TilmaraTilmara
Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to Tilmara, the commercial brand of Breaking Disruptive Talent OÜ ("Tilmara", "we", "us", "our"). We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, process, and protect your personal data when you:

  • Visit our website tilmara.com
  • Contact us through our forms
  • Engage with our recruitment or consulting services
  • Interact with our AI-supported candidate sourcing processes
  • Receive communication from us

This Policy is written in accordance with the General Data Protection Regulation (GDPR — EU 2016/679), Estonian Personal Data Protection Act (IKS), and ePrivacy Directive / Cookie rules.

2. Data Controller

Breaking Disruptive Talent OÜ
Commercial name: Tilmara
Address: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 57, 10412, Estonia
Registration: Estonian Commercial Register
Email: privacy@tilmara.com

3. Personal Data We Collect

We only collect the minimum personal data necessary to deliver our services.

3.1. Data you provide directly

  • Name
  • Email address
  • Phone number
  • Current role and skill information
  • CV/resume or LinkedIn profile
  • Message or details you enter in contact forms

3.2. Candidate & recruitment-specific data

Only when you submit it to us, we may process:

  • Work history and education
  • Skills, certifications, technical abilities
  • Employment preferences (salary expectations, location, availability)
  • Interview notes
  • Portfolio links (e.g. GitHub, Behance, personal sites)

3.3. Website & analytics data

Automatic information:

  • IP address (anonymised where possible)
  • Device type
  • Browser
  • Pages visited
  • Time spent on pages
  • Cookies and tracking preferences

We do not collect any sensitive categories of data (Art. 9 GDPR).

4. How We Use Your Personal Data

We process your data to:

4.1. Deliver our recruitment services

  • Identify technical talent using AI sourcing and human review
  • Match candidates with relevant opportunities
  • Screen, shortlist and evaluate profiles
  • Present candidates to potential employers
  • Manage communication throughout the recruitment process

4.2. Communicate with you

  • Respond to enquiries
  • Send relevant job opportunities
  • Schedule interviews or calls
  • Provide support and follow-up

4.3. Improve our services

  • Analyse recruitment performance
  • Optimise AI-supported sourcing models
  • Enhance user experience on our website

4.4. Legal and compliance purposes

  • Maintain records
  • Prevent fraud or misuse
  • Fulfil obligations under applicable laws

5. Legal Basis for Processing (GDPR)

We rely on the following lawful bases:

Consent (Art. 6(1)(a))

When you submit forms or share your CV/resume.

Contract or steps before entering a contract (Art. 6(1)(b))

When we evaluate your profile for a position or provide recruitment services.

Legitimate interests (Art. 6(1)(f))

Operating a professional recruitment business, improving our tools, ensuring service quality.

Legal obligation (Art. 6(1)(c))

Where required for compliance with Estonian/EU law.

6. AI-Supported Processing

Tilmara uses advanced AI tools to enhance sourcing, matching and ranking. However:

  • All final decisions involve human review.
  • No fully automated decision-making (Art. 22 GDPR) takes place.
  • AI is used to accelerate candidate discovery, not to determine suitability on its own.

We ensure: Transparency, Interpretability, and Manual oversight ("Human in the Loop").

7. Sharing of Personal Data

We never sell personal data.

We may share your data with:

7.1. Clients / employers

Where you have agreed to be presented as a potential candidate.

7.2. Service providers (processors)

  • Hosting and cloud infrastructure
  • Applicant tracking systems
  • Analytics tools
  • Email & communication platforms

All are bound by GDPR-compliant Data Processing Agreements.

7.3. Authorities

Only when required by law.

8. International Data Transfers

If data is transferred outside the EU/EEA, we ensure adequate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate technical and organisational protections

You may request more details via privacy@tilmara.com.

9. Data Retention

We retain data only as long as necessary:

  • Candidate/recruitment data: up to 3 years from last interaction, unless you request deletion earlier.
  • Client/contract data: retained per legal obligations (typically 7 years in Estonia).
  • Cookies: retention depends on cookie type (see Cookie Notice).

You may request deletion at any time (see Your Rights).

10. Your Rights (GDPR)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Port your data to another service
  • Lodge a complaint with Estonian Data Protection Inspectorate

To exercise any right, email privacy@tilmara.com.

11. Security

We apply appropriate technical and organisational measures:

  • Encryption in transit and at rest
  • Access control and authentication
  • Logging and auditing
  • Segregation of candidate data
  • Regular system monitoring

No system is 100% secure, but we take all reasonable steps to protect your information.

12. Cookies

We use cookies for:

  • Functional operation of the site
  • Analytics and performance measurement
  • User experience improvements

You can manage your preferences in your browser or decline non-essential cookies.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will post any changes on this page and update the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or want to exercise your rights, contact:

Breaking Disruptive Talent OÜ (Tilmara)
Harju maakond, Tallinn, Põhja-Tallinna linnaosa
Telliskivi tn 57, 10412, Estonia
Email: privacy@tilmara.com