This policy is developed in order to understand how personal information is collected and used.
We take privacy very seriously, especially since you trust us your personal information.
- We don’t use your filled-in CV information unless explicitly given permission (service purposes). We only save the data on our server in Amsterdam and use it to generate your CV/CV preview.
- We share your personal information with a few sub-processors we are contracted with, only for functional purposes. These sub-processors are listed in our registry of processing operations. We will especially not share your personal information with external parties for advertising purposes.
You must be above 18 years or have parental consent to use the CV Builder.
- You are responsible for your own data; Although we will protect your data well, submitting sensitive data like religion is at your own risk.
- Deleted CV’s will be automatically removed after a period of 30 days. This is to provide a reverse option if the delete command was accidental.
- In principle, saved (non-deleted) CV’s won’t be deleted periodically unless technically desirable or the client requests to do so.
- User behaviour data may be processed to improve the service in future. These data will be processed anonymously.
- CV-Template.com will not disclose any Personal Information unless required by law to disclose.
We may contact customers directly by email for research, information or promotion purposes when email addresses have been provided by customers and the customer agreed to receive these emails. You can always unsubscribe from the list.
- By using the referral system link, you agree to receive notifications for every new referral with a maximum of 1 mail every 4 hours. You can unsubscribe from this list any time using the unsubscribe link in the email.
- You have the right to request the personal data collected by CV-Template. You can do such a request by sending an email to [email protected].
CV-Template.com stores personal information with the use of external software tools in order to maintain certain site functionalities. This is an overview of the providers we use and which data they save.
- PayPal and Creditcard data are being saved and processed by Braintree, a PayPal company. Creditcard data is saved anonymously. Braintree is established and located in the European Economic Area and is compliant with the GDPR.
- iDeal information is processed by mollie. Mollie is responsible for the data and is compliant with the GDPR.
- To calculate the local VAT and provide tax authorities with the evidence, we rely on taxamo (GDPR compliant). When you make a purchase, your IP address, country and possibly other supporting evidence regarding your geographical position will be saved. According to EU rules, we need 2 non-contradictory pieces of evidence. The data will be saved for at least 10 years to meet the rules of tax authorities.
- To send emails we rely on mousend. Mousend is compliant with the GDPR and has taken measurements to protect your data. You can always unsubscribe from the list after you have given permission. Read- and click behaviour within emails are anonymous processed in order to keep improving CV-Template.
Strictly necessary cookies
- We use Google Recaptcha to make sure your data is protected from brute force (login) attacks
- We use Gooogle Analytics to track the visitor's behaviour on our website anonymously
- After consent, we use Hotjar to track the visitor's behaviour in our CV builder (customer input is replaced by * characters to protect your privacy)
We act according to the General Data Protection Regulation and have taken security measures to provide you with a safe environment.
- We have installed a SSL certificate to provide a safe, 256-bits encrypted connection.
- We have full control over the server and only grant our own technicians access to our servers once agreed with a non-disclosure agreement.
- All services are hosted on a virtual server with a sharply set firewall and access protocols.
- CV pictures from accounts are stored separately and are not accessible by using the URL without authentication (and thus won’t be indexed by any search engine).
- Access to the virtual servers is only granted to a combination of authorised persons, authorised devices and specific geographic locations established by the processor.
- Within the server application, we check at multiple levels whether the authorised user may view certain data.
- The server application and its dependencies are regularly updated.
- The root login is disabled from direct access and we blacklist IP addresses after too many false server login attempts.
- The server application is regularly checked for vulnerabilities as stated in the OWASP top 10 (the Open Web Application Security Project). Vulnerabilities found are immediately corrected.
We are committed to these principles in order to ensure that confidentiality of personal information is maintained. Exact information on which data we process and where this information is stored can be read in our processing register