Privacy Policy
Last Updated: 19.01.2025
Why This Privacy Policy?
At Löytöi, we believe in being clear about how we handle your personal data. This Privacy Policy explains how we collect, use, and protect your data when you use our professional endorsement platform.
We're a small business (operated as a sole trader) focused on connecting great talent with opportunities through trusted professional endorsements. While we keep things simple, we take the protection of your data seriously and comply with the General Data Protection Regulation (GDPR) where it applies to our operations.
Who We Are
Löytöi (hereinafter “we”, “our”, “us”) acts as the data controller for personal data processed through our platform. This means we decide how and why your personal data is processed. You can reach us at:
Email: privacy@loytoi.com
Address: Kommonkatu 8, 20900 Turku, Finland
Website: https://loytoi.com
How Our Platform Works and How Data Flows
To understand how we handle personal data, it's helpful to understand how our platform works:
Companies post job opportunities with associated success fees
Endorsers (typically recruiters or industry professionals) recommend candidates they know professionally
When making an endorsement, the Endorser must:
Have the candidate's explicit consent to share their information
Provide accurate and current information about the candidate
Only share relevant professional information
This means that if you're a candidate, your information initially comes to us through an Endorser who must have your consent. You can later create your own account to manage your information directly.
Legal Bases for Processing
We process your data under these legal bases, as required by GDPR:
For Companies
Contract Performance: We need to process your data to provide our services and manage your account (for example, when you post jobs or receive candidate endorsements)
Legitimate Interests: To operate and improve our platform, prevent fraud, and ensure security (like monitoring for suspicious activity)
Legal Obligation: To comply with applicable laws and regulations (such as keeping payment records)
For Endorsers
Contract performance: To manage your endorsements and process success fee payments
Legitimate Interests: To verify your professional status and track your endorsement history
Legal Obligation: For tax and payment records
For Candidates
Legitimate Interests: For the initial processing of endorsements (when an Endorser first recommends you)
Consent: For keeping your profile in our system and sharing it with potential employers
Contract performance: Once you create an account with us
What Information We Collect and Why
For Companies
We collect:
Company details (name, registration info, address) - to verify you're a real business
Contact person details (name, email, phone) - to communicate about opportunities and endorsements
Job posting information - to help Endorsers understand your needs
Payment information (excluding full credit card details) - to process success fees
How we use it:
To manage your job postings
To connect you with endorsed candidates
To process payments
To send service updates and relevant communications
For Endorsers
We collect:
Professional details and contact information - to verify your professional status
Bank account information - to pay your success fees
Professional network information - to understand your areas of expertise
Track record of endorsements - to maintain quality standards
How we use it:
To process your endorsements
To pay your success fees
To communicate about opportunities
To maintain platform quality
For Endorsed Candidates
We collect:
Professional information (through endorsers, with your consent) - to present you to potential employers
Career preferences - to match you with suitable opportunities
Endorsement context - to understand your relationship with the Endorser
Communication records - to manage the endorsement process
How we use it:
To process endorsements
To connect you with opportunities
To manage communications
To maintain accurate records
How We Use Your Information
The purposes for which we process your personal data are :
Core Platform Services
Managing user accounts and profiles
Processing endorsements and maintaining records
Handling payments for successful placements
Facilitating communications between parties
We do this by:
Storing your information securely in our database
Processing data to match candidates with opportunities
Managing the flow of endorsements
Tracking successful placements
Platform Improvement
Understanding how people use our service
Identifying areas for improvement
Developing new features
Maintaining security
We achieve this through:
Analysing usage patterns
Collecting feedback
Monitoring performance
Tracking security metrics
Legal Compliance
Maintaining required business records
Following tax regulations
Preventing fraud
Responding to legal requests
This involves:
Keeping accurate transaction records
Maintaining necessary documentation
Following legal retention requirements
Implementing security measures
Data Retention - How Long We Keep Your Information
We keep your data only as long as necessary for the purposes of processing, following these periods:
Active Users:
Account information: While your account is active
Payment records: 7 years starting from the date of the payment (this is a legal requirement for tax purposes)
Job postings: 2 years after closure
Communications: 2 years after last contact
Inactive Users:
Account data: 12 months after last activity (we'll notify you before deletion)
Basic records: As required by law (typically 7 years for financial records)
Marketing preferences: 3 years maximum
Special Cases:
Ongoing endorsement processes: Until completed
Dispute resolution: Until resolved
Legal requirements: As required by law
Your Rights and How to Exercise Them
Under GDPR, you have several rights which we're committed to upholding:
Right to Access:
Request a copy of your personal data
Learn how we use it
Know who we share it with We'll provide this within 30 days
Right to Rectification:
Update incorrect information
Complete incomplete information
Changes are usually made within 48 hours
Right to Erasure:
Request deletion of your data
Remove consent for processing
Stop future processing Unless we need to keep some information for legal reasons
Right to Object:
Stop certain types of processing
Opt out of marketing
Challenge processing based on legitimate interests
Right to Data Portability:
Receive your data in a usable format
Transfer it to other services
Available for automated processing
Available when processing is based on consent and/or contract performance
To exercise these rights:
Email privacy@loytoi.com
Tell us what you want to do
Provide necessary verification information
As a small business, we aim to respond quickly, typically within:
Simple requests: 7 days
Complex requests: up to 30 days
Very complex cases: may require maximum 90 days with a notification on the additional period sent to you within 30 days of receiving the request
How Do We Share Your Information
We share data only where necessary
With Essential Service Providers
Payment processor (for handling success fees)
Cloud hosting (for storing platform data)
Email service (for communications)
Analytics tool (for improving our service)
Within Löytöi
As a sole trader operation, only the business owner has full access to data, with security measures in place to protect your information.
International Transfers
When we use service providers outside the EU, we ensure proper protection through:
Standard contractual clauses
Adequacy decisions
Appropriate security measures
Cookies and Tracking
We use these types of cookies:
Essential Cookies
Keeping you logged in
Remembering basic preferences
Maintaining security These can't be turned off as they're necessary for the platform to work
Optional Cookies
Understanding how people use our platform
Improving user experience
Measuring performance You can choose whether to allow these
Manage your Preferences
Through your browser settings
Via our cookie management tool
By contacting us
Changes to This Policy
We may update this policy to:
Reflect new features or services
Comply with legal requirements
Improve clarity
Address user feedback
When we make changes:
Significant changes: 30 days notice
Minor updates: Posted immediately
Emergency security changes: Immediate effect
Questions and Concerns
We're here to help:
Email: privacy@loytoi.com
Response time: Usually within 24 hours on business days
You can also complain to: Finnish Data Protection Authority (www.tietosuoja.fi) If you believe we're not handling your data properly
Remember: While we're a small business, we take your privacy seriously. Our processes are straightforward and focused on protecting your data while providing our core service of connecting talent with opportunities through trusted endorsements.