Privacy Policy

Privacy Policy

Effective date: 18 September 2025

This Privacy Policy explains how Demexios collects and processes personal data via its website https://demexios.com and related communication channels, in accordance with the EU General Data Protection Regulation (GDPR) and the Latvian Personal Data Processing Law.

1) Who we are (Controller)

Demexios SIA acts as the data controller for processing activities described in this Privacy Policy.

Demexios SIA
Limited liability company (SIA)
Reg. No.: 40203681251 (registered 18.09.2025)
VAT ID: LV40203681251
 

 Legal/Postal address: Ilūkstes iela 109–30, Rīga, LV‑1082, Latvia
Email: info@demexios.com (or via the contact form)

Supervisory authority (Latvia): Data State Inspectorate (Datu valsts inspekcija), Elijas iela 17, Rīga, LV‑1050, Latvia, pasts@dvi.gov.lv, +371 67223131.

2) What data we collect

• Technical data: IP address, device/OS/browser type, pages visited, timestamps, basic logs.
  
• Form data (when you submit): name, email, phone, message content, CV/resumé, LinkedIn URL and similar professional information.
  
• Communications: emails and messages exchanged with us.
  
• Recruitment information (candidates): role fit, experience, skills, compensation expectations, availability, notes from interviews/assessments you choose to undergo.
  
• Client information (business contacts): company, role, contractual and billing details, correspondence.
  

We do not intentionally collect special categories of data unless you provide them voluntarily where clearly necessary (e.g., reasonable‑accommodation requests). Please avoid including sensitive data in open text fields.

3) Purposes and legal bases (Art. 6 GDPR)

• Respond to contact requests / inbound leads – Legitimate interests (operate and grow our business) or pre‑contractual steps at your request.
  
• Recruitment and talent placement (candidate pipeline, client submissions, interviews, fit assessments) – Legitimate interests and/or consent where required; contract with clients/candidates when applicable.
  
• Client relationship management & service delivery – Contract performance and legitimate interests.
  
• Compliance & security (fraud prevention, legal requests) – Legal obligation and legitimate interests.
  
• Website operation (strictly necessary cookies) – Legitimate interests. For analytics/advertising and other non‑essential cookies, the legal basis is consent gathered via our cookie banner.
• Our services are aimed at adults; we do not knowingly process children’s data.

4) Data retention

We keep data only as long as necessary for the purposes above, then delete or anonymise it:

• General enquiries / marketing leads: up to 3 years from last meaningful contact.
  
• Recruitment data: typically up to 2 years from last contact (with explicit consent), or 6–12 months from the last contact or process closure; longer where required by law or to establish/defend legal claims.

• Contracts, invoices and compliance records: retained according to applicable legal limitation and accounting periods.
  

5) Sources of data

Directly from you (forms, email, calls, interviews) and, for recruitment, from publicly available professional sources you share or make public (e.g., LinkedIn) or from referrals (with your knowledge).

6) Sharing and recipients

We do not sell personal data. We may share data with:

• Processors acting on our instructions (hosting, email/workspace, applicant tracking/CRM, document storage, video‑meeting tools, website maintenance). Our primary website hosting provider is o2switch (France, EU), and your data held for website delivery is stored on servers located in the European Union (France). Typical providers also include website CMS (e.g., WordPress) and Google Workspace.
  
• Clients (with your knowledge) when you apply for or are presented for a role.
  
• Professional advisers (legal/accounting), authorities or courts where required by law.
  

Where we use processors outside the EEA, transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses) and, where applicable, participation in adequacy frameworks.

7) International transfers

Our primary hosting is with o2switch in France (EU/EEA), so website‑hosting data is stored within the European Union. If, for specific tools or services, personal data is transferred outside the EEA, we implement GDPR‑compliant safeguards (e.g., Standard Contractual Clauses and, where relevant, additional transfer‑impact measures). You may request a copy of the applicable safeguards (with redactions where necessary).

8) Cookies and similar technologies

We use cookies and similar technologies on our website. Non‑essential cookies (e.g., analytics, advertising, A/B testing, heatmaps) are used only with your consent. You can accept, reject, or manage categories at any time via the cookie banner or the Cookie settings link in the footer.

8.1 Cookie categories

• Strictly necessary (essential): required to deliver the site and provide basic security and functionality. Legal basis: legitimate interests. These cannot be switched off.
  
• Analytics & performance: help us understand usage to improve the site (e.g., page views, navigation flows). Legal basis: consent.
  
• Advertising / remarketing: used to deliver and measure personalised or interest‑based ads. Legal basis: consent.
  
• A/B testing & UX tools: measure variations and interactions (e.g., scroll/interaction patterns) to improve usability. Legal basis: consent.
  

8.2 Managing consent

• On first visit, we present a banner with equally prominent options to Accept all, Reject all, or Manage preferences.
  
• You may change or withdraw consent at any time via the Cookie settings link.
  
• We maintain records of consent (timestamp, selections, country, version) to meet GDPR/ePrivacy obligations.
  

8.3 Third‑party cookies

Some cookies are set by third parties (e.g., analytics, advertising networks). These providers are independent controllers for their subsequent processing. Please refer to their privacy policies for more information.

8.4 Retention

• Cookie lifespans vary by category and provider; non‑essential cookies generally persist from session up to 13 months unless you clear them earlier.
  
• Consent signals are retained for up to 13 months, after which we will re‑prompt you.
  

9) Embedded content

Pages may include embedded third‑party content (e.g., maps, videos) that may set their own cookies or collect data per that third party’s policies.

10) Your rights

Subject to the GDPR and Latvian law, you have the right to access, rectify, erase, restrict, object, and port your data, and the right not to be subject to a decision based solely on automated processing where applicable. Where processing relies on consent, you may withdraw it at any time (withdrawal does not affect prior lawful processing). You also have the right to lodge a complaint with a supervisory authority (see Section 1).

11) How to exercise your rights

Please contact us at info@demexios.com or write to Demexios SIA at the address above. We will respond without undue delay and within the deadlines prescribed by the GDPR.

12) Security

We implement appropriate technical and organisational measures to secure personal data against unauthorised access, alteration, disclosure or destruction, considering the state of the art, costs, scope and risks.

13) Changes to this Policy

We may update this Policy from time to time (e.g., if we add analytics cookies or new tools). Material changes will be highlighted on this page. Please review this page periodically.

Contact (preferred, single point)

Demexios SIA
Ilūkstes iela 109–30, Rīga, LV‑1082, Latvia
Email: info@demexios.com

You can contact us using the details above.