Skip to content

Privacy Policy

Snowlint Agency

Last updated: 8 July 2026

Snowlint Agency is a public recruitment website at agency.snowlint.com. It shows open roles and job detail pages, and lets candidates submit an application. This policy covers general use of the website — browsing, contacting us, and the technical data behind that. If you submit a job application, that processing is covered by the separate Applicant Privacy Notice, which goes into more detail because applications involve more data (screening answers, an optional CV, and internal review). We don't duplicate that detail here.

1. Who we are (the data controller)

The data controller responsible for personal data processed through this website is:

  • Legal entity: Arturs Vanags
  • Registered address: Rīga, Latvia (full registered address available on request via [email protected])
  • Country of establishment: Latvia
  • Company registration number: Not applicable — sole trader (self-employed individual), not a registered company
  • Privacy contact: [email protected]

We have not appointed a Data Protection Officer (not required at our scale); privacy questions go to [email protected]. We are established in the EU (Latvia), so an Article 27 GDPR EU representative is not required.

2. What this policy covers

This policy applies to anyone browsing agency.snowlint.com, contacting us directly, or (as internal staff) signing in to the admin area. It does not separately restate the job-application data flow — see the Applicant Privacy Notice for that.

3. What we collect, why, and our lawful basis

DataWhy we process itLawful basis (GDPR Art. 6)
Technical request data (IP address, user agent, request metadata)To operate, secure, and troubleshoot the website; rate-limiting and abuse preventionLegitimate interests (security, reliability) — Art. 6(1)(f)
Account session data (see §4)To keep signed-in users authenticated and enforce account accessPerformance of a contract / legitimate interests — Art. 6(1)(b)–(f)
Content of emails you send us directly (e.g. to [email protected])To read and respond to your messageLegitimate interests (handling your enquiry) — Art. 6(1)(f), or performance of pre-contractual steps if your enquiry relates to a role — Art. 6(1)(b)
Telemetry: performance metrics, JavaScript errors, traces, and privacy-safe recruitment funnel events (see §6)To monitor reliability and understand whether candidates can complete the application journeyConsent — Art. 6(1)(a)

We don't run advertising or cross-site tracking, so there's no data collected for those purposes.

4. Account sign-in

Users can sign in using a passwordless magic link sent by email or Google sign-in. Accounts have an applicant or recruiter role, and only recruiter accounts can access application-review tools. Applying for a role does not require an account, and submitted applications are not currently linked to applicant accounts. Signing in sets a short-lived, host-only session cookie in the user's browser.

5. Cookies and browser storage

We keep this lean. We do not use advertising or cross-site tracking. Optional analytics storage is activated only after you choose “Allow analytics”.

CookiePurposeWho gets itLifetime
__Host-agency_sessionKeeps a signed-in staff member authenticatedStaff only, after sign-in7 days
__Host-agency_oauthShort-lived anti-CSRF state for the "Sign in with Google" flowStaff only, during Google sign-in10 minutes
Cloudflare security cookies (e.g. bot-mitigation / challenge cookies) and any Turnstile challenge cookieSet by Cloudflare in front of the site for security; Turnstile protects application submission and staff sign-in requestsSet by Cloudflare where applicableSet by Cloudflare
Analytics preference stored in your browserRemembers whether you allowed or declined optional analyticsAfter you make a choiceUp to 12 months
Anonymous analytics session stored in your browserGroups performance, error, and application-journey events during a browsing sessionOnly after “Allow analytics”Session-limited

The authentication, security, and consent-preference storage is strictly necessary and does not require analytics consent. The anonymous analytics session is optional and remains disabled unless you allow it. A visitor who only browses job listings or submits an application never receives our staff session or OAuth cookies above. Cloudflare may set security cookies when it needs to perform a challenge.

6. Telemetry / monitoring

If you allow analytics, we run first-party performance and error monitoring (Web Vitals, JavaScript errors, and traces) sent to our own collector on our own EU infrastructure — not a third-party advertising or analytics vendor. We also record a small set of recruitment-funnel events, such as viewing a role, opening the application form, and whether submission succeeded. These events contain the job identifier, language, and bounded campaign labels where present; they do not contain applicant names, contact details, files, or form answers. We use them only to keep the site working and understand whether candidates can complete the application journey, not for advertising or cross-site tracking.

You can decline analytics without losing any site functionality. You can also change or withdraw your choice at any time through “Privacy settings” in the footer. Withdrawing stops future analytics collection in that browser; it does not affect processing that was lawful before withdrawal.

7. Who we share data with

For general site traffic, our infrastructure is:

ProviderWhat they do for usWhere
Our EU-based hosting providerHosts the website's backend and databasesEU data centres
CloudflareDNS, CDN, WAF, and Turnstile for application submission and staff sign-inGlobal edge network (US company); EU–US/UK/Swiss Data Privacy Framework + Standard Contractual Clauses
Our telemetry collectorFirst-party performance/error and recruitment-funnel monitoringOur own EU infrastructure

Job applications additionally involve email delivery, resume storage, and (for staff) Google sign-in — those sub-processors and international-transfer detail are listed in the Applicant Privacy Notice §5–6, since they only come into play once you apply.

8. Retention

  • Technical/security logs are kept only as long as needed for security and troubleshooting, typically a short period.
  • Emails you send us directly are kept only as long as needed to handle your enquiry, then deleted.
  • Staff session cookies and sign-in tokens expire on the timelines in §5.
  • Application data has its own retention policy — see the Applicant Privacy Notice §7.

9. Your rights

If you're in the EU/EEA (and in many other places), you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to data portability where applicable. To exercise these rights, email [email protected]. We'll respond within the time limits required by law (generally within one month) and may need to verify your identity first.

Complaints: if you think we've mishandled your data, we'd appreciate the chance to fix it first — but you have the right to lodge a complaint with a supervisory authority, including our lead authority: Datu valsts inspekcija (Data State Inspectorate of Latvia) — https://www.dvi.gov.lv.

10. Children

Snowlint Agency is a recruitment website for adult jobseekers and is not directed at children. We don't knowingly collect personal data from children under the applicable age of digital consent (13, the age set by Latvia under GDPR Article 8). If you believe a child has provided us data, contact us and we'll delete it.

11. Changes to this policy

We may update this policy as the site or the law evolves. When we make material changes, we'll update the "last updated" date at the top. The current version always lives at agency.snowlint.com/privacy.

12. Contact

Questions, requests, or concerns about your data:

Email: [email protected] Controller: Arturs Vanags, Rīga, Latvia (full registered address available on request) Governing law / jurisdiction for this policy: the laws of Latvia, and the courts of Latvia have exclusive jurisdiction