matchr

    Legal

    Privacy Policy

    Last updated: 18 May 2026

    This policy explains what personal data MatcHR B.V. collects when you use matchr.io or interact with us, why we collect it, who we share it with, and the rights you have over your data. We've kept it plain-English where we can.

    1. Who we are

    Matchr (legal entity: MatcHR B.V.) is a global embedded RPO partner registered in the Netherlands.

    • Registered address: Dahlialaan 22, 2111 ZN Aerdenhout, Netherlands
    • VAT ID: NL859226657B01
    • KvK (Chamber of Commerce): [to be confirmed]
    • Contact: info@matchr.io

    For any question about this policy or your personal data, write to info@matchr.io. We aim to respond within 30 days.

    For the purposes of the EU General Data Protection Regulation (GDPR), MatcHR B.V. is the data controller of personal data collected through matchr.io and through our business operations.

    2. What personal data we collect

    We collect personal data in three ways: you give it to us, we collect it automatically when you use our site, and we receive it from third parties.

    Data you give us

    When you fill in a form on our site, we collect the information you provide. Forms on matchr.io include:

    • Contact form: name, email, company, message.
    • Newsletter signup: email address.
    • Lead-magnet downloads (e.g. RISE Framework, AI Tools for Recruiters report): name, email, company.
    • Job application form: name, email, phone, CV or resume, optional cover letter, any other details you submit.
    • Event registration (TRC, meetups): name, email, company, role, dietary preferences where relevant.

    Data we collect automatically

    When you visit matchr.io, our hosting provider and analytics tools log technical information including IP address, browser type, operating system, device type, referring URL, the pages you visit, and the time you spend on them. See section 8 (Cookies) for details.

    Data we receive from third parties

    In the course of business development, we may enrich contact data from publicly available sources (LinkedIn profiles, company websites) or third-party providers such as Apollo for sourcing prospective customers. We only collect business contact data used for B2B outreach in line with the legitimate-interest basis described below.

    3. Why we use your data

    We use personal data for the following purposes, with the corresponding GDPR Article 6 legal basis:

    • Respond to enquiries you send via the contact form: pre-contractual measures.
    • Send the marketing newsletter you signed up for: consent.
    • Deliver lead magnets you requested and follow up about them: legitimate interest.
    • Evaluate your job application: pre-contractual measures.
    • Register and run events you signed up for: performance of contract.
    • Send event recaps, reminders, and related event invitations: legitimate interest, with opt-out available at any time.
    • B2B sales outreach to relevant prospects: legitimate interest.
    • Analyse website usage to improve the site: consent for non-essential cookies.
    • Comply with legal obligations (tax, accounting): legal obligation.

    We do not sell your personal data. We do not use it for automated decision-making that has legal effect on you.

    4. Who we share your data with

    We rely on a small set of carefully selected processors to run our business. Each is bound by a Data Processing Agreement (DPA).

    • HubSpot: our CRM and marketing platform. Stores contact details, manages newsletter and event email sends, hosts form submissions. Data is held in HubSpot’s EU data centre.
    • Manatal: our applicant tracking system. Stores CVs and application details for open and recent roles.
    • Google (Google Analytics 4, Google Ads): measures site traffic and runs paid acquisition campaigns. Personal data is transferred to the United States under the EU-U.S. Data Privacy Framework.
    • LinkedIn and Meta: paid ad platforms. Used to deliver targeted B2B ads. Data transferred to the United States under the Data Privacy Framework.
    • Vercel: our website hosting provider. Stores access logs (including IP addresses) for operational and security purposes. Data may be processed in the United States and the European Union under appropriate safeguards.
    • Sanity: our content management system. Stores website content only; does not store visitor or contact data.
    • n8n: workflow automation for some form submissions. Routes data from forms to HubSpot and our team.
    • Apollo: used for B2B contact enrichment and sales prospecting. Data transferred to the United States under appropriate safeguards.

    We may also share personal data with our professional advisors (accountants, lawyers) and with authorities when required by law.

    If you’re an embedded RPO candidate, we share your CV with the client company hiring for the role, only after we’ve discussed your application with you. We never share your CV with a client without your awareness.

    5. International transfers

    Some of our processors are based outside the European Economic Area (EEA), including in the United States. Where personal data is transferred outside the EEA, we rely on the EU-U.S. Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, or another lawful transfer mechanism.

    6. How long we keep your data

    We keep personal data only as long as we need it for the purpose we collected it.

    • Newsletter subscribers: until you unsubscribe.
    • Contact form enquiries: up to 24 months after our last interaction, then deleted or anonymised.
    • Lead-magnet downloads: up to 24 months after download, then deleted or anonymised.
    • Job applications: up to 12 months after the role closes, so we can consider you for future roles, unless you ask us to delete sooner.
    • Event attendees: up to 24 months after the event, for the purpose of inviting you to related editions.
    • Customers and suppliers: for the duration of the contract plus the period required by tax and accounting law (typically 7 years in the Netherlands).
    • Website logs: typically 30 to 90 days.

    7. Your rights

    Under GDPR, you have the following rights regarding your personal data:

    • Access: request a copy of the personal data we hold about you.
    • Rectification: ask us to correct inaccurate or incomplete data.
    • Erasure: ask us to delete your data, subject to legal retention requirements.
    • Restriction: ask us to pause processing in certain circumstances.
    • Portability: receive your data in a structured, commonly used format.
    • Objection: object to processing based on legitimate interest, including direct marketing.
    • Withdraw consent: for any processing based on consent (e.g. newsletter, non-essential cookies), withdraw at any time.

    To exercise any of these rights, write to info@matchr.io. We may ask you to verify your identity before we act on the request, and we’ll respond within 30 days.

    If you believe we've handled your data incorrectly, you also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.

    8. Cookies and tracking

    We use cookies and similar technologies to operate the site, measure traffic, and deliver targeted ads where you’ve consented. Strictly necessary cookies are set by default; analytics, marketing, and personalisation cookies are only set after you accept them via our cookie banner.

    See our Cookie Policy for the full list of cookies and what they do.

    9. Security

    We take reasonable technical and organisational measures to protect your personal data, including encryption in transit (HTTPS everywhere), access controls on our internal systems, and DPAs with all our processors. No system is perfectly secure, but we work with vendors that meet recognised security standards.

    10. Children

    matchr.io is a B2B service and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact info@matchr.io and we’ll delete it.

    11. Changes to this policy

    We may update this policy from time to time. The “Last updated” date at the top of this page tells you when the most recent version was published. Material changes (for example, a new processor or a new purpose of processing) will be communicated via email to active newsletter subscribers and via a banner on the site.

    12. Contact

    For any question, concern, or rights request related to your personal data, email info@matchr.io. We aim to respond within 30 days.