Provider
Effective date: July 5, 2026
Provider: Taraftech UG (haftungsbeschränkt)
Brand: Orkestr Career Desk
Contact: info@taraftech.de
1. Overview
This Privacy Policy explains how Orkestr Career Desk collects, uses, stores, shares, and deletes personal data in connection with our job-search infrastructure service. We process sensitive career-related information. We therefore recommend using a dedicated job-search email address wherever possible.
GDPR applies to EU-based organizations processing personal data and to organizations outside the EU that offer goods or services to individuals in the EU. GDPR requires a lawful basis for personal-data processing, and consent must be specific, informed, freely given, and unambiguous where consent is used.
2. Data we collect
- name
- email address
- WhatsApp number
- country and city
- CV
- LinkedIn profile URL
- portfolio links
- GitHub links
- current role
- work experience
- target roles
- target locations
- salary expectations
- work authorization or visa status
- job-search status
- application history
- recruiter communications
- job-alert emails
- job descriptions
- role scores
- notes and follow-ups
- meeting notes
- payment status
- operational logs
- technical logs
3. Data from connected accounts
With your authorization, we may access selected data from dedicated job-search email accounts, Gmail or other email accounts, job boards, LinkedIn-related browser workspace, calendar or meeting tools, WhatsApp communication, application portals, and documents you provide. We only access account data for the purpose of providing the service.
4. Dedicated email recommendation
We recommend creating a separate email address used only for job applications. This reduces privacy risk by separating your job-search workflow from your main personal or professional inbox.
5. How we use your data
- review your application
- decide whether trial access is suitable
- set up your job-search workflow
- configure job sources
- create role criteria
- score job opportunities
- send WhatsApp notifications
- organize applications
- track follow-ups
- support job-search execution
- provide customer support
- process payments
- maintain security
- keep audit logs
- comply with legal obligations
6. AI processing
For AI processing, Orkestr Career Desk uses OpenAI. AI processing may include job-description analysis, CV-to-role matching, role scoring, summarization, draft suggestions, search refinement, and follow-up suggestions.
We do not use customer data to train our own models. OpenAI states that business data is not used to train models by default, unless the customer explicitly opts in. OpenAI also states that API abuse-monitoring logs may be retained for up to 30 days by default, unless different retention terms apply.
7. Human access
Human access may be required to configure, review, support, troubleshoot, or improve your workflow. Human access is limited to what is needed to provide the service. We do not permit unnecessary browsing of your accounts.
8. Logs
- timestamp
- user account
- accessed data source
- data category accessed
- purpose of access
- action performed
- human or automated status
- AI request reference
- result category
- approval status
Logs help provide transparency, security, debugging, and accountability.
9. Data sharing
- AI provider: OpenAI
- payment provider: PayPal or banks
- email provider
- hosting provider
- database or storage provider
- communication provider such as WhatsApp or email
- professional advisors where needed
- authorities where required by law
We do not sell your personal data.
10. Google and Gmail data
If we access Google user data through Google APIs, we must clearly disclose what data we access, why we access it, and how we use it. Google requires apps to request only the permissions needed for the service and to disclose user-data practices clearly. Gmail restricted scopes may require OAuth verification and security assessment if restricted data is stored or transmitted.
11. LinkedIn-related data
We may help organize LinkedIn-related job-search workflows in a user-controlled browser environment. We do not claim that LinkedIn permits all third-party automation. LinkedIn states that third-party software that scrapes or automates activity on LinkedIn's website is not permitted.
12. Legal bases for processing
- your consent
- performance of a contract
- steps before entering into a contract
- legitimate interests
- legal obligations
13. Data retention
- rejected applications: delete or anonymize after 60 days
- trial data for non-continuing users: delete or return within 14 days after trial end, unless legal retention is needed
- active customer data: retained while the service is active
- offboarded customer workspace data: delete or return within 30 days after termination
- operational logs: retain for 90 days, unless needed for security, legal, or dispute reasons
- payment and invoice records: retained as required by tax and accounting law
14. Your rights
- access your data
- correct inaccurate data
- request deletion
- restrict processing
- object to processing
- receive a copy of your data
- withdraw consent
- lodge a complaint with a data protection authority
15. Security
- dedicated job-search email recommendation
- minimized access
- access logging
- secure storage
- encrypted transport
- account separation
- restricted human access
- offboarding procedures
- deletion process
No system is perfectly secure.
16. International data transfers
Because this is a global service, data may be processed in countries outside your country of residence. Where required, we use appropriate safeguards for international data transfers.
17. Children
The service is not intended for children or minors.
18. Changes
We may update this Privacy Policy. Material changes will be communicated where required.
19. Contact
Privacy requests can be sent to: info@taraftech.de