Welcome to SmallJobs.ro. This Privacy Policy ("Policy") explains how SmallJobs.ro ("Platform", "we", "us", or "our"), operated by SmallJobs SRL, a company registered in Romania with its principal place of business at Simeria, Str. Progresului, Nr. 43, Hunedoara, România, collects, uses, discloses, and protects your personal data when you access or use our website at smalljobs.ro and related services ("Services"). As the data controller, we are committed to safeguarding your privacy in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Romania's Law No. 190/2018, the ePrivacy Directive, and Romanian Law No. 506/2004. We process personal data only for specified, explicit, and legitimate purposes. If you are under 16 years of age, you must obtain prior parental or guardian consent to use the Platform. By registering or using the Services, you agree to this Policy. Last Updated: April 30, 2026.

Information We Collect

We collect personal data fairly, transparently, and minimally (GDPR Article 5(1)(c)) to provide and improve the Services. Data is gathered directly from you, automatically through your use of the Platform, or from third parties such as social login providers. We do not collect special categories of sensitive data unless you voluntarily include it in job posts or messages.

• Personal and Contact Information: To enable registration, profile management, job posting and application, messaging, and reviews, we collect: your full name, email address, phone number (optional, required for certain notifications), profile picture or logo, preferred language (Romanian or English), location data (city and county, or precise geolocation with your consent), social login identifiers (Google, Facebook, or Apple user IDs), a device identifier used for session security and for binding your active sessions across web and mobile, and — if you choose to enable push notifications — your browser Web Push subscription endpoint or your mobile device's Firebase Cloud Messaging (FCM) token, which are used solely to deliver the notifications you have opted into. If you register the Platform as a legal entity (business account), we additionally collect your company name and Romanian tax identification number (CUI) for invoicing and legal compliance. You may also enable a public profile flag and a custom profile URL identifier (slug); when enabled, the selected profile information becomes discoverable to other users and search engines. This data is provided during sign-up, profile updates, or interactions with the Platform, including from the SmallJobs mobile application via a secure mobile-to-web authentication bridge. Legal basis: Contract performance (GDPR Article 6(1)(b)) and legitimate interests in secure authentication (Article 6(1)(f)); explicit consent (Article 6(1)(a)) for push notification subscriptions and precise geolocation.
• Usage, Technical, and Interaction Data: We automatically collect data to ensure service functionality, detect fraud, and improve performance: job-related data (titles, descriptions, categories, budgets, deadlines, locations, attached images); application details (cover letters, timestamps); conversation messages (text, timestamps, read status); reviews and ratings; search queries and filters; browsing behavior (pages visited, session duration); your favorited jobs and users (entries you have saved or bookmarked from listings); aggregated view counts on jobs and profiles, used for popularity ranking and for your personal dashboard; your interface theme preference (light, dark, or system) and aggregated theme statistics used to plan platform improvements; undeliverable email events (we record bounces from our email provider so we can stop sending to invalid addresses); rate-limiting buckets (counters indexed by your account email or, when not authenticated, by IP address, which we use to throttle abusive login, registration, or messaging activity); and technical details (device type, operating system, browser version). When you use the SmallJobs mobile application, we additionally collect mobile-specific telemetry needed to operate, secure, and improve it: app version, OS version, device model, language and locale, network type (Wi-Fi or cellular), and crash reports (stack traces and the technical state of the application at the moment of the crash, with personally identifiable content scrubbed where feasible). We do not collect persistent advertising identifiers (IDFA on iOS or Advertising ID on Android) without your prior in-app consent, and we do not access your contacts, calendar, microphone, or precise GPS coordinates without an explicit per-feature permission grant. This data is captured via server logs and analytics tools such as Google Analytics 4. Legal basis: Legitimate interests in service improvement and security (GDPR Article 6(1)(f)).
• Cookies, Tracking Technologies, and Device Information: We and our partners use cookies, pixels, and similar technologies to support core Platform functions, personalize content, measure usage, and serve relevant advertising. The main tracking technologies we use are: (1) Google Analytics 4 — measures aggregated, anonymized site usage; analytics storage defaults to denied until you accept our cookie banner. (2) Meta (Facebook) Pixel — tracks page views and user interactions on smalljobs.ro for Facebook and Instagram advertising measurement and audience building; loads on every page visit. (3) TikTok Pixel — tracks page views and user events for TikTok advertising analytics; loads on every page visit. Essential session cookies operate without your consent. For the full list and how to opt out, see the Cookies section below. Legal basis: Consent (Article 6(1)(a)) for analytics and advertising cookies; necessity (Article 6(1)(b)/(f)) for essential cookies.
• User-Generated Content and Communications: We collect and store content you create: job postings (descriptions, requirements, budgets, locations), applications (messages to job posters), private messages in conversations, reviews and ratings, and images or files you upload. This content may include personal details you choose to share. When you upload an image, we strip embedded GPS coordinates and other location-revealing fields from EXIF metadata before storing it, so location information embedded in your photos by your camera does not become public; image orientation metadata is preserved and applied so the image displays correctly, and where appropriate images are recompressed to optimize delivery. We do not currently apply automated face recognition, fingerprint matching, or other biometric processing to uploaded images. We moderate for illegal or offensive material but do not verify the accuracy of user submissions. Legal basis: Contract performance (Article 6(1)(b)) for service delivery; legitimate interests (Article 6(1)(f)) for platform integrity. You retain ownership of your content but grant us a license to host and display it as described in the Terms and Conditions.

How We Use Your Information

All processing is limited to specified, compatible purposes (GDPR Article 5(1)(b)). We use appropriate security measures and notify you of high-risk processing where applicable. We do not make solely automated decisions producing legal effects on you or similarly significantly affecting you (GDPR Article 22). We do, however, use limited automated processing for non-significant personalization purposes — for example, ranking search results by relevance, recommending jobs based on your saved categories or recent searches, ordering profiles or jobs by popularity, displaying tier-based prominence, applying spam and abuse-detection scores, and prioritizing notifications. These automated systems are subject to human review where they materially affect access to or visibility within the Platform, you can request human intervention by contacting contact@smalljobs.ro, and you have the right to object under GDPR Article 21. We do not use profiling to present advertising targeted at users we know with reasonable certainty to be minors.

• To operate the Platform: create and maintain accounts, enable job posting, application, and matching (including location-based search), facilitate secure messaging, process reviews and notifications via email, and handle administrative functions. Legal basis: Performance of contract (Article 6(1)(b)).
• To interact with you: send confirmation emails (e.g., registration, password reset), job alerts, message notifications, and review reminders. Non-essential communications can be opted out via profile settings. Legal basis: Contract (Article 6(1)(b)) for transactional emails; legitimate interests (Article 6(1)(f)) for service-related communications.
• To enhance the Services: analyze aggregated usage data, test new features, fix bugs, and personalize the experience (e.g., language preference). Data is anonymized where possible. Legal basis: Legitimate interests (Article 6(1)(f)) in platform optimization.
• To promote the Services: send tailored newsletters or job suggestions based on your past activity, with your explicit consent. You may withdraw consent at any time without detriment (Article 7(3)). Legal basis: Explicit consent (Article 6(1)(a)), complying with Romanian electronic marketing law (Law 506/2004).
• To meet legal obligations and operate the Platform safely: detect and prevent fraud, comply with tax and audit requirements, respond to legal requests from authorities, and enforce our Terms of Service. For technical support, account recovery, and abuse investigation, authorized SmallJobs personnel may temporarily access a user's account on their behalf ("impersonation"); each such access is recorded in an internal audit log together with the operator's identity, the affected user, the timestamp, and the reason, the impersonating session is visibly marked in the interface while active, and impersonators are not permitted to read the content of private messages unless strictly required to investigate a reported abuse. Legal basis: Legal obligations (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)) in platform security and rights protection.

Sharing and Disclosure of Your Information

We never sell, rent, or trade your personal data. Any disclosures are strictly necessary and governed by data processing agreements (DPAs) with our processors as required by GDPR Article 28. Our primary cloud hosting (Amazon Web Services, eu-north-1 region in Stockholm) and our payment processor (Netopia mobilPay) operate within the European Economic Area. The following processors involve transfers outside the EEA: Google LLC (United States) for Analytics, OAuth login, Firebase Cloud Messaging, and Gemini AI; Meta Platforms Ireland Ltd. with onward transfers to Meta Platforms, Inc. (United States) for the Meta Pixel and Facebook login; TikTok Technology Limited (Ireland) with onward transfers to ByteDance group entities outside the EEA for the TikTok Pixel; Apple Inc. (United States) for Apple Sign-In and App Store distribution; and the OpenStreetMap Foundation infrastructure (United Kingdom) for location lookups. Each of these transfers is covered by an appropriate transfer mechanism under GDPR Chapter V — adherence to the EU-U.S. Data Privacy Framework where applicable, the European Commission's Standard Contractual Clauses, the United Kingdom's adequacy decision, and supplementary technical and organizational measures where required. You can request a copy of the relevant safeguards by contacting contact@smalljobs.ro. We update our list of sub-processors as it evolves and will provide a meaningful means to object to material changes to that list.

• With Third-Party Service Providers: We engage vetted processors bound by data processing agreements: Amazon Web Services for cloud infrastructure, including hosting on EU-based servers (eu-north-1, Stockholm), Amazon S3 for storage of profile and job images, and Amazon SES for transactional and marketing email delivery; Google for site analytics (aggregated, anonymized usage data via Google Analytics 4), social login (OAuth), and Firebase Cloud Messaging (FCM) for delivering push notifications to your mobile device when you have opted in; Google's Gemini API as the third-party provider that powers the AI assistant, which receives the text you submit to the assistant and the chosen mode (analyze or generate) — see Section 9 for details; Meta (Facebook) for social authentication and advertising measurement via the Meta Pixel, which tracks page views and events on our Platform for audience building and ad performance measurement — this is subject to Meta's own privacy policy and data terms; Apple for Apple Sign-In, which lets you sign in with your Apple ID and may share a private relay email address with us instead of your real email; TikTok for advertising analytics via the TikTok Pixel, which tracks page views and events for ad measurement and audience analytics — subject to TikTok's own privacy policy; OpenStreetMap (Nominatim) for converting place names you select into standard location identifiers; and Netopia mobilPay (payment processor authorized by the National Bank of Romania) for processing subscription, tier-upgrade, and promoted-listing payments — Netopia receives the order identifier, the amount, the currency, and a transaction reference, while card numbers, CVV codes, and banking credentials are entered exclusively on Netopia's secure payment pages and never reach SmallJobs servers. Google, Meta, TikTok, and Apple act as independent data controllers for the data collected by their respective pixels, SDKs, and authentication services, governed by their own privacy policies. Legal basis: Legitimate interests (Article 6(1)(f)) and contract (Article 6(1)(b)) for service processors and payment processing; consent (Article 6(1)(a)) for advertising pixels and AI assistant usage.
• With Other Platform Users: To enable the Services, certain data is visible to other users: job postings (title, description, location, budget); profile information (name, photo, location); messages (between the two parties only); and reviews (ratings and comments, including author name). You can control some of this via privacy settings. We do not share sensitive details unless you post them yourself. Legal basis: Contract performance (Article 6(1)(b)) for peer-to-peer interactions.
• With Legal Authorities and Regulators: We may disclose data to comply with applicable law: to Romanian authorities (ANSPDCP, police, or courts as required), tax bodies (ANAF), or EU regulators; to prevent harm or report suspected fraud; or in the event of a business merger or acquisition. Legal basis: Legal obligations (Article 6(1)(c)) or legitimate interests (Article 6(1)(f)) in rights protection. We challenge invalid or disproportionate requests.
• With Third Parties Based on Your Consent: We share data with additional third parties only with your explicit opt-in, for example to enable integrations with external services you authorize. Consent is freely given, specific, and informed (Article 7), and can be withdrawn at any time without affecting core Services. Legal basis: Consent (Article 6(1)(a)).

Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights under GDPR Chapter III and Romanian law. Requests are free of charge (unless manifestly unfounded or repetitive). We will verify your identity and respond within one month, extendable to three months for complex cases (Article 12(3)).

• Right of access: confirmation of whether we process your data and a copy of that data, including purposes, categories, and recipients (Article 15).
• Right to rectification: correction of inaccurate or incomplete data without undue delay (Article 16). You can update most data directly via your profile.
• Right to erasure ("right to be forgotten"): deletion of your data if it is no longer necessary, consent is withdrawn, or processing is unlawful (Article 17). We act within 30 days. Exceptions apply for legal holds or public interest purposes.
• Right to restriction: limiting processing while accuracy is contested or lawfulness is questioned (Article 18). Restricted data is marked and limited to read-only access.
• Right to data portability: receiving your data in a structured, machine-readable format (e.g., JSON or CSV) and transmitting it to another controller (Article 20).
• Right to object: stopping processing based on legitimate interests or for direct marketing purposes (Article 21). For direct marketing, this right is absolute.

To exercise any of these rights, lodge a complaint, or request more information, contact us at contact@smalljobs.ro. We will acknowledge your request within 3 business days and respond within the legal timeframe. If you are not satisfied with our response, you may lodge a complaint with Romania's National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, Blvd. Aviatorilor 14, Sector 1, Bucharest, or use the EU One-Stop-Shop mechanism.

Data Security and Breach Response

We implement industry-standard security measures to protect your data (GDPR Article 32): technical measures including encryption of data in transit (TLS) and at rest (database and disk-level encryption), firewalls, DDoS protection, and rate limiting on sensitive endpoints (login, registration, password reset, messaging); organizational measures including role-based access controls, audit logging of administrative actions and admin impersonations, regular security reviews, dependency updates, and staff training; and pseudonymization where appropriate (for example, bcrypt-hashed passwords, anonymized device identifiers, and tokenized session references). Private messages between Users are stored on our servers in plain text (subject to encryption at rest at the database and disk level) and are not protected by end-to-end encryption; they may be accessed by authorized SmallJobs personnel for abuse investigation, legal compliance, or technical support, as described in this Policy. If you need to exchange highly confidential information, please do so off-platform using a service designed for that purpose. In the event of a personal data breach, we will notify ANSPDCP within 72 hours of becoming aware of it (Article 33) and the affected users without undue delay where there is a high risk to their rights (Article 34). Please report any suspected security incidents to us promptly. While we strive for robust protection, no internet service is completely infallible — we recommend using strong, unique passwords, enabling notifications for unusual sign-in activity, and staying vigilant against phishing.

Cookies and Tracking Technologies

Cookies are small files stored on your device by your browser. We use the following categories of cookies and tracking technologies on smalljobs.ro: (1) Essential cookies — no consent required: authentication session cookie (keeps you logged in, session duration); CSRF protection token (security, session duration); language preference cookie (stores your language choice, 30 days). (2) Analytics cookies — consent required: Google Analytics 4 cookies (_ga, _gid, _ga_G-P09G59MFME) track aggregated, anonymized usage data; no personally identifiable information is sent to Google; IP address is anonymized; data is retained for 14 months; these are denied by default and only activate when you accept the cookie banner. (3) Advertising and measurement pixels — active on every page visit regardless of cookie consent (as currently implemented): Meta (Facebook) Pixel (ID: 1133579474931029) loads on every visit and tracks page views and events for Facebook and Instagram advertising and audience measurement; TikTok Pixel (ID: D55F2DBC77UAQNS9IVD0) loads on every visit and tracks page views and events for TikTok advertising and analytics. Both advertising pixels may process your IP address, device information, browser data, and browsing behavior. Consent banner: our cookie banner appears for first-time non-authenticated visitors and allows you to accept or decline non-essential cookies; it currently controls Google Analytics consent only. To manage or opt out of advertising tracking, you can use: (1) the cookie banner (Accept/Decline); (2) your browser settings (block or delete cookies); (3) Google opt-out at myaccount.google.com/data-and-privacy; (4) Meta ad preferences at facebook.com/ads/preferences; (5) TikTok opt-out at ads.tiktok.com/i18n/optout. Declining analytics cookies does not affect core Platform functionality. (4) Service Worker and Progressive Web App (PWA) browser storage — when you visit or install the SmallJobs PWA, a Service Worker is registered in your browser to enable offline access, faster page loads, and push notifications. The Service Worker uses your browser's Cache Storage to store, on your device only, static assets (fonts, icons, application code), images served from our content delivery network, and selected non-authenticated API responses. This data never leaves your device and is not used to identify or track you; you can clear it at any time from your browser's site settings, and uninstalling the SmallJobs PWA removes the Service Worker. (5) Push notification subscriptions — if you enable web push notifications, your browser stores a subscription endpoint locally and shares it with our servers; we keep that subscription in our database for the sole purpose of delivering the notifications you have opted into, and we delete it when you disable notifications, delete your account, or revoke browser permission. Local storage — we use a small amount of `localStorage` on your device to remember non-essential preferences such as your selected interface theme (light, dark, or system) and your dismissal of in-app banners; this data stays on your device and you can clear it from your browser at any time. We review our cookie, pixel, and storage usage annually. Legal basis: Consent (Article 6(1)(a)) for analytics cookies and push notifications; legitimate interests (Article 6(1)(f)) for advertising pixel measurement and offline performance; necessity (Article 6(1)(b)/(f)) for essential cookies, the Service Worker, and local preference storage.

Data Retention and Deletion

We retain personal data only as long as necessary for the purposes described, or as required by Romanian law (e.g., accounting records for 10 years under the Romanian Fiscal Code). Typical retention periods: active user accounts — for the duration of the relationship plus 2 years after termination; job postings and applications — until completion plus 1 year; private messages — automatically deleted 125 days after the last message in a conversation, in line with our short-retention messaging policy (you can save important information by exporting it before that date); reviews — retained for the lifetime of the account and anonymized upon account deletion; server logs and request traces — typically 30 days, with security-relevant logs kept up to 90 days; AI assistant inputs and generated outputs — cached on our servers to ensure consistent responses and to prevent abuse, retained for the lifetime of the account or until you request deletion; product analytics events (such as login events, job-posting events, page and profile view counts, and aggregated theme preference statistics) — kept on our servers in aggregated form for the lifetime of the account, used for service improvement and platform statistics, and deleted upon account deletion; payment records and invoices — 10 years, as required by the Romanian Fiscal Code; web push and mobile push notification subscriptions — until you disable notifications or delete your account; cookies — as listed above. Inactive accounts are flagged after 12 months and deleted after 2 years with prior notice. Upon a deletion request (right to erasure), we act within 30 days, including removal from backups within 90 days. Uploaded images and files are deleted immediately upon removal. We can provide proof of deletion upon request.

Marketing Communications and Newsletters

We send two types of electronic communications: transactional (e.g., job confirmations, password resets — required for contract performance) and promotional (e.g., newsletters with platform updates or job tips — require explicit opt-in at registration or via in-app settings). Marketing is personalized based on your activity or your consent, without automated profiling that produces legal effects. All marketing emails include a clear unsubscribe link, processed within 10 business days. Opting out of marketing does not affect transactional emails. We limit email frequency to avoid spam. Legal basis: Explicit consent (Article 6(1)(a)) for promotional emails; contract (Article 6(1)(b)) for transactional. Complies with Romanian Law 506/2004 and the ePrivacy Directive.

AI-Powered Features

SmallJobs.ro includes an AI assistant that helps you draft job descriptions and other content on the Platform. This feature is powered by a third-party AI provider. The following applies: (1) The AI assistant processes only the text you explicitly submit to it — it does not access your private messages, profile data, or account information. (2) Your input is sent to the AI provider's servers for processing and is subject to their privacy and data processing terms. (3) Each user has a daily usage quota for the AI assistant; once the limit is reached, the feature becomes unavailable until the next day. (4) AI-generated content is a suggestion only — you are fully responsible for reviewing, editing, and ensuring that any content you publish complies with our Terms of Service and applicable law. We are not liable for any inaccuracies, omissions, or policy violations in AI-generated content. (5) You must not use the AI assistant to generate content that violates our Terms of Service, including fraudulent, offensive, or misleading job postings. Legal basis: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) in providing and improving the Services.

Changes to This Privacy Policy

We may revise this Policy to reflect legal, operational, or technological changes. Minor updates (e.g., clarifications) are posted here with an updated "Last Updated" date — continued use of the Platform after the effective date constitutes acceptance. Material changes (e.g., new data uses, new processors, or changes affecting your rights) will be notified at least 30 days in advance by email, in-app notice, or banner. If changes reduce your rights, we will provide alternatives such as data export before deletion. You can always view the current Policy on the Platform.

Contact Us

If you have questions about this Policy, wish to exercise your rights, request data access or deletion, withdraw consent, or file a complaint, please contact us. Provide sufficient details (e.g., your email address and the nature of your request) so we can verify your identity and respond effectively.

Email: contact@smalljobs.ro: contact@smalljobs.ro

Last Updated: April 30, 2026