HNTD Intel — Trova developer da GitHub, non da LinkedIn

1. Data Controller

The data controller for the processing of personal data through GitHub HR is:

Entity: GitHub HR (operated by Vlad Vrinceanu)
Email: email.vlad.vrinceanu@gmail.com
Jurisdiction: Italy, European Union

The data controller determines the purposes and means of processing personal data in connection with the GitHub HR platform.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by Article 6 of the General Data Protection Regulation (GDPR):

Developer Data — Legitimate Interest (Art. 6(1)(f))

We process publicly available GitHub profile data under our legitimate interest in providing a recruitment technology service. This data is already made public by the developers themselves on GitHub. We have conducted a Legitimate Interest Assessment and concluded that:

The data is already publicly available and accessible to anyone
Processing serves the legitimate purpose of facilitating recruitment
Developers can opt out at any time (see Section 4)
We do not process sensitive/special categories of personal data
The impact on developers is minimal given the data is already public

Recruiter Data — Contract Performance (Art. 6(1)(b))

We process recruiter account data as necessary for the performance of the contract between the recruiter and GitHub HR (i.e., providing the service you signed up for).

Payment Data — Legal Obligation (Art. 6(1)(c))

We process payment-related data as required by applicable tax, accounting, and financial regulations. Payment processing is handled by Stripe, which acts as an independent data controller for payment card data.

3. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15): You may request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17): You may request deletion of your personal data, subject to legal retention obligations.
Right to Restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
Right to Data Portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21): You may object to the processing of your data based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.

To exercise any of these rights, contact us at email.vlad.vrinceanu@gmail.com. We will respond to your request within 30 days.

4. Right to Opt-Out

For developers: If your public GitHub profile has been indexed by GitHub HR and you would like it removed from our database, you may request removal by emailing us at email.vlad.vrinceanu@gmail.com with the subject line "Profile Removal Request" and your GitHub username.

Upon receiving your request, we will:

Remove your profile from our database within 30 days
Add your GitHub username to our exclusion list to prevent future indexing
Confirm the removal via email

5. Data Processors

We use the following third-party services as data processors in accordance with Article 28 of the GDPR:

Convex (Convex, Inc. — United States) — Database hosting and real-time application backend. Stores developer profiles, task data, and pipeline logs.
Clerk (Clerk, Inc. — United States) — Authentication and user identity management. Stores recruiter account credentials and session data.
Stripe (Stripe, Inc. — United States) — Payment processing and subscription management. Acts as both a data processor and independent data controller for payment card data.
Vercel (Vercel, Inc. — United States) — Application hosting, content delivery, and serverless function execution.

Each processor is contractually obligated to process data only as instructed by us and to implement appropriate technical and organizational security measures.

6. International Transfers

Our data processors are primarily located in the United States. Data transfers from the European Economic Area (EEA) to the United States are conducted in compliance with GDPR requirements using:

EU-US Data Privacy Framework (where applicable)
Standard Contractual Clauses (SCCs) as approved by the European Commission

Our primary database (Convex) operates from the EU West 1 region, ensuring that core application data remains within the European Economic Area where possible.

7. Data Protection Officer

For data protection inquiries, you may contact: email.vlad.vrinceanu@gmail.com

We are committed to addressing your data protection concerns promptly and will respond to all inquiries within 30 days.

8. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The relevant authority for Italy is:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italia
Website: www.garanteprivacy.it
Email: garante@gpdp.it

You may also lodge a complaint with the supervisory authority of your country of residence if different from Italy.

GDPR Compliance