Welcome to SmallJobs.ro. This Privacy Policy ("Policy") explains how SmallJobs.ro ("Platform", "we", "us", or "our"), operated by SmallJobs SRL, a company registered in Romania with its principal place of business at Simeria, Str. Progresului, Nr. 43, Hunedoara, România, collects, uses, discloses, and protects your personal data when you access or use our website at smalljobs.ro and related services ("Services"). As the data controller, we are committed to safeguarding your privacy in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Romania's Law No. 190/2018, the ePrivacy Directive, and Romanian Law No. 506/2004. We process personal data only for specified, explicit, and legitimate purposes. If you are under 16 years of age, you must obtain prior parental or guardian consent to use the Platform. By registering or using the Services, you agree to this Policy. Last Updated: April 3, 2026.

Information We Collect

We collect personal data fairly, transparently, and minimally (GDPR Article 5(1)(c)) to provide and improve the Services. Data is gathered directly from you, automatically through your use of the Platform, or from third parties such as social login providers. We do not collect special categories of sensitive data unless you voluntarily include it in job posts or messages.

• Personal and Contact Information: To enable registration, profile management, job posting and application, messaging, and reviews, we collect: your full name, email address, phone number (optional, required for certain notifications), profile picture or logo, preferred language (Romanian or English), location data (city and county, or precise geolocation with your consent), social login identifiers (e.g., Google or Facebook user IDs), and a device identifier used for session security. This data is provided during sign-up, profile updates, or interactions with the Platform. Legal basis: Contract performance (GDPR Article 6(1)(b)) and legitimate interests in secure authentication (Article 6(1)(f)).
• Usage, Technical, and Interaction Data: We automatically collect data to ensure service functionality, detect fraud, and improve performance: job-related data (titles, descriptions, categories, budgets, deadlines, locations, attached images); application details (cover letters, timestamps); conversation messages (text, timestamps, read status); reviews and ratings; search queries and filters; browsing behavior (pages visited, session duration); and technical details (device type, operating system, browser version). This data is captured via server logs and analytics tools such as Google Analytics 4. Legal basis: Legitimate interests in service improvement and security (GDPR Article 6(1)(f)).
• Cookies, Tracking Technologies, and Device Information: We and our partners use cookies, pixels, and similar technologies to support core Platform functions, personalize content, measure usage, and serve relevant advertising. The main tracking technologies we use are: (1) Google Analytics 4 — measures aggregated, anonymized site usage; analytics storage defaults to denied until you accept our cookie banner. (2) Meta (Facebook) Pixel — tracks page views and user interactions on smalljobs.ro for Facebook and Instagram advertising measurement and audience building; loads on every page visit. (3) TikTok Pixel — tracks page views and user events for TikTok advertising analytics; loads on every page visit. Essential session cookies operate without your consent. For the full list and how to opt out, see the Cookies section below. Legal basis: Consent (Article 6(1)(a)) for analytics and advertising cookies; necessity (Article 6(1)(b)/(f)) for essential cookies.
• User-Generated Content and Communications: We collect and store content you create: job postings (descriptions, requirements, budgets, locations), applications (messages to job posters), private messages in conversations, reviews and ratings, and images or files you upload. This content may include personal details you choose to share. We moderate for illegal or offensive material but do not verify accuracy. Legal basis: Contract performance (Article 6(1)(b)) for service delivery; legitimate interests (Article 6(1)(f)) for platform integrity. You retain ownership of your content but grant us a license to host and display it.

How We Use Your Information

All processing is limited to specified, compatible purposes (GDPR Article 5(1)(b)). We use appropriate security measures and notify you of high-risk processing where applicable. We do not make solely automated decisions with legal effects.

• To operate the Platform: create and maintain accounts, enable job posting, application, and matching (including location-based search), facilitate secure messaging, process reviews and notifications via email, and handle administrative functions. Legal basis: Performance of contract (Article 6(1)(b)).
• To interact with you: send confirmation emails (e.g., registration, password reset), job alerts, message notifications, and review reminders. Non-essential communications can be opted out via profile settings. Legal basis: Contract (Article 6(1)(b)) for transactional emails; legitimate interests (Article 6(1)(f)) for service-related communications.
• To enhance the Services: analyze aggregated usage data, test new features, fix bugs, and personalize the experience (e.g., language preference). Data is anonymized where possible. Legal basis: Legitimate interests (Article 6(1)(f)) in platform optimization.
• To promote the Services: send tailored newsletters or job suggestions based on your past activity, with your explicit consent. You may withdraw consent at any time without detriment (Article 7(3)). Legal basis: Explicit consent (Article 6(1)(a)), complying with Romanian electronic marketing law (Law 506/2004).
• To meet legal obligations: detect and prevent fraud, comply with tax and audit requirements, respond to legal requests from authorities, and enforce our Terms of Service. Legal basis: Legal obligations (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)) in platform security and rights protection.

Sharing and Disclosure of Your Information

We never sell, rent, or trade your personal data. Any disclosures are strictly necessary and governed by data processing agreements (DPAs) with our processors as required by GDPR Article 28. For international transfers (e.g., to US-based service providers), we use EU-approved Standard Contractual Clauses (SCCs) and appropriate safeguards.

• With Third-Party Service Providers: We engage vetted processors bound by data processing agreements: cloud infrastructure providers for hosting and file storage (using EU-based servers with encryption); Google for site analytics (aggregated, anonymized usage data via Google Analytics 4) and social login (OAuth); Meta (Facebook) for social authentication and advertising measurement via the Meta Pixel, which tracks page views and events on our Platform for audience building and ad performance measurement — this is subject to Meta's own privacy policy and data terms; TikTok for advertising analytics via the TikTok Pixel, which tracks page views and events for ad measurement and audience analytics — subject to TikTok's own privacy policy; email delivery services; and potential future processors such as payment providers (EU-based). Google, Meta, and TikTok act as independent data controllers for the data collected by their respective pixels and SDKs, governed by their own privacy policies. Legal basis: Legitimate interests (Article 6(1)(f)) and contract (Article 6(1)(b)) for service processors; consent (Article 6(1)(a)) for advertising pixels.
• With Other Platform Users: To enable the Services, certain data is visible to other users: job postings (title, description, location, budget); profile information (name, photo, location); messages (between the two parties only); and reviews (ratings and comments, including author name). You can control some of this via privacy settings. We do not share sensitive details unless you post them yourself. Legal basis: Contract performance (Article 6(1)(b)) for peer-to-peer interactions.
• With Legal Authorities and Regulators: We may disclose data to comply with applicable law: to Romanian authorities (ANSPDCP, police, or courts as required), tax bodies (ANAF), or EU regulators; to prevent harm or report suspected fraud; or in the event of a business merger or acquisition. Legal basis: Legal obligations (Article 6(1)(c)) or legitimate interests (Article 6(1)(f)) in rights protection. We challenge invalid or disproportionate requests.
• With Third Parties Based on Your Consent: We share data with additional third parties only with your explicit opt-in, for example to enable integrations with external services you authorize. Consent is freely given, specific, and informed (Article 7), and can be withdrawn at any time without affecting core Services. Legal basis: Consent (Article 6(1)(a)).

Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights under GDPR Chapter III and Romanian law. Requests are free of charge (unless manifestly unfounded or repetitive). We will verify your identity and respond within one month, extendable to three months for complex cases (Article 12(3)).

• Right of access: confirmation of whether we process your data and a copy of that data, including purposes, categories, and recipients (Article 15).
• Right to rectification: correction of inaccurate or incomplete data without undue delay (Article 16). You can update most data directly via your profile.
• Right to erasure ("right to be forgotten"): deletion of your data if it is no longer necessary, consent is withdrawn, or processing is unlawful (Article 17). We act within 30 days. Exceptions apply for legal holds or public interest purposes.
• Right to restriction: limiting processing while accuracy is contested or lawfulness is questioned (Article 18). Restricted data is marked and limited to read-only access.
• Right to data portability: receiving your data in a structured, machine-readable format (e.g., JSON or CSV) and transmitting it to another controller (Article 20).
• Right to object: stopping processing based on legitimate interests or for direct marketing purposes (Article 21). For direct marketing, this right is absolute.

To exercise any of these rights, lodge a complaint, or request more information, contact us at contact@smalljobs.ro. We will acknowledge your request within 3 business days and respond within the legal timeframe. If you are not satisfied with our response, you may lodge a complaint with Romania's National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, Blvd. Aviatorilor 14, Sector 1, Bucharest, or use the EU One-Stop-Shop mechanism.

Data Security and Breach Response

We implement industry-standard security measures to protect your data (GDPR Article 32): technical measures including encryption of data in transit and at rest, firewalls, and DDoS protection; organizational measures including role-based access controls, regular security reviews, and staff training; and pseudonymization where appropriate (e.g., hashed passwords, anonymized device identifiers). In the event of a data breach, we will notify ANSPDCP within 72 hours (Article 33) and affected users if there is a high risk to their rights (Article 34). Please report any suspected security incidents to us promptly. While we strive for robust protection, no internet service is completely infallible — we recommend using strong, unique passwords and staying vigilant against phishing.

Cookies and Tracking Technologies

Cookies are small files stored on your device by your browser. We use the following categories of cookies and tracking technologies on smalljobs.ro: (1) Essential cookies — no consent required: authentication session cookie (keeps you logged in, session duration); CSRF protection token (security, session duration); language preference cookie (stores your language choice, 30 days). (2) Analytics cookies — consent required: Google Analytics 4 cookies (_ga, _gid, _ga_G-P09G59MFME) track aggregated, anonymized usage data; no personally identifiable information is sent to Google; IP address is anonymized; data is retained for 14 months; these are denied by default and only activate when you accept the cookie banner. (3) Advertising and measurement pixels — active on every page visit regardless of cookie consent (as currently implemented): Meta (Facebook) Pixel (ID: 1133579474931029) loads on every visit and tracks page views and events for Facebook and Instagram advertising and audience measurement; TikTok Pixel (ID: D55F2DBC77UAQNS9IVD0) loads on every visit and tracks page views and events for TikTok advertising and analytics. Both advertising pixels may process your IP address, device information, browser data, and browsing behavior. Consent banner: our cookie banner appears for first-time non-authenticated visitors and allows you to accept or decline non-essential cookies; it currently controls Google Analytics consent only. To manage or opt out of advertising tracking, you can use: (1) the cookie banner (Accept/Decline); (2) your browser settings (block or delete cookies); (3) Google opt-out at myaccount.google.com/data-and-privacy; (4) Meta ad preferences at facebook.com/ads/preferences; (5) TikTok opt-out at ads.tiktok.com/i18n/optout. Declining analytics cookies does not affect core Platform functionality. We review our cookie and pixel usage annually. Legal basis: Consent (Article 6(1)(a)) for analytics cookies; legitimate interests (Article 6(1)(f)) for advertising pixel measurement; necessity (Article 6(1)(b)/(f)) for essential cookies.

Data Retention and Deletion

We retain personal data only as long as necessary for the purposes described, or as required by Romanian law (e.g., accounting records for 10 years under the Romanian Fiscal Code). Typical retention periods: active user accounts — for the duration of the relationship plus 2 years after termination; job postings and applications — until completion plus 1 year; messages — 5 years for dispute resolution; reviews — retained indefinitely but anonymized after 5 years; server logs and IP addresses — 30 days (90 days for security incidents); cookies — as listed above. Inactive accounts are flagged after 12 months and deleted after 2 years with prior notice. Upon a deletion request (right to erasure), we act within 30 days, including removal from backups within 90 days. Uploaded images and files are deleted immediately upon removal. We can provide proof of deletion upon request.

Marketing Communications and Newsletters

We send two types of electronic communications: transactional (e.g., job confirmations, password resets — required for contract performance) and promotional (e.g., newsletters with platform updates or job tips — require explicit opt-in at registration or via in-app settings). Marketing is personalized based on your activity or your consent, without automated profiling that produces legal effects. All marketing emails include a clear unsubscribe link, processed within 10 business days. Opting out of marketing does not affect transactional emails. We limit email frequency to avoid spam. Legal basis: Explicit consent (Article 6(1)(a)) for promotional emails; contract (Article 6(1)(b)) for transactional. Complies with Romanian Law 506/2004 and the ePrivacy Directive.

AI-Powered Features

SmallJobs.ro includes an AI assistant that helps you draft job descriptions and other content on the Platform. This feature is powered by a third-party AI provider. The following applies: (1) The AI assistant processes only the text you explicitly submit to it — it does not access your private messages, profile data, or account information. (2) Your input is sent to the AI provider's servers for processing and is subject to their privacy and data processing terms. (3) Each user has a daily usage quota for the AI assistant; once the limit is reached, the feature becomes unavailable until the next day. (4) AI-generated content is a suggestion only — you are fully responsible for reviewing, editing, and ensuring that any content you publish complies with our Terms of Service and applicable law. We are not liable for any inaccuracies, omissions, or policy violations in AI-generated content. (5) You must not use the AI assistant to generate content that violates our Terms of Service, including fraudulent, offensive, or misleading job postings. Legal basis: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) in providing and improving the Services.

Changes to This Privacy Policy

We may revise this Policy to reflect legal, operational, or technological changes. Minor updates (e.g., clarifications) are posted here with an updated "Last Updated" date — continued use of the Platform after the effective date constitutes acceptance. Material changes (e.g., new data uses, new processors, or changes affecting your rights) will be notified at least 30 days in advance by email, in-app notice, or banner. If changes reduce your rights, we will provide alternatives such as data export before deletion. You can always view the current Policy on the Platform.

Contact Us

If you have questions about this Policy, wish to exercise your rights, request data access or deletion, withdraw consent, or file a complaint, please contact us. Provide sufficient details (e.g., your email address and the nature of your request) so we can verify your identity and respond effectively.

Email: contact@smalljobs.ro: contact@smalljobs.ro

Last Updated: April 3, 2026