Last Updated:
21 Oct 2025
1. Introduction
FLUIDSIDE – UNIPESSOAL LDA, hereinafter referred to as FluidHR, values the privacy and protection of personal data of its users, clients, partners, and employees.
This Privacy Policy defines the principles, practices, and measures adopted by FluidHR to ensure the lawful, transparent, and secure processing of personal data, in accordance with the General Data Protection Regulation (EU Regulation 2016/679 - GDPR) and with Law No. 58/2019 (transposition of GDPR in Portugal).
2. Scope of Application
This Policy applies to all personal data processing carried out by Fluid HR, including:
Users and administrators of the Fluid HR SaaS platform;
Applicants and employees registered in the recruitment and personnel management modules;
Partners and service providers with access to data processed by Fluid HR;
Visitors to the company’s website and other digital channels.
3. Responsible Entity for Processing
FLUIDSIDE – UNIPESSOAL LDA
Headquarters: Rua Nossa Senhora de Fátima, Nº 5 — 8550-240 Monchique, Portugal
Tax ID: 519
Contact email: admin@fluidhr.ai
Fluid HR acts as the Data Controller, determining the purposes and means of processing the personal data under its management.
In specific situations (e.g., processing data of corporate clients), Fluid HR may act as Processor, strictly following the client’s instructions.
4. Principles of Data Processing
Fluid HR commits to adhere to the following fundamental principles:
Lawfulness, fairness, and transparency: data is processed lawfully and in a transparent manner.
Purpose limitation: data is collected only for specific and legitimate purposes.
Data minimization: only data that is strictly necessary is processed.
Accuracy: data is kept up to date and corrected when necessary.
Storage limitation: data is retained only for as long as necessary.
Integrity and confidentiality: appropriate technical and organizational measures are applied to prevent unauthorized access, loss, or destruction.
5. Data Collected and Purposes
Fluid HR may collect and process the following types of data:
Data Category | Examples | Purpose |
|---|---|---|
Identification | Name, email, phone | Account creation and authentication on the platform |
Professional | Position, experience, CV | Recruitment processes and talent management |
Contractual | Contract data, Tax ID | Administrative and tax management |
Technical | Logs, IP address, cookies | Security, maintenance, and improvement of the system |
Communication | Messages and feedback | Technical support and enhancing user experience |
The data may also be used to:
Train Fluid HR AI models (in an anonymized manner);
Generate predictive insights and internal recommendations;
Fulfill legal and contractual obligations.
6. Legal Bases for Processing
The processing carried out by Fluid HR is based on the following legal grounds:
Contract performance: when processing is necessary for the provision of SaaS services.
Consent: when the user authorizes communications, analyses, or optional integrations.
Legitimate interest: for product improvements, security, and support.
Legal obligation: for compliance with tax, labor, or data protection regulations.
7. Data Sharing and Transfer
Fluid HR only shares data with essential suppliers and partners, under contractual agreements and confidentiality clauses.
The main suppliers include:
Amazon Web Services (AWS): infrastructure for secure hosting and storage.
OpenAI: processing AI functionalities (without storing identifiable personal data).
Google Workspace / Drive: internal document management.
Zoom: conducting the interview
DocuSign: Enabling contract signing
The data may be transferred outside the European Economic Area only to countries with adequate guarantees of data protection, in accordance with Article 46 of the GDPR.
8. Security Measures
Fluid HR applies appropriate technical and organizational measures, including:
Data encryption in transit and at rest;
Access controls and multifactor authentication;
Continuous monitoring and vulnerability management;
Automatic backups and geographical redundancy (AWS);
Internal confidentiality policies and ongoing cybersecurity training.
9. Data Subject Rights
Data subjects have the right to:
Access their personal data;
Rectify or delete incorrect data;
Limit or object to processing;
Port their data to another controller;
Withdraw consent, where applicable.
Requests can be exercised at this link and will be responded to within a maximum of 30 days.
10. Data Retention
Data is retained only for the period necessary to fulfill the defined purposes or legal obligations, as detailed in the Fluid HR Data Retention and Protection Policy.
11. Review and Update
This Policy will be reviewed annually or whenever there are relevant changes in the practices of Fluid HR or applicable legislation.
Last updated: November 2025.
Policy Owner: Data Protection Officer (DPO) – admin@fluidhr.ai
