Privacy Policy

Last updated: December 17, 2025

Overview

This policy explains how we collect, use, and protect your data when you use our CV analysis service. We take your privacy seriously and only collect data necessary to provide our service.

Data Controller

HAREMO IT Solutions GmbH, Wellingsbütteler Landstr. 193, 22337 Hamburg, Germany. For privacy inquiries: info@financecvcheck.com

We have not appointed a Data Protection Officer, as we are not legally required to do so under Art. 37 GDPR. Our core activities do not involve large-scale, regular, or systematic monitoring of data subjects, nor large-scale processing of special categories of data.

Data We Collect

  • CV files you upload (PDF/DOCX) for analysis
  • Email address if you request email delivery
  • Payment data processed by Stripe (we don't store card details)
  • Technical data like IP address and browser info (server logs)
  • Analytics data via Google Analytics (only with your consent)

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): Processing your CV, generating analysis, handling payments, and delivering results
  • Consent (Art. 6(1)(a)): Analytics and cookies (you can withdraw consent anytime)
  • Legal obligation (Art. 6(1)(c)): Retaining payment records for tax compliance
  • Legitimate interests (Art. 6(1)(f)): Security measures, fraud prevention, and service improvement

How We Use Your Data

  • To analyze your CV and generate your report
  • To process your payment
  • To send you the analysis results via email (if requested)
  • To ensure security and prevent abuse

Data Retention

  • CV files and analysis results: Automatically deleted after 7 days
  • Payment records and invoices: Retained for 10 years as required by German tax law (§ 147 AO)
  • Server logs: Retained for 30 days for security purposes
  • Analytics data: Managed by Google (typically 14 months, configurable)

Third-Party Services & Data Processors

We share your data with the following service providers who act as data processors:

  • Stripe — payment processing (GDPR-compliant, DPA in place)
  • Supabase (AWS) — secure data storage (Standard Contractual Clauses)
  • OpenAI — AI-powered CV analysis (data sent to US servers)
  • Postmark — transactional email delivery (GDPR-compliant)
  • Google Analytics — website analytics (only with your consent, IP addresses anonymized before storage)
  • Vercel — website hosting (global CDN, GDPR-compliant)

International Data Transfers: Some providers process data outside the EU (primarily in the United States). Where personal data is processed outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework adequacy decisions are in place. You have the right to request copies of these safeguards.

Cookies & Tracking

We use cookies and similar technologies for essential functionality and, with your consent, for analytics:

  • Essential cookies: Required for site functionality, payment processing, and security (no consent needed)
  • Analytics cookies: Google Analytics for understanding site usage (requires your consent). IP addresses are anonymized before storage.
  • Local storage: Stores your cookie preferences and session data (browser-only, not sent to servers)

Cookie consent preferences are stored either as cookies or in localStorage, depending on your browser and device. You can manage your preferences at any time through our cookie banner or Cookie Policy page. Disabling cookies may affect site functionality.

Email Marketing & CV Templates

We offer free CV templates for finance applications. When you sign up to receive a template, we collect and process your data as follows:

  • Data collected: Email address, IP address (hashed for privacy), timestamp, consent text, and template preference
  • Legal basis: Your explicit consent (GDPR Art. 6(1)(a))
  • Purpose: Deliver CV templates and send occasional finance career tips and resources
  • Double opt-in: We use a double opt-in process compliant with German UWG law. After signup, you will receive a verification email that you must click to confirm your subscription.

Data retention:

  • Active subscribers: Until you unsubscribe
  • Unsubscribed records: 3 years (to prove consent if legally challenged)
  • Unconfirmed signups: Deleted after 30 days

Your rights:

  • Unsubscribe anytime: Every email includes a one-click unsubscribe link
  • Withdrawal effective immediately: We stop sending emails instantly upon unsubscription
  • Request deletion: Email us to have all your consent data deleted

We will never sell your email address to third parties or send emails on behalf of other companies.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18): Limit how we process your data
  • Right to data portability (Art. 20): Receive your data in a machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): Withdraw consent for analytics/cookies at any time

How to exercise your rights: Email us at info@financecvcheck.com with:

  • Your request type (access, deletion, etc.)
  • Your scan ID or order number (if available)
  • Proof of identity (to prevent unauthorized access)

We will respond within 1 month. If your request is complex, we may extend this by 2 additional months and will inform you.

Right to lodge a complaint: If you believe we are not processing your data lawfully, you have the right to complain to the data protection supervisory authority:

Hamburgischer Beauftragte für Datenschutz und Informationsfreiheit
Website: datenschutz-hamburg.de

Automated Decision-Making & AI Analysis

Our service uses AI (OpenAI GPT-4) to analyze your CV and generate a compatibility score. This is an automated evaluation, but it does not produce legal effects or significantly affect you in a similar way. The analysis is purely informational to help you improve your CV. Final hiring decisions are made by employers, not our system.

You have the right to obtain human intervention, express your point of view, and contest any automated decision if you disagree with the results.

Security

All data is transmitted over encrypted connections (HTTPS/TLS). We implement appropriate technical measures to protect your data. Passwords are stored only in hashed and salted form and cannot be read by us.

Changes to This Policy

We may update this policy from time to time. The current version will always be available on this page.