Skip to content

Applicant Privacy Notice

Snowlint Agency

Last updated: 16 July 2026

Snowlint Agency recruits for remote operations and creator-account support roles. This notice explains what happens to your personal data when you apply for a role through agency.snowlint.com. It sits alongside our general Privacy Policy, which covers ordinary site browsing; this notice is the detailed one for applicants.

1. Who we are (the data controller)

  • Legal entity: Arturs Vanags
  • Registered address: Rīga, Latvia (full registered address available on request via [email protected])
  • Country of establishment: Latvia
  • Company registration number: Not applicable — sole trader (self-employed individual), not a registered company
  • Privacy contact: [email protected]

We have not appointed a Data Protection Officer (not required at our scale). We are established in the EU (Latvia), so an Article 27 GDPR EU representative is not required.

2. The short version

  • Applying does not require an account or login — you fill in the application form and submit it.
  • We collect what we need to assess your application and get in touch: contact details, your answers to the role's screening questions, and, optionally, a CV.
  • Internal staff review applications behind a sign-in that's separate from anything applicants do.
  • We don't make automated decisions about your application — every review is by a person (§8).
  • Unsuccessful or inactive applications aren't kept indefinitely — each application has a retention deadline (§7).
  • You have GDPR rights over your data — email us to use them (§9).

3. What we collect, why, and our lawful basis

DataWhy we process itLawful basis (GDPR Art. 6)
Full name, email, phone/messenger contact (optional), country, time zoneTo identify you, assess your application, and contact you about itTaking steps at your request prior to entering into a contract — Art. 6(1)(b)
Your answers to the role's screening questionsTo assess your fit for the role you applied toArt. 6(1)(b)
Optional CV/resume file (filename, file type, size, and the stored file itself)To assess your qualifications and experienceArt. 6(1)(b)
Optional "source" (e.g. where you heard about the role)To understand how candidates find usLegitimate interests (recruitment-channel effectiveness) — Art. 6(1)(f)
Record that you acknowledged this notice, and which version (privacyAcknowledgedAt, privacyNoticeVersion)A transparency record confirming you were shown this notice before applying — see the note belowLegal obligation to demonstrate transparency — Art. 6(1)(c), read with Art. 5(2) accountability
Submission timestamp, status, and retention deadlineTo manage your application through our review process and know when to delete itArt. 6(1)(b); retention/deletion also serves our legitimate interest in data minimisation — Art. 6(1)(f)
Audit log of staff actions on your application (who changed status, notes, timestamps)Accountability for hiring decisions and defence against disputes (e.g. discrimination claims)Legitimate interests — Art. 6(1)(f)

On privacyAcknowledgedAt. Ticking the acknowledgement on our form confirms you were shown this notice — it is a transparency and record-keeping measure, not itself a GDPR "consent" lawful basis. The lawful basis for processing your application is set out in the table above, mainly Art. 6(1)(b) (steps taken at your request before a possible employment contract).

Is providing this data mandatory?

We can't assess your application without your name, contact details, and answers to the role's questions — those are required to apply. A CV and the optional fields (phone/messenger, source) are optional; not providing them won't disqualify you, but may make it harder for us to reach you or evaluate your background.

4. CVs and special-category data

We don't ask for, and don't want, health information, religious or philosophical beliefs, trade-union membership, sexual orientation, racial or ethnic origin, or other special categories of data (GDPR Art. 9). Please don't include this in your CV or answers unless it's genuinely necessary — for example, disclosing a disability only if you want us to consider a reasonable accommodation.

A CV can incidentally contain such information anyway (a photo, a gap explained by a health condition, membership in an organisation). If it does, we only process it to the extent needed to assess your application, we don't use it to make decisions about you beyond that, and we apply the same security and retention rules as the rest of your application.

5. Who we share your data with (sub-processors & recipients)

We don't sell your data. Internally, your application is visible to the staff involved in reviewing applications for the role you applied to. Beyond that, we use a small set of providers to run the platform:

ProviderWhat they do for usWhat they receiveWhere they processTransfer safeguard
Our EU-based hosting providerHosts the application database and staff session storeYour application data at restEU data centresEU-based processor — no third-country transfer
ResendTransactional email: your application-received confirmation and (if applicable) an interview-invite email; also staff magic-link sign-in emails, which don't involve your dataYour email address and the relevant email contentEU — Ireland (Resend region); Resend, Inc. is US-basedData Privacy Framework + Standard Contractual Clauses
CloudflareDNS, CDN, WAF, and R2 object storage for uploaded CVs/resumes in productionYour CV file (if you upload one) is stored in R2; all traffic passes through Cloudflare's networkGlobal edge network (US company)EU–US/UK/Swiss Data Privacy Framework + Standard Contractual Clauses
Google"Sign in with Google" for staff reviewing applications — optional, staff-only. Applicants never sign in and never touch Google sign-in.Staff member's Google account details (not applicant data); Google acts as an independent controller for that accountGlobal (US company)Data Privacy Framework + Standard Contractual Clauses
External interview-scheduling toolIf you're invited to interview, the invite email includes a link to an external scheduling toolClicking the link takes you to that provider's own site, subject to its own privacy terms — we don't control what it collectsSet by the scheduling providerGoverned by that provider's own terms, not ours
Our telemetry collectorFirst-party performance/error monitoring on our own EU infrastructureTechnical data (see the Privacy Policy §6); not your application contentOur own EU infrastructureFirst-party, EU-based

6. International data transfers

Our application data lives in EU data centres. Some providers we use are based in or process data in the United States (Resend and Cloudflare process EU-region data but are US-headquartered companies; Google's staff sign-in is US-based). Where personal data is transferred outside the EEA, this is protected by the EU–US Data Privacy Framework (where the provider is certified) and/or the Standard Contractual Clauses adopted by the European Commission. The external scheduling tool you may interact with after an interview invite operates under its own transfer arrangements, which we don't control. You can ask us for more detail on the relevant safeguards using the contact in §12.

7. How long we keep your data (retention)

Each application record stores a retention deadline (retentionUntil), set when you submit your application. Our current default is around six months (183 days) from the date you apply, which we consider a proportionate balance between having enough time to complete a fair review process (including reconsidering candidates for other roles) and not holding your data longer than needed.

  • Unsuccessful or inactive applications: kept until the retention deadline for review and legal-defence purposes (for example, to respond to a discrimination or fair-hiring complaint), then deleted or anonymised as a matter of policy.
  • If you're hired or otherwise progress into an ongoing relationship with us: we retain the relevant records for as long as needed for that relationship, under separate arrangements outside the scope of this notice.
  • Expired applications: an automated retention process permanently erases eligible application records, uploaded files, and applicant contact profiles that are no longer linked to another application. Applications marked as hired are excluded because their retention is governed by the subsequent working relationship.
  • Email delivery records: recipient addresses and rendered-message data held in our delivery outbox are redacted 30 days after successful delivery or permanent failure; non-personal delivery identifiers may remain to prevent duplicate sends.
  • Earlier deletion requests: where no legal reason requires continued retention, staff can permanently erase the application and its uploaded files before the deadline.
  • Staff magic-link sign-in tokens: single-use, expire after 10 minutes.
  • Staff sessions: 7 days; the Google sign-in state cookie expires after 10 minutes.
  • Staff accounts: kept for as long as someone is an active member of the review team. When someone leaves the team, their access is revoked immediately and their account data is deleted or anonymised within a reasonable period afterwards.

If you'd like your application deleted sooner than the default retention period, contact us (§9) and we'll action it, subject to any legal reason we may need to keep specific records.

8. No automated decision-making

We do not use automated processing, profiling, or scoring to shortlist, reject, or otherwise make decisions about applicants within the meaning of GDPR Article 22. Every review of your application is carried out by a person on our staff. Cloudflare Turnstile performs an automated abuse-prevention check when an application is submitted and when staff request a sign-in link. It protects the forms from automated abuse; it does not score suitability or make recruitment decisions.

9. Your rights

If you're in the EU/EEA (and in many other places), you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten"), subject to any data we must keep for legal reasons (e.g. defending against a discrimination claim within a limitation period);
  • Restrict or object to processing based on legitimate interests;
  • Data portability — receive your data in a portable format.

How to exercise them: email [email protected]. We'll respond within the time limits required by law (generally within one month) and may need to verify your identity first.

Complaints: if you think we've mishandled your data, we'd appreciate the chance to fix it first — but you have the right to lodge a complaint with a supervisory authority, including our lead authority: Datu valsts inspekcija (Data State Inspectorate of Latvia) — https://www.dvi.gov.lv.

10. Where your data comes from

Almost all of your data comes directly from you, through the application form. If your CV or answers reference a third party (for example a reference contact's name and details), please only include information you're entitled to share — that person's data is processed the same way as the rest of your application. We don't buy applicant data or scrape it from third-party sites.

11. Security

We use industry-standard technical and organisational measures — including encryption in transit, access controls limiting application data to staff involved in review, and secure staff authentication — to protect your data. No system is perfectly secure, but we work hard to protect it.

12. Children

This notice and the application process are for adult jobseekers and are not directed at children. We don't knowingly collect data from children under the applicable age of digital consent (13, the age set by Latvia under GDPR Article 8). If you believe a child has submitted an application, contact us and we'll delete it.

13. Changes to this notice

We may update this notice as our recruitment process or the law evolves. Each version is numbered, and we record which version you acknowledged (privacyNoticeVersion) at the time you applied, so later changes don't retroactively alter what you were shown. The current version always lives at agency.snowlint.com/applicant-privacy.

14. Contact

Questions, requests, or concerns about your application data:

Email: [email protected] Controller: Arturs Vanags, Rīga, Latvia (full registered address available on request) Governing law / jurisdiction for this notice: the laws of Latvia, and the courts of Latvia have exclusive jurisdiction