This Privacy Policy explains how GetFrankly SRL (“GetFrankly”, “the Company”, “we”, “us”, or “our”) processes personal data in two primary contexts:

• Corporate Website - getfrankly.co (the “Website”), used mainly in a B2B context to present our services, team, case studies, blog articles, and to enable you to contact us via form or email.

• Recruitment Platform / ATS - hosted by an external provider (Teamtailor), accessed through “Careers” or “Apply” links, and used to manage recruitment and executive search processes for roles at GetFrankly or at our clients (the “Recruitment Platform”).

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the applicable national legislation. It is important to us that you, as a Website visitor or candidate, understand how and why we use your data.

1. Who We are and What this Policy covers?

GetFrankly SRL, a company registered in Romania and headquartered in Cluj-Napoca, is the data controller for the processing activities described in this Policy.

This Policy applies to:

• visitors of the Website getfrankly.co (primarily clients, potential clients, partners, suppliers, and blog readers);

• individuals who contact us through the Website’s contact form or the email addresses published on the Website;

• candidates and prospective candidates whose data is processed via the Recruitment Platform.

Structure of the Policy:

• Part A – Website (getfrankly.co)

• Part B – Recruitment Platform (Teamtailor / careers.getfrankly.co)

• Common sections: recipients, cookies, data subject rights, security, and contact information.

Part A: Website (getfrankly.co)

2. Data We Collect Through the Website

The Website is an informational and presentation site, designed primarily for business users (B2B). It allows us to:

• present our services (Executive Search, Recruitment, Leadership Advisory, etc.);

• introduce our team and working approach;

• publish blog articles and case studies;

• provide a contact form and email addresses for inquiries.

2.1. Data you provide directly

We collect personal data when you:

• complete the website contact form;

• send us an email using the addresses displayed on the Website;

• request a meeting, an offer, or additional information;

• subscribe to a newsletter or opt in to receive communications from us (if such functionality is available).

Types of data we may process:

• Identification and contact details: name, surname, company, role, email address, phone number;

• Information about your organization and needs: general company description, recruitment roles, project type, objectives;

• Any other data you choose to share, such as links to your LinkedIn profile, website, attachments, or free-text messages.

Please do not send sensitive personal data (e.g., health information, political opinions, religious beliefs) through the general contact form. If such information becomes relevant in a specific context, we will handle it separately, with additional safeguards.

2.2. Data Collected Automatically (Cookies & Analytics)

When you access the Website, we may automatically collect technical information such as:

• IP address, browser type, operating system, device type;

• date and time of access;

• pages visited and resources accessed;

• referring pages (referrals).

These details are typically collected through cookies and similar technologies and help us:

• ensure proper and secure functioning of the Website;

• analyze how the Website is used and improve its structure and content;

• produce internal traffic statistics and performance reports.

Some cookies are strictly necessary, while others are used for analytics or improvements. For more details, see Section 7 or the dedicated Cookie Policy.

3. Purposes and Legal Bases - Website

We process personal data collected via the Website for the following purposes:

3.1. Responding to Inquiries and Communication

• responding to messages sent via the contact form or email;

• organizing meetings, clarification calls, service presentations, or collaboration proposals.

Legal basis:

• our legitimate interest (Art. 6(1)(f) GDPR) in responding to inquiries and communicating with clients and partners;

• for certain requests, taking steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR).

3.2. Business Relationship Management (B2B)

• maintaining and developing relationships with your organization (clients, prospects, partners, suppliers).

Legal basis:

• our legitimate interest in managing and developing commercial relationships (Art. 6(1)(f) GDPR).

3.3. Website Security and Functionality

• ensuring IT security and preventing misuse or unauthorized access;

• diagnosing technical issues and improving Website performance.

Legal basis:

• our legitimate interest in ensuring Website security and proper operation (Art. 6(1)(f) GDPR).

3.4. Analytics and Statistics

• understanding how the Website is used, in aggregated form;

• improving user experience and content relevance.

Legal basis:

• our legitimate interest in improving our communication and services (Art. 6(1)(f) GDPR);

• for certain analytics cookies, your consent (Art. 6(1)(a) GDPR).

3.5. Newsletter / Marketing Communications (if applicable)

If you subscribe to a newsletter or opt to receive updates (e.g., articles, event invitations), we will use your contact details to send such communications.

Legal basis:

• your consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.

4. Data Retention - Website

We retain personal data only as long as necessary for the purposes described or as required by law.

As a general guide:

• Contact messages and general correspondence: stored for approximately 12-24 months from the last relevant interaction;

• Business relationship data (clients / prospects): may be kept longer according to fiscal and accounting laws (e.g., contract and financial documents);

• Analytics data: may be aggregated/anonymous and stored long-term as non-personal data.

You may request deletion at any time (see Section 8), and we will respond in line with applicable legal obligations.

Part B: Recruitment Platform (Teamtailor / ATS)

When accessing “Careers” or pressing “Apply”, you may be redirected to a Recruitment Platform (e.g., careers.getfrankly.co), technically operated by a third-party provider - Teamtailor, and used by GetFrankly for:

• recruitment and selection for client roles;

• recruitment for internal roles at GetFrankly;

• executive search activities, talent pooling, and candidate relationship management.

5. Data We Collect and How We Use It - Recruitment

Through the Recruitment Platform, we may process:

• identification and contact details: name, email, phone, city, LinkedIn profile;

• professional data: CV, cover letter, past roles, responsibilities, achievements, education, certifications, skills, references;

• interview/evaluation information: notes, scores, feedback, questionnaire responses;

• preferences: desired role, salary expectations, availability, location, mobility;

• data from public professional sources (e.g., LinkedIn, company website, public events);

• audio/video material (interviews, presentations) or test results (via testing providers).

Main purposes:

• analysing applications and assessing fit for open roles;

• contacting candidates for interviews or next stages;

• presenting shortlisted candidates to our clients (only in relevant recruitment processes);

• maintaining a talent pool for future roles;

• meeting legal obligations in labour and anti-discrimination contexts;

• analysing and improving recruitment processes (in aggregated/pseudonymized form).

Legal bases:

• our legitimate interest in identifying and evaluating suitable candidates (Art. 6(1)(f));

• taking steps at your request prior to entering a contract (Art. 6(1)(b)), when you apply voluntarily;

• your consent for long-term talent pool retention or certain communications (Art. 6(1)(a));

• compliance with legal obligations (Art. 6(1)(c)) where applicable.

A dedicated Candidate Privacy Notice may also be available directly on the Recruitment Platform.

6. Data Recipients and International Transfers

6.1. Who May Receive Your Data

For both the Website and the Recruitment Platform, we may share your data with:

Service providers (processors):

• hosting and IT infrastructure providers;

• email and communication service providers;

• analytics and monitoring providers;

• ATS / recruitment platform providers (e.g., Teamtailor);

• testing, assessment, or video-interview tool providers.

These providers process data solely on our instructions and under GDPR-compliant data processing agreements.

Clients of GetFrankly (in recruitment contexts):
When you are considered for a client’s role, we may share relevant profile details with that client, only to the extent necessary for the selection process.

Consultants and public authorities:

• legal, tax, or professional advisers (when strictly necessary);

• public authorities, when required by law or under legal procedures.

We do not sell or rent your personal data to third parties.

6.2. Transfers Outside the EEA

Some technical solutions we use (cloud hosting, ATS, email, analytics) may involve transfers outside the European Economic Area.

Where this occurs, we ensure that:

• a European Commission adequacy decision is in place, or

• Standard Contractual Clauses and - if needed - additional safeguards are implemented.

You may request more information about international transfers in Section 10.

7. Cookies

The Website and, separately, the Recruitment Platform may use cookies and similar technologies.

Cookies help us:

• ensure proper functioning and security;

• remember certain preferences (e.g., language);

• analyse traffic and usage patterns;

• improve content and user experience.

Types of cookies:

• Strictly necessary cookies - essential for Website functionality;

• Analytics/performance cookies - help us understand usage;

• Marketing cookies - if applicable for campaigns or tracking tools.

Where required, we will request your consent via a cookie banner. You may change preferences at any time through your browser or via the cookie interface.

Disabling certain cookies may affect Website functionality.

8. Your Rights

Under GDPR, you have the following rights (subject to conditions):

• Right of access - request confirmation and a copy of your data;

• Right to rectification - correct or complete inaccurate/incomplete data;

• Right to erasure (“right to be forgotten”) - request deletion in certain cases;

• Right to restriction of processing - limit processing under specific circumstances;

• Right to object - object to processing based on legitimate interest or to direct marketing;

• Right to data portability - receive your data in a structured, machine-readable format or request direct transfer to another controller;

• Right to withdraw consent - at any time, without affecting prior processing;

• Right to lodge a complaint - with ANSPDCP or the supervisory authority of your habitual residence.

To exercise these rights, please contact us (Section 10).

9. Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect personal data against:

• unauthorized access;

• accidental loss, destruction, or alteration;

• unauthorized disclosure.

Measures include:

• access controls;

• password and authentication policies;

• security updates and patches;

• regular backups;

• restricting employee/collaborator access on a need-to-know basis;

• training and awareness measures.

However, no electronic transmission or storage method is fully secure. You should ensure you use secure devices and keep any authentication data confidential.

10. Changes to This Privacy Policy

We may update this Policy from time to time to:

• reflect legislative changes;

• describe processing activities accurately;

• incorporate new services or functionalities.

Updated versions will be published on the Website and, where applicable, on the Recruitment Platform. If changes are significant, we will make reasonable efforts to notify you (e.g., via Website notice or email).

11. Contact

For questions, clarifications, or to exercise your rights, contact us at:

General Email: hello@getfrankly.co
Data Protection Email: dpo@getfrankly.co

The company’s full address and updated identification details are available on our Website.