Recruitment Privacy Notice

Release Date: 23.04.2026

‍
A word from our CISO

Jobbatical is a leading provider of relocation services, helping companies hire top talents from anywhere in the world.
‍
Our paperless process is powered by our own software application. We proudly serve over 600 companies as their primary relocation partner.At Jobbatical, safeguarding sensitive information and customer data is integral to our business. We rely heavily on our Relocation Case Management Software, prioritizing the confidentiality, integrity, and availability of our applications. Our primary objective is to protect our customers' data and Information and Communications Technology (ICT) assets.We are committed to continuous security improvements and adhere to Information Security Management Systems across all levels of our organization. This includes all employees, core business processes, and the ICT systems supporting our Jobbatical application.To ensure the highest standards of information security, we comply with the ISO27001 standard. This standard guides us in establishing, implementing, controlling, assessing, maintaining, and improving our documented Information Security Management System (ISMS). By choosing appropriate security measures, we aim to safeguard information and provide confidence to our stakeholders.

In this page we have curated a collection of documents that cover various aspects of our program, policies, architecture, tests, and more. These resources are designed to provide comprehensive information. If you have any additional inquiries, please don't hesitate to contact us.

Marje Salumets
^CISO

Data protection

Respecting personal data protection rights is our priority which is why we have created documentation and implemented internal processes to meet the GDPR requirements.

What is our data processing role?

Our company is a Controller

Although we offer our services through our own technically advanced cloud-based platform, we are not a typical SaaS service provider in relation to our relocation service.

Based on our assessment, we have concluded that we are a separate controller of personal data of talents and their family members when providing relocation services because we determine the means and purposes of data processing. Such data processing is described in our privacy notice. For specific data types, please see “talent data” and “talent family member data” (this includes the talent’s or his or her family member’s first name, last name, date of birth, personal ID code, nationality, passport data, photo, etc) in our privacy notice.

Our role as a controller primarily arises because of following:

• Even though the business client initially orders and pays for the service, a direct relationship between us and the talent is still established during the provision of the service. Additionally, a power of attorney may be requested from the talent (or his or her family member) directly,
• There are no specific instructions from the business client on what data to collect from the talent (and his/her family member) and how exactly the relocation services should be provided,
• In general, most of the personal data is collected directly from the talent (i.e., business clients are not generally involved in the collection and submission of personal data to us),
• The business client is usually kept informed of the process and receives the notification once the relocation is completed, but the business client has no significant influence on us and the provision of services in general. On the other hand, we have a significant independence in providing the service – we determine exactly how (by using what means) we process personal data in order to achieve the intended purposes.

Our Company is a Processor

When it comes to the processing of personal data of our platform users designated by our business clients, we consider ourselves as a data processor.  Such processing is regulated by the data processing agreement (DPA) appended to our terms of service. The DPA concerns only the processing of the names, emails, phone numbers and job titles of our business clients’ employees who are using our platform (e.g., HR manager who has access to the platform and who initiates the talent relocation), but not the talents (i.e., current or future employees who need to be relocated) and their family members.

In a nutshell, a typical process looks like this:

While this is a description of our typical process, depending on the client and the processes agreed with the client, relevant legal documentation may need to be customized accordingly. Please feel free to talk to our growth team so that we can find a solution that suits your business in the best possible way.

We are also currently in the process of implementation of ISO/IEC 27701 (Privacy Information Management System) so that we can demonstrate in even a better way a high level of protection of personal data.

Should you have any questions regarding the data processing, please feel free to contact our DPO: [email protected].

What about the (sub)processors?

All our (sub)processors are thoroughly assessed, certified and use EU storage location. The list of processors used by Jobbatical is available to clients and selected prospects subject to NDA.

Release Date: 23.04.2026

‍
PERSONAL DATA PROCESSING AGREEMENT

We are Jobbatical OÜ, an Estonian company with registry code 12671900 (Jobbatical, we, us and our), address Narva mnt 7b, 10117 Tallinn, Estonia. We operate an online platform at https://app.jobbatical.com (the Platform) to provide certain services relating to relocation of employees/future employees, as well as their family members from one country to the place of employment in another country (the Services).

The term “Client” or “you” refers to a legal entity named as a Client in the service agreement signed by Jobbatical and the Client (the Service Agreement). This personal data processing agreement (the DPA) is part of a Service Agreement between Jobbatical and the Client (each also a Party and collectively the Parties).

In connection with the provision of the Services under the Service Agreement, Jobbatical processes certain personal data on behalf of the Client. To ensure the secure, correct and lawful processing of personal data, the Parties have agreed to supplement the Service Agreement and enter into this DPA as part of the Service Agreement.

This DPA applies to the processing of personal data of platform users designated by the Client for the purposes further described in Annex A of the DPA. For the processing of personal data relating to relocated employees and their family members, Jobbatical acts as an independent controller, and for this processing the Privacy Notice applies.

In case of a conflict between any other document forming part of the Service Agreement and this DPA regarding the processing of personal data, the DPA shall prevail and apply.

1. GENERAL PROVISIONS

1.1 The terms used in the DPA are used in the meaning given to them in Article 4 of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (the GDPR) or in the meaning given to them in the Service Agreement.  

1.2 In the context of Article 28 of the GDPR, Client is the data controller of the personal data transferred or made available to Jobbatical in the course of the use of the Platform by the Client’s designated users and Jobbatical is the data processor.

2. GENERAL OBLIGATIONS OF JOBBATICAL

2.1 Jobbatical shall process personal data only in accordance with the applicable law, the terms of the Service Agreement, including the terms of this DPA.

2.2 Jobbatical shall process personal data only for the purposes described in Annex A to this DPA.

2.3 Jobbatical shall process personal data in accordance with the documented instructions of the Client, including those in this DPA.

2.4 Jobbatical has designated, and shall maintain where required by applicable law, a competent data protection officer in accordance with the applicable law

2.5 Jobbatical shall keep records of all the data processing activities carried out on behalf of the Client. The records of data processing activities shall comply with the requirements set forth in Article 30 (2) of the GDPR.

2.6 Upon the respective request by the Client, Jobbatical shall make available to the Client the records described in section 2.5 regarding the personal data processed on behalf of the Client immediately and free of charge but not later than within fifteen (15) business days as of the respective request by the Client.

2.7 Jobbatical shall, taking into account the nature of the processing, provide reasonable cooperation to assist the Client by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of personal data under the DPA. In the event that any such request is made directly to Jobbatical, Jobbatical shall not respond to such communication directly without Client's prior authorization, unless legally compelled to do so. If Jobbatical is required to respond to such a request, Jobbatical shall promptly notify the Client and provide it with a copy of the request unless legally prohibited from doing so.

2.8 Jobbatical shall assist the Client in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to Jobbatical.

3. GENERAL OBLIGATIONS OF THE CLIENT

3.1 The Client warrants that upon transferring any personal data to Jobbatical, the Client has an appropriate legal basis to submit such personal data to Jobbatical.

3.2 The Client warrants that upon transferring any personal data to Jobbatical, Jobbatical is entitled to further process such personal data for the purposes of performing the Service Agreement.

3.3 The Client warrants that upon transferring any personal data to Jobbatical, all personal data submitted by the Client to Jobbatical is accurate, true, relevant and necessary with reference to the performance of the Service Agreement.

4. CONFIDENTIALITY

4.1 Jobbatical shall ensure the confidentiality of the personal data processed on behalf of the Client.

4.2 Jobbatical shall ensure that no unauthorized third parties can access the personal data processed on behalf of the Client.

4.3 Jobbatical shall ensure that all the representatives, employees of Jobbatical and other persons who through Jobbatical come into contact with the personal data processed on behalf of the Client are subject to the confidentiality obligation assumed under a contract or the law and Jobbatical shall ensure that their representatives, employees and other persons acting for their benefit maintain the full confidentiality of the personal data.

4.4 Jobbatical shall ensure that all the representatives and employees of Jobbatical who come into contact with the personal data processed on behalf of Client have received appropriate training and instructions for the processing of personal data in accordance with the Service Agreement, the DPA and the applicable law.

5. SECURITY MEASURES

5.1 Jobbatical shall ensure the security of personal data processing for the purposes of protecting personal data from accidental or unauthorized processing, disclosure or destruction by implementing measures required under Article 32 of GDPR.

5.2 Taking into account the state of the art and costs of implementation, and the nature, scope, context and purposes of the personal data processing as well as the risk to the rights and freedoms of natural persons, of varying likelihood and severity, that may result from personal data processing, Jobbatical shall apply appropriate technical and organizational measures upon personal data processing to ensure the security of personal data. A more detailed description of technical and organisational measures is provided in Annex B to this DPA.        

6. AUDIT

6.1 The Client shall have the right, once in every twelve (12) months upon the provision of fifteen (15) business days' prior written notice to audit Jobbatical’s operations relevant to the performance of the DPA. If the date proposed by the Client is not suitable for Jobbatical, the Client can appoint another date that cannot be later than fifteen (15) business days from the original date. The audit methodology will be specified between the Parties before the audit is carried out. The Client shall be responsible for the costs of the audit.

6.2 The audit must be performed on a business day during the working hours of Jobbatical, and it must not unreasonably disturb Jobbatical's course of business or jeopardise the confidentiality of any third party's information in Jobbatical's possession. Jobbatical undertakes to co-operate in good faith with the Client, contribute to inspections and audits by the Client, and provide the Client with such information relating to this DPA that the Client may reasonably request in order to demonstrate that it has acted in compliance with the GDPR.

7. PERSONAL DATA BREACH

7.1 In case of a personal data breach Jobbatical shall as immediately as possible notify the Client of this. Jobbatical shall send to the Client a notification about the personal data breach, which shall include the following information:

7.1.1 a description of the nature of the personal data breach, including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;    

7.1.2 the name and contact details of the data protection officer or other contact person of Jobbatical if applicable;

7.1.3 the likely consequences of the personal data breach, incl. the likely consequences to data subject;

7.1.4 measures taken or proposed to be taken by Jobbatical to address the personal data breach or measures to mitigate its possible adverse effects.

7.2. Jobbatical shall send the notification specified in section 7.1 to the Client immediately and if possible, not later than within 48 hours as of the occurrence of the personal data breach.

7.3. In case and insofar as Jobbatical is not able to submit the information described in section 7.1 to the Client within the term set forth in section 7.2, Jobbatical may submit the information to the Client in phases but without undue further delay accompanied by a justification of the delay.

7.4. Jobbatical shall cooperate fully with the Client for the purposes of preventing personal data breaches. If a personal data breach occurs, Jobbatical shall cooperate fully with the Client to address the personal data breach as efficiently and quickly as possible and/or mitigate its possible adverse effects.

7.5. Jobbatical shall document all personal data breaches, including the facts relating to the personal data breach, its effects and the remedial action taken.

8. RETURN, DELETION AND DESTRUCTION OF PERSONAL DATA

8.1. Upon each request of the Client and/or after the termination of the Service Agreement, Jobbatical shall delete all personal data processed on behalf of the Client within fourteen (14) calendar days, unless Jobbatical has a legal basis to retain certain data.

9. SUBPROCESSORS AND TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

9.1. The Client grants Jobbatical a general authorization to subcontract the personal data processing conducted under this DPA to subprocessors provided that:

9.1.1. the engagement of the subprocessor is necessary for the provision of the Services;

9.1.2. Jobbatical has entered into a written agreement containing data protection obligations no less protective than those in this DPA. Jobbatical shall be liable for any breaches by the subprocessor in accordance with the terms of this DPA;

9.1.3. Jobbatical will evaluate the security, privacy and confidentiality practices of a subprocessor prior to selection to establish that it is capable of providing the level of protection of personal data required by this DPA. When the personal data is transferred outside the European Economic Area, Jobbatical shall ensure that either the personal data is transferred to a country in relation to which the European Commission has decided that the country ensures an adequate level of protection or if there is no adequacy decision about the country, territory or sector for the transfer, Jobbatical shall ensure the transfer is subject to appropriate safeguards listed in the GDPR.

9.2. The list of subprocessors approved by the Client at the time of the conclusion of this DPA is set out in Annex C to this DPA. Jobbatical shall inform the Client of any intended changes concerning the addition or replacement of other subprocessors, thereby giving the Client the opportunity to object to such changes. The Client is considered to have agreed with the changes in subprocessors provided that the Client has not submitted its objection within ten (10) business days as of the receipt of the notice.

9.3. If Jobbatical uses subprocessors, Jobbatical shall assume full liability for the subprocessor to process personal data in accordance with the applicable law and this DPA.

10. LIABILITY AND COMPENSATION FOR DAMAGE

10.1. Jobbatical shall assume liability for damage, administrative fines or any other claims with regard to Jobbatical’s violation of the Service Agreement, the DPA or requirements of the applicable law.

10.2. Jobbatical shall not be liable in any case for an administrative fine imposed on the Client, damage caused to the Client or a claim submitted with regard to the Client if these are based on a violation by the Client and/or if Jobbatical has not committed such violation.

10.3. The Client shall assume liability for damage, administrative fines or any other claims with regard to the Client’s violation of the Service Agreement, the DPA or requirements of the applicable law.      

11. VALIDITY

11.1. The DPA shall be valid from the moment of conclusion of the Service Agreement until Jobbatical is processing personal data on behalf of the Client or until the end of the term of the Service Agreement, whichever is the later.

12. FINAL PROVISIONS

12.1. The DPA shall be governed by the laws of the Republic of Estonia.

12.2. Disputes arising from the DPA shall be resolved by negotiations or in Estonian courts, Harju County Court being the court of first instance.

________________

ANNEX A to the DPA

1. PURPOSE OF DATA PROCESSING

Provision of the relocation services to the Client in accordance with the Service Agreement.

2. DATA SUBJECTS

The Platform users designated by the Client.

3. CATEGORIES OF PERSONAL DATA

Name, surname, email address, phone number (if provided).

4. PROCESSING OPERATIONS

Jobbatical processes the personal data in the Platform to allow the Client’s employees and other contractors, if applicable, to use the Platform in relation to fulfilment of the Service Agreement.

5. PROCESSING PERIOD

The term of the Service Agreement and maximum fourteen (14) days after the termination of the Service Agreement, unless pursuant to applicable law Jobbatical has the right or obligation to retain data for a longer period.

________________

ANNEX B to the DPA – Technical and organizational measures

1. INFORMATION SECURITY PRACTISES AND PRINCIPLES

 1. Jobbatical shall ensure methodological and purposeful information security management in its organisation, preferably based on a widely accepted standard (such as ISO/IEC 27001, CIS Security Controls, Estonian national information security standard E-ITS), ensuring:

    1. information security risk management;

    2. assigned information security roles and responsibilities;

    3. access management;

    4. information security incident management;

    5. endpoint security management;

    6. cryptography management;

    7. periodic review of information security measures.

 2. Jobbatical’s personnel must have completed information security training at least once a year or ensure information security competence in other ways (such as maintaining information security certificates).

 3. Jobbatical shall implement the information security management requirements throughout its relevant supply chain to the extent that may affect the Client’s personal data.

 4. The Client has the right to audit Jobbatical’s information security management system and information security measures to the extent that may affect the Client’s personal data.

2. INFORMATION AND ACCESS MANAGEMENT

 1. Jobbatical must prevent unauthorized access to confidential information.

 2. Documentation must be marked with classification labels if specific instructions have been received from the Client.

 3. Information stored in the Client’s information systems and intended for processing strictly there may not be copied into Jobbatical’s systems unless otherwise agreed.

 4. Managing access to confidential information must be based on need-to-know and the principle of least privilege.

 5. Confidential information may only be transmitted over the Internet in an encrypted form (such as encrypted e-mail attachments, HTTPS web sessions, TLS protected collaboration tools, VPN connections).

 6. Confidential information may only be stored in an encrypted form (such as full hard disk encryption, encrypted files, encrypted database).

 7. Jobbatical shall immediately notify the Client of the need to close the user account if any of Jobbatical’s personnel is no longer involved in the performance of the Services.

3. INFORMATION SECURITY INCIDENT MANAGEMENT

 1. Jobbatical must notify the Client within 48 hours of any registered information security incident that may affect the Client’s personal data.

 2. The notification shall contain detailed information on the nature, extent and technical characteristics of the incident enabling the Client to implement additional measures to protect the personal data.

 3. Information about information security incidents is considered confidential and must be transmitted in an encrypted form.

 4. Jobbatical shall not take actions on public communication to the extent that allows identifying the Client and its security measures.

 5. Jobbatical shall fully cooperate with the Client in handling information security incidents, including analysis, isolation and restoration of the normal situation.

 6. Contact persons for reporting information security incidents and transmitting encrypted messages are: [email protected] for Jobbatical. The Client shall notify Jobbatical of its contact details for such purposes.

‍

Last update: April 13, 2026

1. Scope of Urgency Service 

By selecting the Urgency Service, you instruct Jobbatical to prioritize the management of the specified case based on a "first-in-line" principle. This internal prioritization ensures that Jobbatical personnel initiates and executes all procedural actions within their control with priority.

Territorial Scope: this service is currently available only for cases involving the United Kingdom, Spain, and Germany.

2. Eligibility and Fees
   

• Trigger: This service is applicable if the requested travel or employment start date is less than one (1) month from the date of case initiation.
  
  
• Service Charge: A non-refundable fee of 500 EUR/GBP/USD (depending on the country of application) (the "Urgency Fee") shall be applied for this expedited internal handling.
  
  

3. Limitation of Liability

You acknowledge and agree to the following:

• Internal Scope only. The Urgency Fee covers Jobbatical’s internal administrative priority. It does not, and cannot, influence the processing speeds, decision-making timelines, or any decisions or requirements of government authorities, or third-party entities.
  
  
• No Guarantee of Outcome. First-in-line prioritization does not guarantee a successful application outcome or the achievement of the planned travel/start date.
  
  

External Factors. Delays caused by authorities’ appointment availability, public holidays, or requests for additional documentation/information by authorities are outside the scope of this service and do not entitle you to a refund.

29 May 2025

‍

En Jobbatical, estamos comprometidos con la transparencia y la equidad en la gestión de cancelaciones de servicios y reembolsos. Por favor, revisa cuidadosamente esta política antes de adquirir nuestros servicios.

Al contratar nuestros servicios, aceptas los términos que se detallan a continuación.

‍

1. Política General

Esta política de reembolsos se aplica exclusivamente a los servicios relacionados con solicitudes de ciudadanía española adquiridos a través del sitio web de Jobbatical.
Debido a la naturaleza de nuestros servicios, en los que se invierten tiempo y recursos desde las primeras etapas del proceso, ofrecemos una política de reembolso escalonada según el nivel de avance del servicio. Por favor, lee lo siguiente detenidamente antes de continuar.

‍

2. Elegibilidad para Reembolso (Si Cancelas el Servicio)

Si decides cancelar el servicio de ciudadanía española después de la compra, tu elegibilidad para un reembolso dependerá del trabajo que ya se haya realizado. Los reembolsos están disponibles bajo las siguientes condiciones:

• Dentro de las 24 horas posteriores a la compra del servicio (y antes de que se haya iniciado cualquier trabajo) – 100% de reembolso
• Después de que nuestro equipo te haya enviado un primer mensaje o guía – 75% de reembolso
• Después de que hayas recibido formularios o documentos para firmar – 25% de reembolso
• Después de que tu solicitud haya sido presentada ante las autoridades españolas – 0% de reembolso

Para solicitar la cancelación y el reembolso, debes notificarnos a través del medio de contacto indicado más abajo en la sección “Contáctanos”. La aprobación se basará en el registro documentado del progreso de tu caso.

‍

3. Derecho de Desistimiento

De acuerdo con la legislación de protección al consumidor en España (Real Decreto Legislativo 1/2007, Ley General para la Defensa de los Consumidores y Usuarios), tienes derecho a desistir de un contrato de servicios en un plazo de 14 días naturales desde la compra.

Al aceptar esta política de reembolso, reconoces expresamente que:

• Consientes el inicio inmediato del servicio antes de que finalice el período de desistimiento de 14 días.
• Comprendes que tu derecho de desistimiento dentro de los 14 días sigue siendo válido, ya que el servicio se encuentra en curso y no se completará dentro de ese plazo.
• Si ejerces tu derecho de desistimiento durante los 14 días, aceptas pagar un importe proporcional correspondiente a la parte del servicio ya prestado, según nuestra política de reembolso escalonada.

‍

4. Resultados y Responsabilidades

Aunque nos comprometemos a ofrecer servicios precisos, completos y puntuales, el resultado final de cualquier solicitud depende exclusivamente de las autoridades gubernamentales españolas.

No tenemos control sobre los plazos de resolución, solicitudes de documentación adicional, ni sobre la aprobación o rechazo de tu solicitud.

Por lo tanto, no podemos ni garantizamos un resultado exitoso, y no se emitirán reembolsos en caso de que tu solicitud sea denegada, retrasada o afectada por decisiones de terceros.

También es tu responsabilidad:

• Proporcionar información y documentación completas y veraces
• Responder a las solicitudes en tiempo y forma
• Verificar que cumples con los requisitos antes de realizar la compra (puedes consultar las condiciones en nuestro sitio web)

El incumplimiento de estas responsabilidades puede afectar negativamente el avance o resultado de tu solicitud. En tales casos, Jobbatical no está obligado a emitir ningún reembolso, independientemente del progreso del servicio.

Tu pago por el servicio de solicitud de la nacionalidad española cubre la preparación y presentación de tu solicitud, basada en la documentación e información que tú proporciones.

Ten en cuenta que este pago no incluye:

• Ningún servicio más allá de la presentación inicial, como recursos o comunicaciones adicionales con las autoridades en caso de que la solicitud sea rechazada, ni
• asistencia para obtener la documentación requerida. Deberás recopilar tú mismo/a estos documentos, ya que contar con la documentación adecuada es esencial para poder obtener la nacionalidad.

‍

5. Circunstancias No Reembolsables

No se otorgarán reembolsos si:

• Tu solicitud es rechazada, retrasada o denegada por las autoridades gubernamentales españolas
• No proporcionas la documentación requerida o no respondes a las solicitudes de información
• Cambias de opinión después de que el servicio haya avanzado más allá de las etapas iniciales
• El servicio ya ha sido completamente prestado o la solicitud ya fue presentada
• No estás satisfecho con el resultado debido a factores fuera de nuestro control.

‍

6. Comentarios y Resolución de Problemas

Valoramos la transparencia y la satisfacción del cliente. Si tienes dudas o comentarios sobre tu experiencia, te animamos a contactarnos en [email protected] para que podamos abordar el problema y buscar una solución justa siempre que sea posible.

‍

7. Contáctanos

Para solicitudes de reembolso, cancelaciones de servicios u otras consultas, por favor comunícate con nosotros. Estamos aquí para ayudarte.
Nombre: Jobbatical OÜ
Dirección registrada: Narva mnt 7b, 10117 Tallin, Estonia
Correo electrónico: [email protected]
También puedes contactarnos a través de la plataforma de Jobbatical iniciando sesión y comenzando un chat.

‍

29 May 2025

‍

At Jobbatical, we are committed to transparency and fairness in how we handle service cancellations and refunds. Please review this policy carefully before purchasing our services. 

By engaging our services, you agree to the terms outlined below. 

‍

1. General Policy

This refund policy applies exclusively to services related to Spanish citizenship applications purchased from Jobbatical website. 

Due to the nature of our services where time and resources are invested early in the process, we offer a tiered refund policy based on the stage of service delivery. Please read the following carefully before proceeding. 

‍

2. Refund Eligibility (If You Cancel the Service)

If you choose to cancel your Spanish citizenship service after purchase, your eligibility for a full refund will depend on how much work has already been completed. Refunds are available under the following conditions: 

• Within 24 hours of service purchase (and before any work has started) – 100% refund.
• After our team has sent you an initial message or guidance – 75% refund.
• After you have received forms or documents for signature – 25% refund. 
• After your application is submitted to the Spanish authorities - 0% refund. 

To request cancellation and a refund, you must notify us via a contact brought out below under section “Contact Us”, and approval will be based on the documented process of your case. 

‍

3. Right of Withdrawal

In accordance with Spanish consumer protection law (Royal Legislative Decree 1/2007, Ley General para la Defensa de los Consumidores y Usuarios), you have the right to withdraw from a service contract within 14 calendar days of purchase.

By agreeing to this refund policy, you expressly acknowledge that: 

• You agree to the immediate start of the service before the end of the 14-day withdrawal period. 
• You understand that your right of withdrawal during the 14 days remains valid because the service is ongoing and will not be fully performed within the withdrawal period. 
• If you exercise your right of withdrawal within the 14-day period, you agree to pay a proportional amount corresponding to the part of the service already performed, according to our tiered refund policy. 

‍

4. Results and Responsibilities 

While we are committed to providing accurate, thorough and timely services, the final outcome of any application is at the sole discretion of Spanish government authorities. 

We have no control over the timeline, requests for additional documentation, or approval or rejection of your application. 

Accordingly, we cannot and do not guarantee a successful outcome, and no refunds will be issued in cases where your application is denied, delayed, or otherwise affected by third-party decisions.

It is also your responsibility to: 

• Provide complete and accurate information and documentation
• Respond to requests in a timely manner
• Ensure personal eligibility before purchase. You can take a look at the conditions on our website. 

Failure to meet these responsibilities may negatively affect the progress or outcome of your application. In such cases, Jobbatical is not required to offer any refund, regardless of how far the service has progressed.  

Your payment for the Spanish citizenship service covers the preparation and submission of your application based on the documentation and information you provide. 

Please note that this payment does not include: 

• any services beyond the initial submission, such as filing appeals, or further communication with the authorities if the application is rejected and
• assistance with obtaining required documentation. You will need to collect these yourself, as having the right documents is essential for obtaining citizenship. 

‍

5. Non-Refundable Circumstances

Refunds will be not granted, if: 

• Your application is rejected, delayed, or denied by Spanish government authorities. 
• You fail to provide required documentation or respond to information requests. 
• You change your mind after services have progressed beyond initial stages. 
• Services were fully rendered or an application was submitted. 
• You are dissatisfied with the result due to factors outside our control. 

‍

6. Feedback and Issue Resolution

We value transparency and customer satisfaction. If you have concerns or feedback about your experience, we encourage you to contact us at [email protected], so we can address the issue and find a fair solution wherever possible. 

‍

7. Contact Us

For refund requests, service cancellations or other inquiries, please reach out to us. We are here to help. 

Name: Jobbatical OÜ

Registered address: Narva mnt 7b, 10117 Tallinn, Estonia. 

Email: [email protected]

You may also contact us via Jobbatical platform by logging in and starting a chat. 

Release Date: 13.07.2023

‍
This privacy notice (hereinafter “notice”) explains how Jobbatical OÜ (hereinafter “we” or “us”) processes personal data of employees or future employees of our business clients (hereinafter “talents”) and their family members in relation to our services. 

Our services include immigration services (such as registration of employment, assistance on applying the residence permit or visa, applying for personal identification number, registration of a place of residence, registration of tax residency and overview of labour taxes) and settle-in services (such as search for accommodation, family doctor, assistance on opening bank account, entering into phone service provider agreement etc.) that we provide for the relocation of talents and their family members from one employment place to another (hereinafter “relocation services”).

This notice also describes how we process personal data of visitors of our website www.jobbatical.com (hereinafter “website”), representatives of our potential and current business clients, and other individuals who contact us through the contact form on the website, by email or other means of communication (hereinafter “you” or the “data subject”).

This notice describes the processing of personal data by us as a data controller. This means that we individually or along with others determine the purposes and means of the processing of personal data.

‍‍

1. DATA CONTROLLER

Name: Jobbatical OÜ.

Registry code: 12671900.

Address: Narva mnt 7b, 10117 Tallinn, Estonia

Email: [email protected].

Contact details of data protection officer: [email protected].  

‍‍

2. PERSONAL DATA WE PROCESS

“Identification data” – this includes your first, last name and position in the company. This data is collected directly from you, or from the representative of the company you work for. We may also collect this information from public registers, such as business register, for the purposes of concluding a service contract with the company you represent.

“Contact data” – this includes your email address and phone number. This data is collected directly from you, or from the representative of the company you work for. We may also collect this information from public registers, such as business register, for the purposes of concluding a service contract with the company you represent.

“Talent data” – this includes the talent’s first name, last name, date of birth, personal ID code, nationality, passport data, photo, place of residence, e-mail address, phone number, country of destination, name and other details of the employer, place of work, occupation, education, criminal background, marital status, data concerning family members and other data that is relevant and is requested by relevant authorities, institutions and other involved persons during the provision of requested relocation services or that is necessary to provide our platform services (e.g., your account credentials). The personal data is collected from our business client (i.e., talent’s current or future employer) upon creation of a talent user account and/or directly from the talent. 

“Talent family member data” – this includes the first name and last name of the talent’s family member, as well as his or her date of birth, personal ID code, nationality, passport data, photo, place of residence, e-mail address, phone number, country of destination, name and other details of the employer, place of work, occupation, education, marital status, and other data that is relevant and is requested by relevant authorities, institutions and other involved persons during the provision of requested relocation services. The personal data is collected mainly from the talent but can also be collected directly from the talent’s family member or from our business client (i.e., the talent’s current employer or future employer).

“Company data” – this includes the name of the company you represent, and other details, such as registry code and address (where relevant). This data is collected directly from you or from the representative of the company you work for. We may also collect this information from public registers, such as business register, for the purposes of concluding a service contract with the company you represent.

“Communication data” – this includes personal data contained in the correspondence you have with us. This data is collected when you contact us or when we contact you.

“Contract data” – this includes the date and the number of a contract (where relevant), as well as the written contract document. This data is generated upon conclusion of the contract or during its performance.

“Website visit data” – this includes personal data which is collected and further processed upon visiting and using our website. Depending on the particular cookie we use, the types of personal data may include different online identifiers, such as IP address, device fingerprints, client identifier or session ID. Please see more information regarding cookies and other tracking technologies in section 7 of this notice. 

‍‍

3. THE PURPOSES AND THE LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA

‍

3.1 Consent

We process your personal data based on your consent for the purposes described below. You always have the right to withdraw the consent given for the use of cookies by changing your preferences though the website. To withdraw your consent to receive newsletters, you can click on the unsubscribe link at the end of the newsletter or send us an e-mail using the contact details described in section 1 of this notice. Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.

‍

3.2 Contract

We process your personal data necessary for the performance of a contract to which you are the party or to take steps at the request of the data subject prior to entering into a contract for the purposes described below.

‍

3.3 Legal obligation

We process your personal data on this legal ground if the legal obligation for processing arises from the law.

‍

3.4 Legitimate interests

We process your personal data based on our legitimate interests for purposes described below. You have the right to ask clarifications regarding the processing based on the legitimate interests. You also have the right to send the objection, if you find that processing of your personal data for the purposes provided below prejudice your rights. Please see section 1 of this notice for our contact details.

‍

4. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

In some cases, we may transfer your personal data to certain recipients who are categorized as follows:

4.1 Partners who provide the services to us, and who process the personal data on our behalf (data processors), e.g.:

(a) providers of various ICT services (including providers of website hosting services and other providers of cloud services);

(b) various contractors (IT development, support, accounting, partners providing relocation services).

4.2 Independent controllers of personal data:

(a) local or government authorities and institutions who are involved in relocation process (e.g., immigration authorities, etc.);

(b) our business clients who are or will be the employers of the talent, or who also need to process talent family member data for their own purposes;

(c) providers of employer of record (EOR) or similar services who we cooperate with together with our business clients;

(d) banks and other financial institutions, our attorneys, auditors, etc.

4.3 Public authorities and supervisory bodies, e.g., court, law enforcement authorities, Data Protection Inspectorate. We transfer your personal data to public authorities and supervisory bodies only if the law requires it. 

Unless necessary for the provision of services, we do not transfer your personal data outside of the European Union (EU) or the European Economic Area (EEA), nor to such third country or international organization, the level of data protection of which the European Commission has not considered adequate. If your personal data is transferred outside of the EU or EEA, such transfer of personal data will take place only upon appropriate legal basis, and we will take appropriate protective measures. Data transfers to such third countries are mainly based on Standard Contractual Clauses adopted by the European Commission.

You have the right to get additional information about the transfer of your personal data by sending us the relevant request using the contact details described in section 1 of this notice.   

‍

5. RETENTION OF PERSONAL DATA

We retain your personal data for the period necessary for the achievement of purposes stated in this notice or until the law requires it. 

For example, we will retain accounting source documents for seven years as of the end of the financial year during which the source document was recorded in the accounts.

Specific terms of retention can be exercised by accessing your personal data. Please see the explanation in the section “Your rights regarding the personal data”.

‍

6. YOUR RIGHTS REGARDING THE PERSONAL DATA

Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the personal data is disclosed (especially the recipients in third countries), for how long the personal data is retained and what are your rights concerning rectification, erasure and restriction of the processing.

Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.

Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case when you withdraw your consent and there are no other legal grounds for the processing of the personal data.

Right to restrict the processing: in some cases, you have the right to restrict processing of the personal data concerning you for a certain time (e.g., if you have objected the processing of personal data).

Right to object: you have the right to object the processing of personal data, which is processed based on the legitimate interest, including profiling. Upon objection, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

Right to data portability: if processing of your personal data is based on your consent or the contract with us and the data processing is carried out by automated means, then you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim to transmit those personal data to another service provider if it is technically possible.

Right to turn to us, supervisory authority, or a court: if you want to exercise the above-mentioned rights, please send us and email using the contact details described      in section 1 of this notice. If you find that your rights have been breached, you have the right to turn to the Data Protection Inspectorate (Andmekaitse Inspektsioon) and/or court. The contact details of the Data Protection Inspectorate are available at www.aki.ee. 

‍

7. COOKIES AND OTHER WEB TECHNOLOGIES

We use all the cookies and other web technologies, except the strictly necessary cookies, with your prior consent. You always have the right to withdraw the consent by changing your preferences via our website. In case the strictly necessary cookies process your personal data, we rely on legitimate interests in processing of such data (see section 3.3 above that explains our legitimate interests).

We use first-party cookies (such cookies are created and stored directly by us), but also third-party cookies (i.e., the cookies that are created and stored by third-party service providers, such as Google). 

We may use both session cookies and persistent cookies. Session cookies or non-persistent cookies are cookies that exist only temporarily while you browse our website. Your web browser should delete these cookies when you close your browser. However, persistent cookies use expire on a specific date or after a period of time specified by the third party or us.

For your convenience, we have categorized the cookies we use on our website by their purposes as follows:

‍

Strictly necessary : These cookies are used to enable the basic functionality of the website, which means that without these cookies our website would not function as it should. Due to the nature of such cookies, and in accordance with applicable law, we are entitled to use them without your prior consent. However, if these cookies process personal data, we rely on our legitimate interests upon processing of such data.

Marketing: These cookies are used to deliver advertising that is more relevant to you and your interests. Marketing cookies are used only based on your prior consent.

Analytics: These cookies are used to understand how this website performs, how visitors interact with the site, and whether there may be technical issues. Analytics cookies are used only based on your prior consent.

‍

Hereunder we have listed all the cookies used on our website:

8. AMENDMENT OF THIS NOTICE

We have the right to amend this notice unilaterally. The amended version of the notice will be published on our website.