Back to Home

Privacy Policy

Effective Date: February 20, 2026 | Last Updated: February 20, 2026

Data Controller: Point 33 | Contact: privacy@point33.com

Point 33 ("Company," "we," "us," "our") operates as a professional recruiting and talent placement firm. We take our obligations regarding personal data seriously and are committed to transparency about how we collect, use, share, and protect information.

This Privacy Policy applies to information collected through our website, forms, talent portals, referral programs, talent marketplace, and all related recruiting services. It applies to both candidates (job seekers) and clients (employers and hiring contacts).

Please read this Policy carefully. By submitting your information or using our Services, you acknowledge this Policy. Where consent is the lawful basis for processing, we will obtain that consent separately and explicitly.

1. Who This Policy Applies To

This Policy applies to two distinct groups of individuals whose data we process:

Candidates:

Job seekers who submit resumes, profiles, or other information to Point 33 in connection with potential employment opportunities.

Clients:

Employers, hiring managers, HR professionals, and other business contacts who engage Point 33 to assist in filling open roles.

We recognize these groups have different relationships with us and have different expectations about how their data is used. We treat their data accordingly.

2. Information We Collect

Candidate Information

We collect the following categories of candidate information, which you provide directly or which we may obtain from third-party sources:

  • Identification data: Full name, email address, phone number
  • Professional data: Resume or CV, work history, job titles, employment dates, achievements
  • Qualifications: Skills, certifications, education, professional licenses
  • Preferences: Job preferences, location or relocation preferences, desired compensation range
  • Profile links: LinkedIn, GitHub, portfolio, or other professional profiles you share
  • Communication records: Emails, messages, notes from calls and interviews
  • References: Contact information for professional references you provide
  • Any additional information you voluntarily provide through forms or communications

Note on Incidentally Collected Sensitive Information:

Resumes and professional profiles sometimes contain information that reveals characteristics protected by anti-discrimination law, such as approximate age (via graduation years), national origin (via educational institutions), or disability status (via employment gaps). We do not use this information in any candidate evaluation or matching process, and we instruct our staff and clients accordingly. If you wish to exclude such information from your resume before submitting, we encourage you to do so.

Client Information

  • Contact data: Name, job title, email address, personal and work phone numbers (including mobile)
  • Company data: Company name, size, industry, and location
  • Hiring data: Job descriptions, required qualifications, compensation budgets, team information
  • Communication records: Correspondence, meeting notes, feedback on candidates

Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address and approximate location
  • Device and browser information (type, operating system, version)
  • Website usage data (pages visited, time on site, clickstream data)
  • Cookie and tracking technology data (see Section 7 for details)
  • Referral source (how you arrived at our site)

Information from Third-Party Sources

We may collect information about you from:

  • Publicly available professional profiles (LinkedIn, GitHub, professional websites)
  • Job boards and career platforms
  • Recruiting affiliates and referral partners
  • Background check providers (with your separate written authorization)
  • Professional references you have provided

For EU/UK residents: where we collect your information from a third-party source without your direct involvement, we will notify you within one month of first collecting your information, unless doing so is impossible or would require disproportionate effort, in which case we will make information publicly available in accordance with GDPR Article 14(5).

3. Legal Basis for Processing

We process personal data only where we have a valid legal basis to do so. The legal bases we rely on are:

Legitimate Interests (primary basis for most recruiting activities): We process candidate and client data to operate our recruiting business, make placements, and maintain professional relationships. This is our primary basis for processing professional contact data and resumes. We have conducted a legitimate interests assessment (LIA) and determined that our interests are not overridden by individual rights, given the professional context of our services and the reasonable expectations of candidates and clients who engage a recruiting firm.

Contract Performance: We process data as necessary to fulfill our service agreements with clients and to take steps at the request of candidates prior to entering into employment or service arrangements.

Consent: We rely on consent where required by law, including for: optional programs (Talent Marketplace, Referral Portal, Private Talent Club), SMS/text message communications, marketing emails, background checks, and processing of sensitive personal data. Consent is always freely given, specific, informed, and unambiguous. You may withdraw consent at any time without detriment.

Legal Obligations: We process data as necessary to comply with applicable laws, including tax, employment, and data protection laws.

Note on Consent in Recruiting Context: Where you are a job seeker and we are your agent in the job market, we recognize that GDPR guidance indicates that consent may not always be freely given in employment relationships. For this reason, we rely primarily on legitimate interests and contract performance for core recruiting activities, and use consent only for supplementary programs and communications.

4. How We Use Your Information

Candidate Data

We use candidate data to:

  • Evaluate qualifications and match you with relevant job opportunities
  • Present your profile to prospective employers with active, relevant openings
  • Communicate with you about opportunities, interviews, offers, and placements
  • Coordinate interviews and scheduling between you and clients
  • Conduct background checks and reference verifications (with your separate written authorization)
  • Improve our matching algorithms and service quality
  • Maintain records of our interactions for relationship continuity
  • Operate optional programs you have opted into (Referral Portal, Talent Marketplace, Private Talent Club)
  • Send marketing communications about our services (with opt-in consent; you can opt out at any time)
  • Comply with legal obligations

Client Data

We use client data to:

  • Understand hiring needs and match you with qualified candidates
  • Communicate about candidate submissions, interviews, and placements
  • Manage our business relationship with your organization
  • Maintain records of placements and engagements
  • Send service-related communications and relevant recruiting market updates
  • Comply with legal obligations

We never sell personal data to third parties for their marketing purposes.

5. How We Share Information

Sharing Candidate Information

We share candidate information only for legitimate recruiting purposes and only in ways that serve the candidate's interests or are necessary for service delivery. Specifically:

With Hiring Clients: We share candidate profiles and resumes with employers who have active, legitimate job openings for which the candidate is a credible match. We do not share candidate data with clients speculatively or without a reasonable basis to believe the role and candidate are mutually appropriate.

With Recruiting Affiliates and Subcontractors: Partner recruiters who assist in sourcing or screening candidates. These parties are contractually required to protect candidate information, use it solely for recruiting purposes, and comply with applicable data protection laws.

Referral Portal, Talent Marketplace, and Private Talent Club: Only upon your separate opt-in consent. See Section 12 for details on these programs.

Service Providers: Third-party vendors who help us operate our business, including cloud storage and hosting, email and communication platforms, CRM and ATS systems, analytics tools, background check services, and payment processors. These providers are bound by data processing agreements that limit their use of your data to specified purposes.

Sharing Client Information

Client contact information is used to manage our business relationship. We do not share client personal contact data (including personal cell phone numbers) with third parties except as necessary for service delivery or as required by law.

Legal Disclosures: We may disclose information when required by law, court order, or valid legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: If Point 33 is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

What We Do Not Do

  • We do not sell personal data to third parties.
  • We do not share resumes, candidate databases, or contact lists for any purpose other than recruiting.
  • We do not share personal data for advertising purposes.
  • We do not share data without appropriate consent or another valid legal basis.

We may share anonymized or aggregated data (e.g., salary benchmarks, hiring trends, industry statistics) that does not identify individuals.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law.

Candidate Data

  • Active candidates (in an active search or placement process): Retained throughout the active engagement and for up to 12 months following conclusion.
  • Inactive candidates (no active engagement): Retained for up to 2 years from last contact or last activity, after which we will either delete your data or contact you to renew consent before retaining further.
  • Placed candidates: Retained for up to 3 years from placement date for legitimate business purposes (guarantee periods, re-recruitment), unless you request deletion.
  • Legal holds: Retained as long as required if subject to litigation or regulatory inquiry.

Client Data

  • Active client relationships: Retained for the duration of the relationship.
  • Inactive clients: Retained for up to 3 years from last engagement, then reviewed for deletion.
  • Legal and contractual records: Retained as required by applicable law (typically 7 years for financial/contractual records).

You may request deletion of your data at any time (see Section 9). We will process deletion requests within 30 days, subject to legal obligations that may require us to retain certain records.

7. Cookies & Tracking Technologies

Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function. These cannot be disabled. No consent required.

Analytics Cookies (e.g., Google Analytics): Help us understand how visitors use our site. Require your consent before being placed.

Marketing/Tracking Cookies (e.g., LinkedIn Insight Tag, remarketing pixels): Used for recruiting marketing and audience measurement. Require your consent before being placed.

Cookie Consent

When you first visit our website, we will present a cookie consent banner allowing you to accept or decline non-essential cookies by category. You may change your preferences at any time via the cookie preference center accessible from our website footer. Withdrawing consent does not affect processing that occurred before withdrawal. You may also disable cookies in your browser settings, though this may affect website functionality.

Do Not Track: Our website currently does not respond to "Do Not Track" signals from browsers. We rely on our cookie consent mechanism for tracking preferences.

8. Data Security

We implement reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and role-based permissions
  • Secure password policies and multi-factor authentication for system access
  • Regular security assessments and vulnerability management
  • Employee training on data protection and security practices
  • Incident response and breach notification procedures

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable law.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users to the extent practicable, regardless of jurisdiction.

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request that we limit how we process your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests at any time.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based. Withdrawal does not affect prior lawful processing.
  • Right to Non-Discrimination: Exercise your rights without receiving diminished service or other retaliation.

To exercise any of these rights, contact us at privacy@point33.com. We will verify your identity before processing requests and will respond within 30 days (or as required by applicable law).

California Residents (CCPA/CPRA)

California residents have the rights described above and the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of specific pieces and categories of personal information we have collected, disclosed, or sold in the past 12 months.
  • Right to Delete: Request deletion of personal information, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising. No opt-out link is required but we will honor opt-out requests.
  • Right to Limit Use of Sensitive Personal Information: Contact us to limit our use of sensitive personal information beyond what is necessary for our services.

To submit a CCPA request, contact us at privacy@point33.com or via our general contact page. We will not discriminate against you for exercising your CCPA rights. You may designate an authorized agent to submit requests on your behalf with appropriate verification. For CCPA purposes, we have not sold personal information in the preceding 12 months and do not intend to do so.

EU/UK/EEA Residents (GDPR / UK GDPR)

In addition to the rights above, EU, UK, and EEA residents have the right to lodge a complaint with their local supervisory authority if they believe we have processed their data in violation of applicable law. You may find your supervisory authority at:

We encourage you to contact us first so we have the opportunity to address your concerns directly.

10. International Data Transfers

Point 33 is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For transfers of personal data from the EU, EEA, or UK to the United States, we rely on the following transfer mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third-party processors.
  • EU-U.S. Data Privacy Framework (where applicable and certified).
  • UK International Data Transfer Agreements (IDTAs) for UK transfers.

We do not rely solely on consent as a transfer mechanism for routine data transfers. To obtain a copy of the relevant transfer safeguards, contact us at privacy@point33.com.

11. Automated Decision-Making

We may use automated tools, software, and algorithms to assist in matching candidates with job opportunities based on skills, experience, location, compensation, and other factors. These tools help us identify potentially relevant matches more efficiently.

However, we do not make final decisions regarding candidate presentation, rejection, or placement solely through automated means without human review. All candidate presentations to clients involve review by a Point 33 recruiter. No automated system will make a legally significant decision about you without human involvement.

If you have concerns about automated processing or wish to request human review of any decision, contact us at privacy@point33.com. EU/UK residents have the right under GDPR Article 22 to not be subject to solely automated decisions that produce legal or similarly significant effects.

AI and Screening Tools: If we use AI-assisted video interview tools or AI-based assessment tools for any process involving you, we will disclose this and obtain any legally required consent before using such tools. Illinois candidates: we comply with the Illinois Artificial Intelligence Video Interview Act. NYC candidates: we comply with NYC Local Law 144 regarding automated employment decision tools where applicable.

12. Optional Programs: Referral Portal, Talent Marketplace & Private Talent Club

Participation in these programs is entirely voluntary and requires separate, affirmative opt-in consent. Your use of our core recruiting services is not conditioned on participation in any optional program.

Referral Portal: With your consent, we share your profile with trusted referral partners for job matching purposes. Partners are contractually bound to protect your data. You may opt out at any time.

Talent Marketplace: With your consent, your profile is made visible to approved employers and hiring partners. Profile visibility settings are customizable. Employers may contact you directly. You may withdraw consent at any time; withdrawal is processed within 30 days.

Private Talent Club: With explicit separate written consent, your profile is included in a curated pool accessible only to employers who have paid for access. Access is limited to approved employers. You may withdraw at any time.

For all optional programs: We will never include your profile in a program without your affirmative opt-in. Opting into one program does not constitute consent for others. Withdrawal from any program does not affect your ability to use our core recruiting services.

13. Children's Privacy

Our Services are intended exclusively for adults (18 years of age or older). We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will promptly delete it. If you believe we have inadvertently collected information from a minor, please contact us at privacy@point33.com.

14. Sensitive Personal Information

We generally do not seek to collect sensitive personal information ("special category" data under GDPR), including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or data concerning sex life or sexual orientation.

As noted in Section 2, resumes may incidentally contain information that reveals protected characteristics. We do not use such information in our recruiting process and instruct our staff and clients accordingly.

If a specific role or client engagement requires collection of sensitive data (e.g., security clearance status, certain health-related requirements for regulated roles), we will notify you and obtain explicit consent before collecting such information.

15. Third-Party Links

Our website may contain links to third-party websites, job boards, or platforms. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, technology, or legal requirements.

For material changes, we will provide at least 14 days' notice by posting the updated Policy on our website with an updated "Last Updated" date, and by notifying you via email where we have your contact information. Minor changes (such as clarifications or corrections) may be made without advance notice.

Your continued use of our Services after the effective date of a material change constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, please contact us to discuss your options or to request deletion of your data.

17. Contact Us & Data Protection Requests

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Point 33 Privacy & Data Protection

Email: privacy@point33.com

General Inquiries: hello@point33.com

Mailing address available upon request.

We will acknowledge your inquiry promptly and respond fully within 30 days, or as required by applicable law. If your request is complex or numerous, we may extend this period by an additional 60 days (for GDPR compliance) and will notify you of the extension.

EU/UK residents who are unsatisfied with our response have the right to lodge a complaint with their local supervisory authority (see Section 9 for contact information).

Copyright 2026 Point 33. All rights reserved.