Privacy Policy
Snowlint Agency
Last updated: 8 July 2026
Snowlint Agency is a public recruitment website at agency.snowlint.com. It shows open roles and job detail pages, and lets candidates submit an application. This policy covers general use of the website — browsing, contacting us, and the technical data behind that. If you submit a job application, that processing is covered by the separate Applicant Privacy Notice, which goes into more detail because applications involve more data (screening answers, an optional CV, and internal review). We don't duplicate that detail here.
1. Who we are (the data controller)
The data controller responsible for personal data processed through this website is:
- Legal entity: Arturs Vanags
- Registered address: Rīga, Latvia (full registered address available on request via [email protected])
- Country of establishment: Latvia
- Company registration number: Not applicable — sole trader (self-employed individual), not a registered company
- Privacy contact: [email protected]
We have not appointed a Data Protection Officer (not required at our scale); privacy questions go to [email protected]. We are established in the EU (Latvia), so an Article 27 GDPR EU representative is not required.
2. What this policy covers
This policy applies to anyone browsing agency.snowlint.com, contacting us directly, or (as internal staff) signing in to the admin area. It does not separately restate the job-application data flow — see the Applicant Privacy Notice for that.
3. What we collect, why, and our lawful basis
| Data | Why we process it | Lawful basis (GDPR Art. 6) |
|---|---|---|
| Technical request data (IP address, user agent, request metadata) | To operate, secure, and troubleshoot the website; rate-limiting and abuse prevention | Legitimate interests (security, reliability) — Art. 6(1)(f) |
| Account session data (see §4) | To keep signed-in users authenticated and enforce account access | Performance of a contract / legitimate interests — Art. 6(1)(b)–(f) |
| Content of emails you send us directly (e.g. to [email protected]) | To read and respond to your message | Legitimate interests (handling your enquiry) — Art. 6(1)(f), or performance of pre-contractual steps if your enquiry relates to a role — Art. 6(1)(b) |
| Telemetry: performance metrics, JavaScript errors, traces, and privacy-safe recruitment funnel events (see §6) | To monitor reliability and understand whether candidates can complete the application journey | Consent — Art. 6(1)(a) |
We don't run advertising or cross-site tracking, so there's no data collected for those purposes.
4. Account sign-in
Users can sign in using a passwordless magic link sent by email or Google sign-in. Accounts have an applicant or recruiter role, and only recruiter accounts can access application-review tools. Applying for a role does not require an account, and submitted applications are not currently linked to applicant accounts. Signing in sets a short-lived, host-only session cookie in the user's browser.
5. Cookies and browser storage
We keep this lean. We do not use advertising or cross-site tracking. Optional analytics storage is activated only after you choose “Allow analytics”.
| Cookie | Purpose | Who gets it | Lifetime |
|---|---|---|---|
__Host-agency_session | Keeps a signed-in staff member authenticated | Staff only, after sign-in | 7 days |
__Host-agency_oauth | Short-lived anti-CSRF state for the "Sign in with Google" flow | Staff only, during Google sign-in | 10 minutes |
| Cloudflare security cookies (e.g. bot-mitigation / challenge cookies) and any Turnstile challenge cookie | Set by Cloudflare in front of the site for security; Turnstile protects application submission and staff sign-in requests | Set by Cloudflare where applicable | Set by Cloudflare |
| Analytics preference stored in your browser | Remembers whether you allowed or declined optional analytics | After you make a choice | Up to 12 months |
| Anonymous analytics session stored in your browser | Groups performance, error, and application-journey events during a browsing session | Only after “Allow analytics” | Session-limited |
The authentication, security, and consent-preference storage is strictly necessary and does not require analytics consent. The anonymous analytics session is optional and remains disabled unless you allow it. A visitor who only browses job listings or submits an application never receives our staff session or OAuth cookies above. Cloudflare may set security cookies when it needs to perform a challenge.
6. Telemetry / monitoring
If you allow analytics, we run first-party performance and error monitoring (Web Vitals, JavaScript errors, and traces) sent to our own collector on our own EU infrastructure — not a third-party advertising or analytics vendor. We also record a small set of recruitment-funnel events, such as viewing a role, opening the application form, and whether submission succeeded. These events contain the job identifier, language, and bounded campaign labels where present; they do not contain applicant names, contact details, files, or form answers. We use them only to keep the site working and understand whether candidates can complete the application journey, not for advertising or cross-site tracking.
You can decline analytics without losing any site functionality. You can also change or withdraw your choice at any time through “Privacy settings” in the footer. Withdrawing stops future analytics collection in that browser; it does not affect processing that was lawful before withdrawal.
7. Who we share data with
For general site traffic, our infrastructure is:
| Provider | What they do for us | Where |
|---|---|---|
| Our EU-based hosting provider | Hosts the website's backend and databases | EU data centres |
| Cloudflare | DNS, CDN, WAF, and Turnstile for application submission and staff sign-in | Global edge network (US company); EU–US/UK/Swiss Data Privacy Framework + Standard Contractual Clauses |
| Our telemetry collector | First-party performance/error and recruitment-funnel monitoring | Our own EU infrastructure |
Job applications additionally involve email delivery, resume storage, and (for staff) Google sign-in — those sub-processors and international-transfer detail are listed in the Applicant Privacy Notice §5–6, since they only come into play once you apply.
8. Retention
- Technical/security logs are kept only as long as needed for security and troubleshooting, typically a short period.
- Emails you send us directly are kept only as long as needed to handle your enquiry, then deleted.
- Staff session cookies and sign-in tokens expire on the timelines in §5.
- Application data has its own retention policy — see the Applicant Privacy Notice §7.
9. Your rights
If you're in the EU/EEA (and in many other places), you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to data portability where applicable. To exercise these rights, email [email protected]. We'll respond within the time limits required by law (generally within one month) and may need to verify your identity first.
Complaints: if you think we've mishandled your data, we'd appreciate the chance to fix it first — but you have the right to lodge a complaint with a supervisory authority, including our lead authority: Datu valsts inspekcija (Data State Inspectorate of Latvia) — https://www.dvi.gov.lv.
10. Children
Snowlint Agency is a recruitment website for adult jobseekers and is not directed at children. We don't knowingly collect personal data from children under the applicable age of digital consent (13, the age set by Latvia under GDPR Article 8). If you believe a child has provided us data, contact us and we'll delete it.
11. Changes to this policy
We may update this policy as the site or the law evolves. When we make material changes, we'll update the "last updated" date at the top. The current version always lives at agency.snowlint.com/privacy.
12. Contact
Questions, requests, or concerns about your data:
Email: [email protected] Controller: Arturs Vanags, Rīga, Latvia (full registered address available on request) Governing law / jurisdiction for this policy: the laws of Latvia, and the courts of Latvia have exclusive jurisdiction