Misfits Recruitment, operated by Frincu Norocel-Stelian Persoana Fizica Autorizata complies with data protection laws globally, with the minimum standard that we apply being that found within the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The GDPR enhances privacy rights for individuals and provides a strict framework within which commercial organizations can legally operate.

1. Introduction

1.1 Misfits Recruitment, operated by Frincu Norocel-Stelian Persoana Fizica Autorizata ("The Business", "we", "us", or "our") is committed to protecting the privacy of users and visitors of this website. This Privacy Policy explains how we will use and store personal information that is submitted or collected when you use this website and its services. We advise that all users read this policy carefully and are fully aware of the terms before using our services.

The Business may amend this Privacy Policy from time to time. Please visit this page regularly to stay up to date, as we will post any changes here.

This policy was last updated on 16th March 2026

2. Information Collected

2.1 To provide visitors to this website with the best recruitment opportunities tailored to each individual's specific requirements, we need to process, analyze, and retain certain information about you to ensure we can provide our services to the best of our ability. This information may include:

2.1.1 Information provided when applying for positions through our website

2.1.2 Information contained in your CV/resume and application forms, and any other documents uploaded to our website

2.1.3 Information provided to our business email addresses

2.1.4 Data supplied voluntarily or obtained from publicly available sources such as LinkedIn or job boards

2.1.5 Data collected during phone, WhatsApp, SMS, or other messaging conversations

2.1.6 Data gathered using cookies and website analytics

2.1.7 Test session data including responses, completion times, and session monitoring information (such as browser focus changes or attempts to exit fullscreen mode during assessments)

2.1.8 Email addresses collected through newsletter subscription forms for the purpose of sending job alerts and recruitment industry updates

2.2 Information that may be provided to us that could be classified as special category data may be recorded and stored securely. This could include information about medical conditions, work authorization status, or background check results. You are not obligated to provide this information; however, if you do, we shall view this as you giving your explicit consent for us to share this information with relevant clients and use it as outlined in this policy.

2.3 We reserve the right to request completion of skills assessments, surveys, or tests to help us better match candidates with suitable opportunities. You are not obligated to participate; however, it is advised that you do so to help us deliver the best service possible.

2.4 Any additional information provided such as references, emergency contacts, or referrals should only be provided on the basis that you have obtained prior approval from these persons before submitting their details to us.

2.5 If you wish to make amendments, updates, or request removal from our database, please contact us at contact@misfits-recruitment.com.

3. Legal Basis

3.1 By providing your information to us for recruitment services, we process this data under the legal basis of legitimate interest and/or consent to provide the recruitment services you have requested. You have the right to withdraw consent and request removal from our database at any time.

3.2 Information will only be processed as outlined in our services to benefit our business operations and/or to provide you with recruitment services.

3.3 Data sharing with emergency contacts will only occur with your explicit consent and typically only in cases of medical emergencies or other urgent situations.

4. How Your Information Is Used

4.1 We may use your information as described above for the following purposes:

4.1.1 To provide you with recruitment and job matching services

4.1.2 To verify your information and qualifications

4.1.3 To respond to your requests for information

4.1.4 To present your profile to potential employers and clients

4.1.5 To match you with suitable job opportunities

4.1.6 To provide you with relevant job alerts and opportunities

4.1.7 To keep you informed about our services

4.1.8 To improve our website and services

4.1.9 To conduct skills assessments and tests

4.1.10 For research, analysis, testing, and administrative purposes – in such cases, data will be anonymized where possible

4A. Newsletter Subscriptions

4A.1 When you subscribe to our newsletter, we collect your email address for the purpose of sending you job alerts, industry news, and recruitment updates.

4A.2 Legal basis: Your explicit consent obtained when you voluntarily subscribed through our website.

4A.3 Retention: We retain your email address until you unsubscribe or request deletion.

4A.4 Your rights:

4A.4.1 Unsubscribe at any time using the link provided in every newsletter email

4A.4.2 Request deletion of your data by contacting us at contact@misfits-recruitment.com

4A.4.3 Request a copy of your stored data

4A.5 We do not share newsletter subscriber email addresses with third parties for marketing purposes.

4.2 It may be necessary for us to share your information:

4.2.1 With prospective employers and clients for recruitment purposes – we will seek your consent before doing so

4.2.2 With our service providers and contractors where necessary for them to provide services to us

4.2.3 With clients and employers located outside Romania and the European Union, where this is necessary for recruitment opportunities

4.2.4 Where required by law, court order, or legal process

4.2.5 Where we believe disclosure is necessary to investigate suspected illegal activity

4.2.6 To protect and defend our rights or property

4.3 We may share your information with third parties or clients to enable them to contact you directly about relevant opportunities.

4.4 If you are successfully placed with one of our clients, we will retain your information for future opportunities unless you request its removal.

4.5 We are committed to protecting all information from misuse, loss, unauthorized access, or tampering. If you suspect any security breach, please contact us immediately at contact@misfits-recruitment.com.

5. Data Storage and Security

5.1 Your CV and documents are stored securely on our systems. We implement appropriate technical and organizational measures to protect your personal data.

5.2 We use cookies and similar technologies to improve website functionality and user experience. These may include session cookies for login functionality and analytics cookies to understand website usage.

5.3 During online assessments, we employ the following monitoring measures to ensure test integrity:

5.3.1 Fullscreen enforcement: The test must be completed in fullscreen mode. Exiting fullscreen is recorded as a violation.

5.3.2 Tab switch and browser focus detection: Switching to other tabs or applications during the test is detected and recorded.

5.3.3 Per-question time tracking: The time you spend on each individual question is recorded to identify unusual response patterns.

5.3.4 Session reconnection logging: If your connection drops, the number of reconnection attempts is recorded (maximum 3 allowed per session).

5.3.5 Browser and device information: Your browser type, screen resolution, and IP address may be logged for security purposes.

5.4 All monitoring data described above is included in the test report. If the test was requested by a hiring company (Client), this report — including any recorded violations — is shared with that Client. If you took the test through our public Challenge page, the monitoring data is used internally and is not shared with third parties.

5.5 By starting an assessment, you consent to the monitoring described above. You may choose not to take the test, but the monitoring cannot be disabled during an active session.

5A. Data Retention Periods

5A.1 We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:

5A.1.1 Candidate test results and session data: Retained for 24 months from the date of the assessment, after which they are anonymized or deleted.

5A.1.2 CV/resume and application data: Retained for 24 months from last activity or contact, unless you request earlier deletion.

5A.1.3 Client account data (companies): Retained for the duration of the service agreement plus 36 months for legal and accounting obligations.

5A.1.4 Newsletter subscriber data: Retained until you unsubscribe or request deletion.

5A.1.5 Anti-cheat and violation logs: Retained for 12 months from the date of the test session.

5A.1.6 Challenge page results and Hall of Fame entries: Displayed publicly for as long as you remain on the leaderboard. You may request removal at any time.

5A.2 After the applicable retention period, personal data is either securely deleted or anonymized so that it can no longer be associated with you.

5B. Data Breach Notification

5B.1 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

5B.2 Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing details of the breach and the measures taken to address it.

5C. Sub-Processors

5C.1 We use the following third-party service providers (sub-processors) who may process personal data on our behalf:

5C.1.1 Hostinger International Ltd — Web hosting and server infrastructure (data stored within the EU)

5C.1.2 Cloudflare, Inc. — Content delivery, DDoS protection, and email obfuscation

5C.1.3 Google LLC (Google Analytics) — Website usage analytics, loaded only after cookie consent is given

5C.2 All sub-processors are bound by contractual obligations to process personal data only on our instructions and in compliance with GDPR. We maintain an up-to-date list of sub-processors and will update this section when changes occur.

5D. International Data Transfers

5D.1 Your personal data is primarily stored on servers located within the European Union.

5D.2 Where it is necessary to transfer data outside the EU/EEA (for example, when sharing candidate information with a client located outside the EU for recruitment purposes), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or that the recipient country has been deemed to provide an adequate level of data protection.

5D.3 We will always inform you before any international transfer of your data takes place and will obtain your consent where required.

5E. Our Role as Data Controller and Data Processor

5E.1 When we act as Data Controller: When you apply for positions through our website, use the Challenge page, subscribe to our newsletter, or otherwise provide your data directly to us, Misfits Recruitment is the Data Controller responsible for determining how your personal data is processed.

5E.2 When we act as Data Processor: When a client company engages our testing services and sends their candidates to be assessed through our platform, we act as a Data Processor on behalf of that client (the Data Controller). In this case, we process candidate data strictly in accordance with the client's instructions and our Data Processing Agreement with them.

5E.3 Regardless of our role, we apply the same high standards of data protection and security to all personal data we handle.

5F. Automated Decision-Making

5F.1 Our testing platform automatically scores candidate assessments based on correct and incorrect answers. This automated scoring produces results that may be used by hiring companies as part of their recruitment decision-making process.

5F.2 Misfits Recruitment does not make automated hiring decisions. Test results are provided to the hiring company as one factor among many in their overall evaluation of a candidate. The final hiring decision is always made by the client company, not by our platform.

5F.3 Under Article 22 of the GDPR, you have the right to not be subject to a decision based solely on automated processing. If you believe an automated decision has significantly affected you, you may contact us to request human review of the assessment.

5G. Challenge Page and Public Leaderboard

5G.1 If you participate in our public Challenge assessments, your chosen display name and test score may be displayed on our Hall of Fame leaderboard, visible to all website visitors.

5G.2 By submitting your email and completing a Challenge test, you consent to the public display of your chosen name and score. Your email address is never displayed publicly.

5G.3 Certificates generated from the Challenge are for your personal use. They contain your name, the test level, your score, and the date of completion.

5G.4 You may request removal of your name from the Hall of Fame and deletion of your Challenge data at any time by contacting us at contact@misfits-recruitment.com.

6. Your Rights

6.1 Under GDPR, you have the right to:

6.1.1 Request access to your personal data

6.1.2 Request correction of inaccurate personal data

6.1.3 Request deletion of your personal data

6.1.4 Request restriction of processing

6.1.5 Request data portability

6.1.6 Object to processing

6.1.7 Withdraw consent at any time

6.2 To exercise any of these rights, please contact us at contact@misfits-recruitment.com. We will respond within 30 days of your request.

6.3 If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. For individuals in Romania, the relevant authority is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) at www.dataprotection.ro. For individuals in other EU member states, you may contact your local data protection authority.

7. Third-Party Links

7.1 This Privacy Policy only applies to our website. If you follow links to other websites, please read their privacy policies as we are not responsible for how third parties handle your information.

8. Contact Us

8.1 If you have any questions about this Privacy Policy, please contact us:

• Business Name: Misfits Recruitment
• Legal Entity: Frincu Norocel-Stelian Persoana Fizica Autorizata
• Email: contact@misfits-recruitment.com
• Phone: +40 0779 218 039

9. Communication Privacy

9.1 We may monitor communications for security, training, and quality purposes. All communications contain confidential information and should not be shared with third parties without consent.

9.2 If you receive communications intended for someone else, please delete them immediately and notify us in writing.

9.3 Unauthorized sharing or misuse of confidential information may result in legal action.