Privacy Policy

General information
  1. Controller
  • ErabliereApi (referred to in this policy as "we", "us" or "ErabliereApi") is the controller responsible for the processing of personal data described in this policy.
  • Contact for privacy matters: Data Protection Officer (or privacy contact)
  • This policy describes what personal data we collect, why we collect it, how we use and protect it, who we share it with, how long we keep it, and the rights you have.
  1. Scope and applicability
  • This policy applies to personal data processed by ErabliereApi in the course of providing our services, operating our website and applications, recruiting and employing staff, and carrying out business operations.
  • If you are a customer, user, job applicant, contractor, supplier, website visitor or otherwise interact with ErabliereApi, this policy explains how your personal data is handled.

Definitions
    • Personal data: any information relating to an identified or identifiable natural person (for example name, email address, IP address).
    • Special categories of data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, sex life or sexual orientation. We generally do not process special categories except where necessary and lawful (for example health data required for employment accommodations).
    • Processing: any operation or set of operations performed on personal data (collection, storage, use, disclosure, erasure, etc.).
    • Controller: the natural or legal person who determines the purposes and means of processing personal data (ErabliereApi).
    • Processor: an organization that processes personal data on behalf of the controller (third-party service providers).
    • Consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data.
    • Anonymization: processing to irreversibly prevent identification of the data subject. Pseudonymization: processing that replaces identifying fields so data can’t be attributed without additional information kept separately.
    • Personal Data Processing
    1. Categories of personal data we collectWe collect personal data necessary to provide services and operate our business, which may include:
    • Identity and contact data: name, username, email, phone number, postal address.
    • Account and credentials: login details, hashed passwords, profile information.
    • Transaction data: order history, billing and payment details (processed via third-party payment providers).
    • Technical and usage data: IP address, device identifiers, browser and OS, cookies, usage logs, preferred settings, analytics.
    • Communications data: messages you send to us via email, chat, support requests, call recordings where applicable (with notice).
    • Location data: where you permit location services or when inferred from IP.
    • Employment and recruitment data: CVs, work history, references, identification documents, eligibility-to-work information (for applicants and employees).
    • Customer support and CRM data: contract, support tickets, account preferences and interactions.
    • Marketing preferences and consent records.
    1. Purposes of processing and lawful basesWe process personal data for the following purposes, on these lawful bases:
    • To provide services and fulfill contracts (Contract performance): creating and managing accounts, processing orders/payments, delivering services, support and billing.
    • For legitimate business interests (Legitimate interests): improving products and services, fraud prevention and security, business planning, enforcing terms and preventing abuse, internal analytics and development, direct marketing where permitted — provided these interests are not overridden by your rights.
    • With consent (Consent): sending promotional or marketing communications, setting non-essential cookies, and other optional features. Consent is required where law mandates.
    • To comply with legal obligations (Legal obligation): tax, accounting, record-keeping, compliance with legal or regulatory requests from authorities.
    • For recruitment and human resources management (Contract/Lawful obligation/Legitimate interests): evaluating candidates, managing employment relationships, payroll, benefits, performance and safety.
    1. Data recipients and third parties
    • We share personal data with:
      • Service providers and subprocessors (hosting providers, payment processors, email and messaging services, CRM, analytics and marketing platforms, customer support platforms).
      • Professional advisors and auditors (legal, accounting, tax).
      • Third parties involved in a business transfer, merger or reorganization (subject to confidentiality and secure handling).
      • Public authorities and law enforcement when required by law or to protect legal rights.
    • We use written agreements (data processing agreements) to require subprocessors to keep data secure and only process it according to our instructions.
    1. International transfers
    • Data may be transferred and stored outside your country of residence (e.g., to the United States or other jurisdictions). Where transfers occur from the EU/EEA, we rely on adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules or other lawful transfer mechanisms as required by applicable law.
    1. Retention
    • We retain personal data only as long as necessary for the purposes for which it was collected and to meet legal and regulatory obligations.
    • Typical retention periods (examples):
      • Customer account data: while the account is active and for up to X years after closure for legal, tax or dispute resolution purposes (commonly up to 7–10 years for accounting records where required).
      • Transaction and billing records: as required by law (commonly 6–10 years).
      • Marketing consents and preferences: until withdrawn plus a short period for record-keeping.
      • Recruitment data: typically up to 1–2 years after the recruitment process ends unless otherwise required.
    • Specific retention periods may vary by jurisdiction and law. Contact us if you need exact retention schedules.
    1. Security
    • We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. Measures may include encryption, access controls, authentication, logging, network security, employee training and contractual safeguards with subprocessors.
    • No system is completely secure; we will notify affected data subjects and relevant supervisory authorities of breaches where required by law, typically within 72 hours of becoming aware when required.
    1. Automated decision-making and profiling
    • We may use automated means for certain operational tasks (for example, fraud detection or personalized product recommendations). Where automated decisions produce legal effects or significantly affect you, you have rights to obtain human intervention, express your point of view, and contest the decision. We will obtain explicit consent if required by law before making solely automated decisions with legal or similarly significant effects.
    1. Cookies and similar technologies
    • Our website uses cookies and similar technologies for essential functionality, analytics and (with consent) marketing.
    • Essential cookies are required for the site to operate. Non-essential cookies (analytics, performance, advertising) require your consent where law requires and can be disabled through cookie settings or your browser preferences.
    • You can manage cookie preferences via the cookie banner on first visit or through your browser/device settings.

    Consents
    1. How we obtain and record consent
    • Where consent is the lawful basis for processing (for example, marketing communications or non-essential cookies), we ask for a clear affirmative action (e.g., checking an unchecked box, clicking “I agree”).
    • We keep records of consents (who consented, when, what information was provided, and how consent was given).
    1. Withdrawing consent
    • You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
    • Methods to withdraw consent:
      • Click “unsubscribe” or “manage preferences” in marketing emails.
      • Change cookie settings via the cookie banner or your browser.
      • Contact us at dpo@erabliereapi.example or use any other contact methods provided on our website.
    • After withdrawal, we will stop processing for the purposes that required consent, but we may retain limited data where we have a separate lawful basis (e.g., compliance with legal obligations).
    1. Consequences of refusing or withdrawing consent
    • If you refuse to provide or later withdraw consent for non-essential processing (for example, marketing or optional personalization), you may still use our core products and services, but some optional features may become unavailable.
    • If you refuse to provide or withdraw consent for data necessary to perform a contract, we may not be able to provide the requested service or complete a transaction.

    Data subject rights and exercising them

    • You have rights in relation to your personal data, subject to applicable law. These include:
      • Right of access: request confirmation whether we process your data and obtain a copy.
      • Right to rectification: correct inaccurate or incomplete data.
      • Right to erasure (“right to be forgotten”): request deletion where lawful (subject to retention obligations).
      • Right to restriction of processing: ask us to limit how we use your data in certain circumstances.
      • Right to data portability: obtain a copy of your data in a structured, commonly used, machine-readable format where applicable.
      • Right to object: object to processing based on legitimate interests or direct marketing, including profiling related to marketing.
      • Right to withdraw consent: where processing is based on consent.
      • Right to lodge a complaint with a supervisory authority: you may complain to your local data protection authority (for EU/EEA residents, this is the lead supervisory authority in your Member State).
    • How to exercise your rights: contact us at dpo@erabliereapi.example or by postal mail at the address above. We may ask you to verify your identity. We will respond within the timeframes required by applicable law (generally within one month, extendable where justified).

    Children

    • Our services are not directed to children under the age required by local law (commonly 13 or 16). We do not knowingly collect personal data from children without parental consent. If we learn we have collected data from a child without required consent, we will take steps to delete it.

    Changes to this policy

    • We may update this policy from time to time. We will post the updated policy on our website with a revision date and, where required, obtain consent for material changes.

    Contact and complaints

    • For questions, requests or complaints about this policy or our processing practices, contact:
    • If you are unsatisfied with our response, you may lodge a complaint with your local supervisory authority.

    Additional information

    • Specific product pages, terms of service, cookie banners, job postings and consent forms may provide further details about particular processing activities.
    • Where legal requirements in your jurisdiction impose additional obligations, those will supplement this policy.

    Last updated: 2025-11-22

    If you would like, we can customize this template with specific company details (address, retention periods, list of subprocessors, links to cookie settings and forms, and applicable supervisory authority).