Legal
Privacy Policy
This Privacy Policy explains how Riisgaard Consulting OÜ(“we”, “us”, or “Abroader”) collects, uses, shares, and protects personal data when you use abroader.io and related services (the “Platform”). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian data protection law.
Version: 1.0
Last updated: 30 June 2026
1. Who we are
The data controller responsible for your personal data is:
Controller: Riisgaard Consulting OÜ
Country: Estonia
Platform: abroader.io
Privacy contact: admin@abroader.io
Data Protection Officer (DPO): admin@abroader.io
Abroader connects independent recruiters (Abroaders), job seekers (Candidates), and employers (Clients) for international recruitment. Because our controller is based in the EU and users may be located across the EEA and internationally, we design our processing with GDPR requirements in mind.
How the Platform works
Three groups use Abroader. Personal data moves through the Platform to match people to roles, track commissions, and manage client relationships.
Abroaders
Platform
Clients
Candidates
Apply via Abroader landing pages & vacancies
Key data flows
- Candidates → PlatformApplications & CVs via landing pages
- Abroaders → PlatformAccount data, sourcing activity & commission records
- Clients → PlatformVacancies, hiring activity & billing details
- Platform → ClientsCandidate introductions for hiring decisions
- Platform → AbroadersVacancies, tools, payouts & performance data
- Platform → AbroadersSplit sourcing: shared Candidate data between recruiters
- Platform → Finance providersCommission payouts & client invoicing
Site visitors who browse abroader.io without an account may also have cookies, IP address, and device data collected — see Sections 2 and 10 below.
2. What personal data we collect
The personal data we collect depends on how you use the Platform. Select your role below to see the types of data involved:
Abroaders
Independent recruiters using the Platform to run their own practice.
- Name, email & phone
- Location
- Payment & banking details
- LinkedIn / social profiles
- Commission & performance data
- Activity budget spend
- Account & usage logs
Candidates
Job seekers applying through an Abroader's page or live vacancies.
- Name & contact details
- CV, work history & qualifications
- Nationality & right-to-work
- Application status
- Communications with Abroader
Clients
Employers listing vacancies or hiring through the Platform.
- Company & contact details
- Vacancy requirements
- Hiring activity
- Billing & invoicing information
Site visitors
Anyone browsing abroader.io without registering.
- IP address & device data
- Browser information
- Cookies & analytics data
We do not intentionally collect more data than is reasonably necessary for the purposes described in this Policy. You should not submit special category data (such as health information) unless it is genuinely required for a recruitment process and you have a lawful basis to provide it.
3. How we collect personal data
We collect personal data through:
- Direct submission — when you register as an Abroader, apply for a role as a Candidate, or provide business details as a Client.
- Abroader landing pages and vacancy listings — when Candidates submit applications or CVs through an Abroader’s branded page or live vacancy on the Platform.
- Application and contact forms — when you communicate with us or request information through forms on abroader.io.
- Platform use — when Abroaders use the workspace, commission tracker, and related tools.
- Cookies and similar technologies — when you browse abroader.io (see Section 10).
- Third parties where permitted — for example, an Abroader may introduce Candidate information into the Platform as part of a recruitment process, or a Client may provide vacancy and contact details.
4. Legal basis for processing (GDPR)
We process personal data only where we have a valid legal basis under Article 6 GDPR (and, where relevant, Article 9 for special category data). The main bases we rely on are:
Contract necessity (Art. 6(1)(b))
Processing needed to perform a contract or take steps at your request before entering a contract — for example, managing Candidate applications, facilitating introductions to Clients, operating Abroader accounts, tracking commissions, and paying Abroaders.
Legitimate interests (Art. 6(1)(f))
Processing necessary for our legitimate interests, balanced against your rights — for example, matching Candidates to vacancies, operating and improving the Platform, preventing fraud or misuse, and limited analytics to understand site usage. You may object to processing based on legitimate interests (see Section 9).
Consent (Art. 6(1)(a))
Where required, we ask for your consent — for example, for non-essential marketing communications or non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Legal obligation (Art. 6(1)(c))
Processing necessary to comply with law — for example, retaining financial, invoicing, and tax records related to Client billing and Abroader commission payments.
5. How we use personal data
We use personal data for the following processing activities:
Matching & introductions
Connect Candidates to vacancies and facilitate introductions to Clients.
Commission & payouts
Track commissions and pay Abroaders via finance and payment processors.
Landing pages
Host Abroader-branded pages showing limited public recruiter info — not Candidate data.
Client invoicing
Invoice Clients centrally on behalf of the Platform.
Split recruitment roles
Share Candidate data between sourcing and placing Abroaders where roles are split.
International transfers
Transfer data outside the EEA where placement requires it, using SCCs or adequacy decisions.
We also use data to provide support, maintain accounts, monitor Platform security, enforce our Terms of Service, and analyse site usage where permitted by law and your cookie preferences.
7. International data transfers
Abroader supports international recruitment. Personal data may therefore be transferred to countries outside the European Economic Area (EEA), including where Candidates, Clients, or Abroaders are located abroad or where a sub-processor stores data outside the EEA.
When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:
- an adequacy decision by the European Commission, where available;
- the EU Standard Contractual Clauses (SCCs), supplemented by additional measures where required; or
- another lawful transfer mechanism under Chapter V GDPR.
You may request more information about transfers relevant to your data by contacting admin@abroader.io.
8. Data retention
We keep personal data only for as long as necessary for the purposes described in this Policy, unless a longer period is required by law.
| Data type | Retention period |
|---|---|
| Candidate data — active applications | [INSERT RETENTION PERIOD — active applications] |
| Candidate data — after application closed | [INSERT RETENTION PERIOD — after application closed] |
| Abroader account data | [INSERT RETENTION PERIOD — Abroader account data] |
| Commission & financial records | [INSERT RETENTION PERIOD — commission and financial records] |
| Client records | [INSERT RETENTION PERIOD — Client records] |
| Site analytics data | [INSERT RETENTION PERIOD — analytics data] |
When data is no longer needed, we delete or anonymise it securely, subject to legal holds or audit requirements.
9. Your rights under GDPR
Depending on your location and the nature of processing, you may have the following rights:
Access
Request a copy of your personal data.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Ask us to delete your data in certain circumstances.
Restriction
Ask us to limit processing in certain circumstances.
Portability
Receive data you provided in a structured, commonly used format.
Objection
Object to processing based on legitimate interests or direct marketing.
Withdraw consent
Where processing is based on consent, withdraw it at any time.
To exercise your rights, contact us at admin@abroader.io. We may need to verify your identity before responding. We aim to respond within one month, as required by GDPR.
If you are a Candidate, note that some requests may be limited where we must retain data for an active recruitment process, a Client decision, or legal compliance — for example, commission or invoicing records.
11. Security measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures include access controls, secure hosting, and staff confidentiality obligations. No method of transmission or storage is completely secure; we cannot guarantee absolute security, but we work to maintain safeguards proportionate to the data we process.
12. Children’s data
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact admin@abroader.io and we will take steps to delete it.
13. Changes to this policy
- We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and version number at the top of this page and, where appropriate, notify you by email or through the Platform.
- We encourage you to review this page periodically. Continued use of the Platform after changes take effect means you acknowledge the updated Policy, subject to your rights under GDPR.
14. Contact and complaints
For privacy questions, data subject requests, or concerns about how we handle personal data, contact:
You also have the right to lodge a complaint with a supervisory authority. In Estonia, the relevant authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). If you live in another EU/EEA country, you may also complain to your local data protection authority.