Privacy Policy

Last Updated: September 2025

Effective Date: September 2025

1. INTRODUCTION

MÜLLERSTEIN INTERNATIONAL SOLUTIONS SOCIEDAD DE RESPONSABILIDAD LIMITADA ("Müllerstein," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your data when you visit our website, use our services, or interact with us in any capacity.

We recognize that privacy is important to you, and we take our responsibility for protecting your personal data seriously. This policy is designed to help you understand:

• What information we collect and why

• How we use and protect that information

• Your choices regarding your information

• How to contact us with questions or concerns

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.

2. SCOPE AND APPLICATION

2.1 Coverage

This Privacy Policy applies to all personal data collected by Müllerstein through:

• Our website (www.mullerstein.com)

• Email correspondence and communications

• Contact forms and inquiry submissions

• Recruitment and sourcing services

• Client engagements and service agreements

• Events, webinars, and conferences

• Social media interactions

• Telephone conversations

• In-person meetings

• Any other interactions with Müllerstein

2.2 Who We Are

Müllerstein International Solutions S.R.L. is a boutique recruitment and strategic sourcing agency registered in Costa Rica under Registration Number 3-102-920047, with our registered office at Province 01 San José, Canton 02 Escazú, San Rafael, EBC Corporate Center, Eighth Floor, Offices of Sfera Legal, Costa Rica.

2.3 Data Controller

For the purposes of applicable data protection laws, Müllerstein acts as the data controller for personal information collected through our operations.

2.4 Excluded Information

This policy does not apply to:

• Information that has been anonymized or aggregated

• Publicly available information

• Information about businesses or organizations (as opposed to individuals)

3. INFORMATION WE COLLECT

We collect various types of information to provide and improve our services. The categories of information we may collect include:

3.1 Identity and Contact Data

• Full name

• Professional or personal email address

• Company name and position/job title

• Business telephone number and mobile number

• Mailing address and business address

• LinkedIn profile and other professional social media

• Professional credentials and certifications

• Work authorization status and nationality (where relevant for recruitment)

3.2 Professional and Career Data (for Candidates)

• Resume/CV and cover letters

• Employment history and work experience

• Educational background and qualifications

• Professional skills and competencies

• Salary expectations and compensation history

• References and recommendation letters

• Portfolio and work samples

• Interview notes and assessments

• Availability and notice period

• Career preferences and job search criteria

3.3 Client and Business Data

• Company information and business structure

• Industry and sector information

• Job descriptions and vacancy requirements

• Hiring needs and specifications

• Budget and compensation ranges

• Contract details and service agreements

• Billing and payment information

• Communication preferences

3.4 Technical and Usage Data

• IP address and geolocation data

• Browser type and version

• Device information (type, operating system, unique identifiers)

• Pages visited and navigation paths

• Time and date of visits

• Session duration and frequency

• Referral source (how you found our website)

• Click-stream data and interaction patterns

• Screen resolution and display settings

• Network and connection information

3.5 Communication Data

• Messages sent through contact forms

• Email correspondence and attachments

• Inquiry details and support tickets

• Feedback and survey responses

• Testimonials and reviews

• Recorded telephone conversations (with prior notice and consent)

• Chat logs and messaging interactions

• Meeting notes and discussion summaries

3.6 Transaction and Financial Data

• Invoice details and payment history

• Payment method information (processed via secure third-party processors)

• Transaction amounts and dates

• Purchase orders and contracts

• Billing addresses

• Tax identification numbers (where required)

3.7 Marketing and Preferences Data

• Newsletter subscriptions

• Event registrations and attendance

• Marketing communication preferences

• Product and service interests

• Survey responses

• Cookie and tracking preferences

• Opt-in and opt-out choices

3.8 Cookies and Tracking Technologies

• Session cookies and persistent cookies

• Web beacons and pixels

• Analytics identifiers

• Advertising cookies

• Social media plugins

• Local storage data

3.9 Special Categories of Data

In limited circumstances, we may process special categories of personal data (sensitive data) such as:

• Health information (e.g., disability accommodations, medical certificates)

• Diversity and inclusion data (voluntarily provided)

• Background check results (with explicit consent)

We only process such data where legally permitted and with appropriate safeguards.

4. HOW WE COLLECT INFORMATION

4.1 Information You Provide Directly

• Registration and account creation

• Submission of resumes, CVs, or applications

• Completion of contact forms or inquiry requests

• Communication via email, phone, or chat

• Participation in surveys or feedback requests

• Attendance at events or webinars

• Subscription to newsletters or marketing materials

• Engagement with our recruitment services

4.2 Information We Collect Automatically

• Website usage through cookies and tracking technologies

• Server logs and analytics tools

• Technical information about your device and connection

• Behavioral data about how you interact with our site

4.3 Information from Third Parties

• Professional references provided by candidates

• Background check services (with consent)

• LinkedIn and other professional networking platforms

• Client organizations providing candidate information

• Publicly available sources (e.g., professional profiles, company websites)

• Business contact databases and directories

• Third-party recruitment platforms

4.4 Information from Related Entities

• Affiliated companies or partners

• Service providers acting on our behalf

5. HOW WE USE YOUR PERSONAL DATA

We process your personal information for the following purposes:

5.1 Service Provision and Management

• Providing recruitment and sourcing services

• Matching candidates with suitable opportunities

• Evaluating candidate qualifications and suitability

• Coordinating interviews and assessments

• Managing client relationships and projects

• Processing applications and inquiries

• Delivering requested information and resources

• Administering user accounts

5.2 Communication and Support

• Responding to inquiries and requests

• Providing customer support and assistance

• Sending service-related notifications

• Sharing updates about your applications or projects

• Conducting surveys and collecting feedback

• Managing event registrations and attendance

5.3 Business Operations

• Managing billing, invoicing, and payments

• Processing transactions and contracts

• Maintaining accurate business records

• Conducting internal reporting and analytics

• Managing vendor and supplier relationships

• Planning and executing business strategies

5.4 Marketing and Promotional Activities

• Sending newsletters and marketing communications (with consent)

• Promoting our services and events

• Sharing relevant industry insights and opportunities

• Conducting market research

• Personalizing marketing content

• Measuring marketing campaign effectiveness

5.5 Website Enhancement

• Analyzing website usage and performance

• Improving site functionality and user experience

• Optimizing navigation and content

• Testing new features and designs

• Troubleshooting technical issues

5.6 Legal and Compliance

• Complying with legal obligations and regulations

• Responding to legal requests and court orders

• Protecting our legal rights and interests

• Preventing fraud and abuse

• Enforcing our terms and conditions

• Conducting audits and investigations

• Maintaining records for regulatory purposes

5.7 Security and Risk Management

• Ensuring platform security and integrity

• Preventing unauthorized access

• Detecting and preventing fraud

• Monitoring for suspicious activity

• Conducting security assessments

• Responding to security incidents

5.8 Aggregated and Anonymized Data

• Creating statistical analyses and reports

• Conducting research and development

• Benchmarking and trend analysis

• Industry reporting (all in anonymized form)

6. LEGAL BASIS FOR PROCESSING

Under applicable data protection laws (including GDPR where applicable), we process your personal data based on the following legal grounds:

6.1 Contract Performance

Processing necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract. This includes:

• Providing recruitment services

• Processing applications

• Managing client relationships

• Delivering requested services

6.2 Consent

Processing based on your explicit, informed, and freely given consent, such as:

• Marketing communications

• Optional cookies and tracking

• Processing of special categories of data

• Recording of telephone conversations

• Collection of diversity data

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6.3 Legitimate Interests

Processing necessary for our legitimate business interests or those of third parties, provided your fundamental rights do not override these interests. This includes:

• Improving our services and website

• Conducting business analytics and research

• Preventing fraud and ensuring security

• Managing business operations

• Direct marketing to existing contacts

• Maintaining business records

6.4 Legal Compliance

Processing necessary to comply with legal obligations, such as:

• Tax and accounting requirements

• Employment law compliance

• Regulatory obligations

• Court orders and legal processes

• Data protection law requirements

6.5 Vital Interests

In rare circumstances, processing necessary to protect someone's vital interests (e.g., emergency medical situations).

7. SHARING AND DISCLOSURE OF PERSONAL DATA

We may share your personal information with the following categories of recipients:

7.1 Service Providers and Processors

We engage third-party companies and individuals to perform services on our behalf, including:

• Web hosting and infrastructure providers (e.g., cloud storage, servers)

• Customer Relationship Management (CRM) platforms

• Email and communication services

• Payment processors (PCI-DSS compliant)

• Analytics and tracking services (e.g., Google Analytics)

• Marketing automation platforms

• Recruitment management systems

• Background check providers (with consent)

• IT support and maintenance

• Data backup and security services

These service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

7.2 Clients and Employers

For candidates using our recruitment services:

• We share your professional information with potential employers and clients

• This typically includes your CV, qualifications, experience, and interview assessments

• We generally obtain your consent before sharing your details with specific clients

• You may choose to remain anonymous in initial stages

7.3 Professional Advisors

We may share information with:

• Lawyers and legal counsel

• Accountants and auditors

• Business consultants

• Tax advisors

• Insurance providers

All are bound by confidentiality obligations.

7.4 Corporate Transactions

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy:

• We may transfer your information to successor entities

• You will be notified of any such transaction

• Your data will remain subject to privacy protections

7.5 Legal and Regulatory Authorities

We may disclose information when required by law or to:

• Comply with legal processes (subpoenas, court orders)

• Respond to government or regulatory requests

• Enforce our terms and conditions

• Protect our rights, property, or safety

• Investigate fraud or security issues

• Protect the rights and safety of others

7.6 With Your Consent

We may share information with third parties when you provide explicit consent for specific purposes.

7.7 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify individuals with:

• Business partners

• Industry analysts

• Researchers

• The public

7.8 Important Notes

• We do not sell your personal information to third parties for their marketing purposes

• We do not rent or lease your personal data to others

• All third parties are required to maintain confidentiality and security

8. DATA RETENTION

8.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting requirements.

8.2 Retention Periods

Typical retention periods include:

Candidate Data:

• Active candidates: Duration of active job search plus up to 2 years

• Successful placements: Duration of employment plus 6 years (for legal compliance)

• Unsuccessful applications: Up to 2 years (or until consent withdrawn)

Client Data:

• Active clients: Duration of business relationship

• Former clients: Up to 7 years after relationship ends (for legal and tax purposes)

• Contracts and invoices: 7 years (legal requirement)

Marketing Data:

• Until consent is withdrawn or until 3 years of inactivity

Website Analytics:

• Typically 14-26 months depending on the tool

Legal Claims:

• Data may be retained longer if involved in legal proceedings

8.3 Deletion and Anonymization

When data is no longer needed:

• It will be securely deleted or destroyed

• Or anonymized so it can no longer identify you

• Backups are also purged according to our backup retention schedule

8.4 Exceptions

We may retain data longer if:

• Required by law or regulation

• Necessary for legal claims or disputes

• You have explicitly consented to longer retention

• Technical limitations prevent immediate deletion (e.g., backup systems)

9. DATA BREACH NOTIFICATION

9.1 Breach Response

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Investigate promptly to determine the nature and extent of the breach

• Contain and remediate the breach

• Assess the risk to affected individuals

9.2 Notification to Authorities

Where required by law, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

9.3 Notification to Individuals

If the breach is likely to result in a high risk to your rights, we will notify you without undue delay with information about:

• The nature of the breach

• The likely consequences

• Measures taken or proposed to address the breach

• Contact information for further inquiries

• Recommended actions you can take

9.4 Documentation

We maintain records of all data breaches, including facts, effects, and remedial actions taken.

10. YOUR PRIVACY RIGHTS

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

10.1 Right of Access

You have the right to:

• Confirm whether we process your personal data

• Receive a copy of your personal data

• Obtain information about how we process your data

10.2 Right to Rectification

You can request correction of:

• Inaccurate personal data

• Incomplete personal data

10.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data when:

• It's no longer necessary for the purposes collected

• You withdraw consent (where processing was based on consent)

• You object to processing (under certain conditions)

• Data was unlawfully processed

• Legal obligation requires deletion

Exceptions: We may retain data when required for legal compliance, legal claims, or other lawful purposes.

10.4 Right to Restriction of Processing

You can request we limit processing when:

• You contest the accuracy of data

• Processing is unlawful but you don't want deletion

• We no longer need the data but you need it for legal claims

• You have objected to processing pending verification

10.5 Right to Data Portability

You can request to:

• Receive your data in a structured, commonly used, machine-readable format

• Transmit your data to another controller

(Only applies when processing is based on consent or contract and carried out by automated means)

10.6 Right to Object

You can object to:

• Processing based on legitimate interests

• Direct marketing at any time

• Profiling related to direct marketing

10.7 Right to Withdraw Consent

When processing is based on consent:

• You can withdraw consent at any time

• This doesn't affect the lawfulness of processing before withdrawal

• It's as easy to withdraw as to give consent

10.8 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (subject to certain exceptions).

10.9 Right to Lodge a Complaint

You have the right to file a complaint with a data protection supervisory authority, particularly in:

• Your country of residence

• Your place of work

• The location of the alleged violation

10.10 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: info@mullerstein.com

• Subject line: "Privacy Rights Request"

• Include: Your full name, contact information, and specific request

10.11 Verification

To protect your privacy, we may request verification of your identity before processing requests. This may include:

• Confirming email address

• Providing additional identification

• Answering security questions

10.12 Response Time

We will respond to your request within:

• One month of receipt (may be extended by two additional months for complex requests)

• We will inform you of any extension and the reasons

10.13 No Fee

Exercising your rights is generally free of charge. However, we may charge a reasonable fee or refuse the request if it is manifestly unfounded, excessive, or repetitive.

11. CHILDREN'S PRIVACY

11.1 Age Restriction

Our services are not intended for individuals under the age of 16 years old (or the applicable age of majority in your jurisdiction).

11.2 No Knowing Collection

We do not knowingly collect personal information from children under 16.

11.3 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11.4 Deletion

Upon discovering that we have collected data from a child under 16, we will:

• Delete such information promptly

• Take steps to prevent future collection

• Not use the data for any purpose

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help websites remember information about your visit.

12.2 Types of Cookies We Use

Essential Cookies (Always Active):

• Required for website functionality

• Enable core features (navigation, security, access to secure areas)

• Cannot be disabled without severely affecting site usability

Performance/Analytics Cookies:

• Collect information about how you use our website

• Help us improve website performance

• Provide aggregate statistics (Google Analytics, etc.)

• Do not identify you personally

Functional Cookies:

• Remember your preferences and settings

• Personalize your experience

• Recall your language choice

• Remember login information (if applicable)

Targeting/Advertising Cookies:

• Track your browsing across different sites

• Build a profile of your interests

• Deliver relevant advertisements

• Measure advertising effectiveness

• Used by third-party advertising networks

12.3 Third-Party Cookies

We use third-party services that may set their own cookies:

• Google Analytics

• LinkedIn Insights

• Facebook Pixel

• Marketing automation platforms

• Advertising networks

We don't control these third-party cookies. Review their privacy policies for more information.

12.4 Cookie Management

You can control cookies through:

• Our cookie banner: Manage preferences when you first visit

• Cookie settings: Access via footer link or settings page

• Browser settings: Block or delete cookies

• Opt-out tools: Industry opt-out mechanisms (e.g., NAI, DAA)

12.5 Consequences of Disabling Cookies

Disabling certain cookies may:

• Limit website functionality

• Prevent access to personalized features

• Require repeated logins

• Reduce performance

Essential cookies cannot be disabled if you want to use the site.

12.6 Do Not Track (DNT)

Currently, we do not respond to DNT signals because there is no industry-wide standard. We will update our practices if standards emerge.

12.7 Cookie Duration

• Session cookies: Deleted when you close your browser

• Persistent cookies: Remain for a set period or until manually deleted

12.8 Cookie Policy

For more detailed information, please see our separate Cookie Policy.

13. THIRD-PARTY LINKS AND SERVICES

13.1 External Links

Our website may contain links to third-party websites, applications, or services not operated by us, such as:

• Social media platforms

• Partner websites

• Client career pages

• Industry resources

• News articles

13.2 No Control or Responsibility

We are not responsible for:

• Privacy practices of external sites

• Content or accuracy of third-party sites

• Security of third-party platforms

• Terms and conditions of external services

13.3 Review Third-Party Policies

We encourage you to review the privacy policies of any third-party sites you visit. Their data practices may differ significantly from ours.

13.4 No Endorsement

Links to external sites do not constitute endorsement, approval, or sponsorship by Müllerstein.

13.5 Social Media Features

Social media plugins (like buttons, share widgets) may:

• Set cookies

• Track your interactions

• Collect information about your browsing

These are governed by the privacy policies of the respective platforms.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Right to Modify

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices

• Changes in applicable laws

• New features or services

• Feedback from users

14.2 Notification of Changes

When we make material changes:

• We will update the "Last Updated" date

• We may notify you via email or prominent notice on our website

• For significant changes, we may seek renewed consent where required

14.3 Review Regularly

We encourage you to review this policy periodically to stay informed about how we protect your information.

14.4 Continued Use

Your continued use of our website or services after changes constitutes acceptance of the updated policy.

14.5 Archived Versions

Previous versions of this policy may be available upon request.

15. CONTACT INFORMATION AND COMPLAINTS

15.1 General Inquiries

For questions about this Privacy Policy or our data practices, contact us at:

MÜLLERSTEIN INTERNATIONAL SOLUTIONS S.R.L.

Email: info@mullerstein.com

Address: Province 01 San José, Canton 02 Escazú, San Rafael, EBC Corporate Center, Eighth Floor, Offices of Sfera Legal, Costa Rica

Registration Number: 3-102-920047

15.2 Data Protection Officer

For privacy-specific inquiries or to exercise your rights:

Email: info@mullerstein.com

Subject: "Privacy Inquiry" or "Data Rights Request"

15.3 Response Time

We aim to respond to all inquiries within 5 business days and resolve issues within 30 days.

15.4 Complaints

If you believe we have not addressed your concerns adequately, you may:

• Escalate within our organization

• File a complaint with a supervisory authority

• Seek legal remedies

15.5 Information to Include

When contacting us, please include:

• Your full name and contact information

• Description of your inquiry or request

• Any relevant account or reference numbers

• Preferred method of response

16. ACKNOWLEDGMENT

By using our website or services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

Duration:
Project-dependent

Mullerstein.com is owned by MULLERSTEIN INTERNATIONAL SOLUTIONS SOCIEDAD DE RESPONSABILIDAD LIMITADA, registration number 3-102-920047, registered address Province 01 San Jose, Canton 02 Escazu, San Rafael, Ebc Corporate Center, Eighth Floor, Offices Of Sfera Legal, Costa Rica.

Privacy Policy | Terms of Use

Contact us at info@mullerstein.com

© 2025 MULLERSTEIN INTERNATIONAL SOLUTIONS SOCIEDAD DE RESPONSABILIDAD LIMITADA.
All rights reserved.