal data when you visit our website (https://limbo.careers) (“Website”), when you use or interact with the Limbo Application (“Application”), our AI-powered platform that helps job seekers find relevant job opportunities by conducting AI interviews and matching them with potential employers, and in the context of providing our services or communicating with you more generally.
This policy is divided into three sections:
- Website Visitors – personal data we process when you access or use our Website, including cookies and similar technologies;
- Application Users - Job Seekers and Employers – data processing in connection with the use of the Limbo Application, covering both (a) job seekers who create accounts and use our AI-powered job matching services (“Job Seekers”), and (b) employers whose data we process to provide job recommendations and facilitate connections between job seekers and potential employers (“Employers”);
- General Information – data security, international transfers, your rights under data protection laws, and how to contact us.
I. DATA PROCESSING WITH REGARD TO VISITING AND USING OUR WEBSITE
Who is Responsible for Processing Your Data
We are the data controller in relation to the personal data processed when you visit and use our Website. This means that we determine the purposes and means of the processing. Our contact details can be found at the end of this privacy policy.
Persons Affected by Data Processing, Types of Data Processed
This section and the relevant data processing applies to persons who visit and use our Website.
We may process personal data that we collect automatically (including through third-party tools) when you access or interact with our Website. This includes information about your device, browser, usage patterns, IP address, and general location. Typical data collected includes:
- pages visited and time spent on each page;
- interactions with elements of the Website;
- IP address, browser type and version, device type, operating system;
- referral URL and usage statistics.
We may also process personal data that you voluntarily provide through the Website, for example, when you sign up for marketing communications, contact us, or interact with any other feature. This may include:
- name, email address, your CV or LinkedIn;
- any communications or content you submit (e.g. via forms or chats).
Where certain information is required to use a Website feature (e.g. booking a demo), we will indicate which fields are mandatory. If you choose not to provide required data, we may not be able to respond to your request or deliver the relevant feature.
We may combine information you provide with information we collect automatically.
Purposes and Lawful Basis for Data Processing
We process the personal data described in this chapter above for the following purposes and on the following legal bases:
| Purpose | Lawful basis |
|---|---|
| To operate, maintain, and secure the Website | Our legitimate interest in providing a functional and secure Website |
| To analyse usage and improve Website performance and design | Our legitimate interest in understanding and enhancing the user experience |
| To respond to your requests (e.g. demos, enquiries, commercial discussions) | Taking steps prior to entering into a contract, or our legitimate interest in business development |
| To send you marketing communications if you have opted in | Your consent, which you may withdraw at any time via the unsubscribe link in our messages |
We may also convert personal data into aggregated or anonymised information that can no longer be linked to any individual and is not therefore considered personal data. We may use or share such data to help us analyse trends, improve features, and develop new services.
Data Retention
We retain personal data only as long as necessary to fulfil the purposes described above or to comply with applicable legal requirements. The following retention periods apply:
- Personal data collected via cookies and analytics tools is retained for a period of up to 1 year;
- Personal data you provide in contact forms or requests (e.g. waiting list) is retained for up to 1 year to manage our relationship with you and respond to any follow-up queries.
Personal data may be retained longer if required to resolve disputes, protect our rights, or comply with a legal obligation. Personal data may also be deleted earlier upon data subject request, in accordance with applicable legal acts. Please note that such data deletion requests may result in us being unable to continue the provision of all or part of our services.
Some personal data may be stored in secure backup systems for a limited time, strictly for integrity and disaster recovery purposes or as required under applicable law or compliance requirements and deleted once no longer needed.
Cookies and Tracking
We use cookies and similar technologies to distinguish you from other users, enhance Website functionality, understand usage patterns, and support relevant advertising. We use the following categories of cookies:
- Necessary cookies – essential cookies required for the operation of our Website. Cannot be disabled;
- Analytical cookies – help us understand how users interact with the Website, e.g. page visits and user flows;
- Functionality and performance cookies – enable enhanced features and customisation, such as remembering your preferences;
- Third-party cookies – set by third parties to enable analytics or advertising.
Non-essential cookies are used only with your consent, which you can manage through your browser preferences. Disabling certain cookies may impact your experience on our Website.
II. DATA PROCESSING WITH REGARD TO USING THE LIMBO APPLICATION
Who is Responsible for Processing Your Data
The Limbo Application is accessible via our Website and governed by our Service Terms or a Service Agreement, as applicable.
When providing the Limbo Application, we may act both as a data controller and a data processor, depending on the type of data and the purpose of processing, as described below.
- With respect to the contact details and other personal data relating to Job Seekers who use our Application (“Job Seeker Data”), we act as a data controller.
- With respect to job opening information and Employer data that we collect and process to provide job matching services (“Employer Data”), we act as a data controller. This includes job descriptions, company information, contact information, and other data necessary to match job seekers with relevant opportunities. We may also act as a data processor when Employers use our Application to receive job applications or communicate with Job Seekers, in which case the Employer acts as the data controller for such interactions.
Persons Affected by Data Processing, Types of Data Processed
a) Job Seekers and Job Seeker Data
This concerns individuals who create accounts and use the Limbo Application to find job opportunities. The data we may process includes:
- name, email address;
- LinkedIn profile information;
- AI interview recordings, transcripts, and analysis results;
- job preferences, career interests, and account management data.
b) Employers and Employer Data
This concerns information about Employers and job opportunities that we collect to provide job matching services to Job Seekers. Employer Data includes:
- job descriptions, requirements, and company information;
- Employer contact details and hiring manager information;
- publicly available company data and job market information;
- any other Employer-related data necessary for job matching services.
For the purposes of this privacy policy, “Employer Data” refers only to such Employer-related information that constitutes personal data within the meaning of applicable data protection laws. Non-personal employer information (such as general company descriptions or publicly available business information) is not covered by the data processing provisions of this policy.
The Limbo Application enables Job Seekers to participate in AI-led interviews and receive personalised job recommendations based on their profiles, preferences, and interview responses. These recommendations are provided to help Job Seekers discover relevant opportunities and do not result in any automated decision-making regarding hiring. All hiring decisions remain with the respective Employers. Job Seekers retain full control over which opportunities to pursue and how to present themselves to potential Employers. Job Seekers can at all times unsubscribe from receiving information on job openings either through the Application or by clicking the “unsubscribe” link in the relevant e-mail.
We do not process any special categories of personal data (as defined under Article 9 GDPR), and the Limbo Application is not intended to collect or analyse biometric or otherwise sensitive data. If any such data is inadvertently submitted, the person submitting such data remains responsible for ensuring a lawful basis exists.
Purposes and Lawful Basis for Data Processing
We process the personal data described in this chapter above for the following purposes and on the following legal bases:
| Data | Role | Purpose | Lawful Basis |
|---|---|---|---|
| Job Seeker Data | Controller | Account management, service provision, AI interview analysis, job matching, communication with Job Seekers, support services | Contract performance (for account creation and job matching services) and our legitimate interests (service improvement, communication) |
| Employer Data | Controller | Collect and process job opening information to provide job matching services to job seekers | Our legitimate interests in providing job matching services and facilitating connections between job seekers and employers |
| Employer Data | Processor | Facilitate communications between Job Seekers and Employers, process applications and interactions on behalf of Employers | Processing on behalf of and under instructions from Employers as data controllers |
As a controller, we may also process Job Seeker Data and Employer Data in an anonymised form to maintain and improve the performance of the Limbo Application, develop new features and improve our AI models, and perform statistical or quality analysis. Such processing is based on our legitimate interest in improving our services. Personal data will be anonymised prior to use for these purposes, and the resulting data will no longer be linked to an identifiable individual.
Data Retention
We retain personal data only for as long as necessary to fulfil the relevant purposes or comply with legal requirements. The following retention periods apply:
- Job Seeker Data is retained for the duration of your account being active and will be permanently deleted within 90 days of deletion of your account. We will delete your account automatically if there has been no account activity for 3 years;
- Employer Data is retained (i) when we act as a data controller, as long as necessary to provide job matching services and up to 90 days thereafter, and (ii) when we act as a data processor, for the duration of the relevant data processing relationship and up to 90 days thereafter, unless otherwise required by applicable law;
- Certain data (e.g. for accounting or tax purposes) may be retained for up to ten years.
Personal data may also be deleted earlier upon data subject request, in accordance with applicable data protection laws. Please note that such data deletion requests may result in us being unable to continue the provision of all or part of our services.
Some personal data may be stored in secure backup systems for a limited time, strictly for integrity and disaster recovery purposes or as required under applicable law or compliance requirements and deleted once no longer needed.
III. GENERAL REGULATION
Storing and Transferring Your Personal Data
We implement appropriate technical and organisational measures to protect personal data, including Customer Personnel Data and Candidate Data, against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. This includes encryption of data in transit and at rest, strict access controls, and internal bias mitigation measures in connection with AI model development.
All data we process is hosted on secure infrastructure within the European Union. As of the date of this policy, we do not transfer personal data outside the EU/EEA. Should such transfers become necessary, we will implement appropriate safeguards and shall ensure that such transfers are carried out in compliance with Chapter V of the GDPR and on the basis of an adequacy decision by the European Commission or Standard Contractual Clauses approved by the European Commission.
If you would like further information about such safeguards, you may contact us using the details below.
Recipients
We may share personal data with trusted third-party service providers that perform services for us or on our behalf. These services include hosting and infrastructure providers, communication and customer support platforms, AI language model and transcription tools, analytics, security, and fraud prevention services.
Our list of current subprocessors is available here.
We may also disclose personal data if required by law, such as in response to court orders or requests from data protection authorities. In doing so, we will ensure that such disclosure is based on a valid legal basis.
Additionally, we may share personal data in the context of investigating suspected contract breaches or unlawful conduct, or in connection with the legitimate exercise or defence of legal rights. In such cases, data may be disclosed to legal advisors, law enforcement, or other appropriate authorities.
If we are involved in a merger, acquisition, reorganisation, asset sale, funding or financing round, personal data may be shared with parties to the transaction and their professional advisors, subject to appropriate confidentiality arrangements and strictly to the extent required for achieving the good faith purpose of any of the transactions described above, as relevant.
Your Rights
To the extent that we act as a data controller in connection with your personal data, you have the following rights under applicable data protection laws:
- Right to Information: you have the right to obtainclear and transparent information about how we process your personal data, including the purposes for the processing and the lawful basis;
- Right of Access: you may request access to your personal data processed by us, including a copy of such data;
- Right to Data Portability: you may request that we provide your personal data in a structured, commonly used, and machine-readable format, or that wetransfer your data directly to another controller, where technically feasible;
- Right to Rectification: if your personal data is inaccurate or incomplete, you have the right to request correction or completion of the data held by us;
- Right to Restrict Processing: you may request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful, or when you need the data for legal claims, and we no longer require it for processing purposes;
- Right to Object: you have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. In such cases, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is required for legal claims;
- Right to Erasure: you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. This right is subject to exceptions, such as where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims;
- Right to Withdraw Consent:if our processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
- Right to Lodge a Complaint:if you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.
Where we act as a processor (e.g. when facilitating communications between Job Seekers and Employers on behalf of Employers), data subject rights should be exercised directly against the relevant employer (the data controller). We will assist Employers in responding to any such requests as required by applicable law.
Amendments to the Privacy Policy
We may update this privacy policy from time to time. If we make material changes, we will provide reasonable notice (e.g. via our Website or by email). The effective date will always be shown at the top of this policy. We encourage you to review this page periodically.
Contacting Us
If you have any questions, comments, or requests regarding this privacy policy or our processing of your personal data, please contact us at:
- Cataloop OÜ
- Estonian commercial register code: 17020739
- Registered address: Telliskivi tn 57b/1, 10412 Tallinn, Estonia
- E-mail address: info@limbo.careers
Our supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee).