Privacy Policy

OpeningsPortal is operated by Slimme Brug Solutions LLC (company identifier: 2025-001675240), 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801, United States("OpeningsPortal", "we", "us").

Privacy enquiries: privacy@openingsportal.com. We have not appointed a Data Protection Officer. Where law does not require a DPO, we handle privacy requests through this contact. We will assess DPO requirements if our processing activities change materially.

This policy covers:

• Visitors to our marketing website;
• Users with recruiter, agency, or platform-operator workspaces (business users);
• Candidates who register through a recruitment partner's OpeningsPortal workflow link.

It does not govern relationships solely between recruiters, agencies, and candidates where those parties act independently of our instructions. Separate contracts may apply to paid services, invoicing, and data-processing terms.

Business users (recruiters, agencies, platform operators): For account, billing, and workspace data necessary to provide the service, Slimme Brug Solutions LLC acts as a data controller (or equivalent under US state privacy laws), determining how that data is used to operate OpeningsPortal.

Candidate data: OpeningsPortal is generally a data processor (service provider) only. The recruitment partner and/or staffing agency that invites the candidate determines the purposes of processing, retention periods, and lawful bases — including consent presented at candidate registration. We process candidate personal data solely on documented instructions from those controllers, to provide the platform, except where we must process data as required by applicable law.

No responsibility for controller decisions: We do not control how controllers use candidate data after it leaves the platform, and we are not responsible for the accuracy, legality, or completeness of vacancy listings, hiring decisions, or communications sent by controllers outside the platform.

Business users: name, business contact details, email, authentication identifiers, role and permissions, organisation settings, recruiter branding (e.g. logos and colours), activity logs, billing references, and support correspondence.

Candidates (processor scope): registration and profile fields, application responses, employment-related information submitted through the workflow, vacancy and proposal metadata, placement status, worked hours, and commission-related records visible in the workflow. We do not describe or warrant storage of separate candidate document uploads in this policy; if such features are introduced, controllers remain responsible for their lawfulness and notices.

Technical data: IP address, browser/device information, session and security logs, and strictly necessary cookies (see Section 9).

We process data to:

• Provide, maintain, and secure the platform;
• Authenticate users and enforce role-based access;
• Operate recruitment workflows instructed by controllers;
• Record hours and commission data as configured in the platform;
• Process payments where applicable;
• Comply with law and protect rights, safety, and integrity of the service.

For business users in the EU/UK, typical bases include contract performance, legitimate interests in operating a secure B2B platform, and legal obligation. For candidate data we process as processor, the controller's stated basis (often consent at registration) applies; we rely on the controller's instructions and our processing agreement.

We do not sell personal data. We do not use candidate data for our own independent marketing purposes.

We may disclose data to:

• Other platform users according to permissions (e.g. an agency viewing proposals for its vacancies);
• Subprocessors that help us run the service, including:
  • SiteGround — website and application hosting (primary storage in the EU);
  • Stripe — payment processing for United States billing where card payments apply;
  • SEPA invoice billing — EU customers may receive invoices; limited billing contact and transaction references are processed for accounts receivable;
  • In-platform email (when deployed) — transactional messages sent from the application;
  • Analytics, CDN, and performance tools (when deployed) — only with appropriate notices and, where required, consent for non-essential technologies.
• Professional advisers and authorities when required by law or to defend legal claims.

We maintain subprocessors under written terms requiring appropriate confidentiality and security. An up-to-date list is available on request at privacy@openingsportal.com.

Primary storage and processing of platform data is in the European Union. We do not intentionally transfer personal data to countries outside the European Union or United States, except where a subprocessor operates in those regions (e.g. Stripe in the US, or our US company management) and appropriate contractual safeguards apply (such as Standard Contractual Clauses or equivalent mechanisms where required).

Controllers are responsible for ensuring their own transfers to candidates and third parties comply with applicable law.

Business user accounts: When an account is closed, we delete associated personal data within a reasonable period, except where we must retain limited records for legal, tax, audit, or dispute purposes.

Candidate data (processor): Retention periods are defined by the controller at candidate registration (including consent text). When instructed by the controller or upon account/project closure in accordance with our terms, we delete or return processor-held data. Candidates should contact the recruiting organisation that invited them to exercise rights against the controller.

Logs and backups: Security logs and encrypted backups may persist for a limited period before automatic purging.

Today: We use strictly necessary cookies and similar technologies for session management, security, and basic operation of the site and platform.

Planned: As we add analytics, CDN, SEO, and performance tooling for a production-grade public website, we will implement a cookie approach aligned with EU and US expectations — including a consent mechanism for non-essential cookies where required, and documentation of each tool before it goes live.

Marketing: We do not send newsletter or commercial email campaigns at this time. If we introduce them, we will do so only with a lawful basis (typically opt-in consent) and update this policy beforehand.

We apply measures appropriate to a B2B SaaS platform, including access controls, encryption in transit, and monitoring. No system is completely secure; users must protect credentials and notify us of suspected incidents at privacy@openingsportal.com.

EU/UK individuals (business users): You may have rights of access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority. Contact privacy@openingsportal.com. We respond within applicable time limits.

US residents: Depending on your state, you may have rights to know, access, delete, or correct personal information, and to opt out of certain processing. We do not sell personal information as defined by applicable state laws.

Candidates: Please direct requests to the recruitment partner or agency that controls your data. We will assist controllers with technically feasible requests under our processor role.

OpeningsPortal is for adults only. Registration requires confirmation that the user is at least 18 years old. We do not knowingly collect data from minors and will delete such data if we become aware of it.

To the fullest extent permitted by law, OpeningsPortal is provided "as is". Our liability for privacy-related claims is limited as set out in our applicable terms of service and governing law provisions. Nothing in this policy expands our liability beyond those terms. Controllers remain solely responsible for their compliance obligations toward candidates and employees.

We may update this policy to reflect legal, technical, or business changes. The "Last updated" date will change accordingly. Material changes may be communicated via the platform or email where appropriate. Continued use after the effective date constitutes notice of the updated policy where permitted by law.

Slimme Brug Solutions LLC
1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801, United States
Email: privacy@openingsportal.com