Privacy Policy.

Tessera helps European and US companies meet senior LATAM professionals. That work depends on trust, so this Privacy Policy explains what personal data we handle, why we handle it, how long we keep it, and what rights people have over it.

This policy applies to candidates, website visitors, hiring clients, prospects, referees, partners, and anyone else who interacts with Tessera through this website, email, forms, calls, or our recruitment services.

1. Who we are

For most website, talent pool, candidate, marketing, and business-contact activity, Tessera acts as the data controller because we decide why and how personal data is processed. In some client engagements, a signed agreement may define a different role or set additional data-protection terms. Where that applies, we handle personal data under that agreement.

For privacy questions or requests, contact us at hello@tessera.partners. Candidates can also write to talent@tessera.partners.

2. Personal data we collect

Category	Examples
Candidate and talent data	Name, email, location, LinkedIn URL, CV or resume, work history, role family, seniority, language level, compensation expectations, target geographies, interview notes, assessment notes, references, availability, and communication history.
Client and business-contact data	Name, company, job title, email, phone number, hiring needs, role requirements, meeting notes, contract details, invoices, and business communications.
Website and form data	Information submitted through website forms, calendar links, email links, technical information such as IP address, browser, device data, pages visited, timestamps, and basic security logs.
Referee and source data	Reference contact details, professional relationship to a candidate, and reference feedback where a candidate has provided a reference or where collection is lawful and fair.

3. Where data comes from

• Directly from you when you fill in a form, email us, book a call, submit a CV, join a waitlist, or speak with us.
• From public professional sources, such as LinkedIn, company websites, conference pages, or public professional profiles.
• From clients, candidates, referrals, referees, or partners who introduce us to relevant people.
• From service providers that help us operate the website, forms, scheduling, email, document storage, analytics, CRM, or recruitment workflow.

4. Why we use personal data and our lawful bases

Purpose	Typical lawful basis
Respond to inquiries, schedule calls, and operate the website.	Legitimate interests, consent where required, and steps before entering into a contract.
Evaluate candidates, manage applications, and maintain the Tessera talent pool.	Consent, legitimate interests in responsible recruitment, and steps before entering into an employment or services relationship.
Match candidates with European, US, and international roles.	Consent for talent pool participation and candidate introductions; legitimate interests where outreach is relevant and proportionate.
Provide recruitment services to client companies.	Performance of a contract, steps before entering into a contract, legitimate interests, and legal obligations.
Share a candidate profile, CV, shortlist note, or assessment with a client company.	Candidate consent or another lawful basis confirmed before sharing. We do not send a candidate's CV to a client without candidate permission for that opportunity.
Protect our rights, prevent misuse, keep records, comply with law, and handle disputes.	Legal obligation and legitimate interests in secure and accountable operations.

Where we rely on legitimate interests, we balance those interests against the rights and expectations of the people involved. You can object to processing based on legitimate interests as described below.

5. Sensitive data

We do not ask candidates to provide sensitive personal data unless it is necessary for a specific lawful purpose. Please do not send details about health, race or ethnic origin, political opinions, religion, union membership, genetic or biometric data, sexual orientation, or criminal history unless we specifically ask for it and explain why. If sensitive data is needed, we will rely on an appropriate legal basis, such as explicit consent, employment-law obligations, or the establishment, exercise, or defence of legal claims.

6. AI and automated decision-making

We may use AI-assisted tools to help organize information, summarize profiles, compare role requirements, identify potential matches, or improve internal workflows. Tessera does not make final recruitment decisions by solely automated means. Human review remains part of candidate evaluation, shortlisting, and client recommendations.

7. Who we share personal data with

• Client companies. We share candidate information only for relevant hiring opportunities and, for CVs or identifiable shortlists, with candidate permission for that opportunity.
• Service providers. We use providers for forms, scheduling, email, hosting, file storage, CRM, recruitment workflow, security, and productivity tools.
• Referees and professional sources. We may contact references when a candidate has provided them or where doing so is lawful and fair.
• Professional advisers and authorities. We may share information with lawyers, accountants, auditors, insurers, courts, regulators, or public authorities where necessary.
• Business transfers. If Tessera is involved in a merger, acquisition, restructuring, or sale of assets, relevant data may be transferred under confidentiality and data-protection commitments.

We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

8. International transfers

Our work is international. Personal data may be processed in the European Economic Area, the United Kingdom, the United States, Latin America, and other countries where Tessera, our clients, candidates, or service providers operate. Some of these countries may not provide the same level of data protection as the country where you live.

Where GDPR, UK GDPR, LGPD, or similar laws require safeguards for international transfers, we use appropriate measures such as contractual terms, data-processing agreements, access controls, vendor review, and transfer safeguards where appropriate.

9. Data retention

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required for legal, tax, accounting, regulatory, security, or dispute purposes. Our general retention guidelines are:

Data	Retention period
General website inquiries and email conversations	Up to 24 months after the last meaningful interaction, unless we need to keep the record longer for a contract, legal issue, or active relationship.
Talent pool profiles and candidate applications	Up to 24 months from the last meaningful candidate interaction, unless the candidate asks us to delete it earlier or agrees to a longer period.
Specific role applications where the candidate is not placed	Usually up to 12 months after the role process ends, or up to 24 months if the candidate also joins the talent pool.
Introduced, shortlisted, or placed candidate records	Up to 6 years after the last relevant placement, client engagement, or dispute period, so we can manage guarantees, contracts, tax records, and legal claims.
Client, prospect, supplier, and partner records	For the relationship period and up to 6 years after the last transaction or meaningful interaction, unless law requires longer.
Consent records, deletion logs, and rights request records	Up to 6 years so we can demonstrate compliance and respect future suppression or deletion requests.
Technical, security, and website logs	Usually up to 12 months, unless needed to investigate security incidents or misuse.

When retention ends, we delete, anonymize, or securely archive data. Backup copies may remain for a limited period until overwritten through normal backup cycles.

10. Your privacy rights

Depending on where you live and which law applies, including GDPR, UK GDPR, LGPD, and US state privacy laws, you may have rights to:

• request access to personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your data;
• request restriction or objection to certain processing;
• request portability of data you provided to us;
• withdraw consent where processing is based on consent;
• object to direct marketing at any time;
• request information about automated decision-making and ask for human review where applicable;
• appeal or complain where a law gives you that right.

To exercise rights, email hello@tessera.partners. We may ask for information to verify your identity. We aim to respond within one month for GDPR requests, and sooner where local law requires. If we cannot fulfil a request, we will explain why.

You may also have the right to complain to your local data protection authority, including an EU/EEA supervisory authority, the UK Information Commissioner's Office, Brazil's ANPD, or another authority that applies to your location.

11. Cookies and third-party services

We do not currently use advertising cookies on this website. The site may link to or use third-party services for fonts, forms, scheduling, analytics, or similar website operations. Those services may process technical data and apply their own terms or privacy notices. If we add analytics or marketing cookies later, we will update this policy and, where required, ask for consent.

12. Security

We use reasonable technical and organizational measures to protect personal data, including access controls, limited internal access, secure service providers, confidentiality practices, and review of where candidate data is stored and shared. No system is perfectly secure, but we work to reduce risk and respond responsibly if an incident occurs.

13. Changes to this policy

We may update this Privacy Policy as our services, tools, or legal obligations change. The latest version will be posted on this page with the updated date.