Legal

Privacy policy

Last updated: June 2026

Who we are

staffai.eu is operated by KERNSTEIN.eu, an employer-of-record service provider based in the European Union. We connect companies with senior AI, data, and Python engineers from Eastern Europe on a time & material basis.

For the purposes of the General Data Protection Regulation (GDPR), KERNSTEIN.eu is the data controller for personal data collected through this website.

What data we collect

We collect the following categories of personal data:

  • Contact form data: Name, work email, company name, and message content when you submit a contact form or use the AI Engagement Estimator.
  • Analytics data: Anonymized usage data, including pages visited, time on site, referral source, device type, and general geographic location (country-level). This data is collected via PostHog, hosted in the EU cloud.
  • Cookies: We use strictly necessary cookies to enable basic site functionality, and analytics cookies to measure site performance. No third-party advertising cookies are used.

Why we collect this data

We process your personal data for the following purposes:

  • Lead handling: To respond to your inquiries, provide engagement estimates, and match you with engineer profiles when you express interest in staffai.eu services.
  • Analytics: To understand how visitors use the site, which pages are most valuable, and where users experience friction. This helps us improve the site and service delivery.
  • Service delivery: To facilitate engineer engagements when you become a client, including contract execution, invoicing, and ongoing support.

Legal basis for processing

We process your personal data under the following legal bases as defined in GDPR:

  • Legitimate interest (Article 6(1)(f)): For analytics data, we have a legitimate interest in understanding site usage to improve our services. This processing does not override your rights and freedoms.
  • Contract performance (Article 6(1)(b)): When you submit a lead form or request an engagement estimate, we process your data to enter into or perform a contract with you.
  • Consent (Article 6(1)(a)): For non-essential cookies, we obtain your consent before placing them on your device.

How long we retain your data

  • Contact form and lead data: Retained for 3 years from the date of submission, or until you request deletion.
  • Analytics data: Anonymized analytics data is retained for 1 year, then automatically deleted.
  • Client engagement data: If you become a client, engagement-related data (contracts, invoices, work records) is retained for 7 years to comply with accounting and tax obligations in the EU.

Who we share your data with

We do not sell your personal data. We share data only with the following categories of recipients:

  • Service providers: PostHog (EU cloud) for analytics. All processors are GDPR-compliant and operate under data processing agreements.
  • Legal obligations: We may disclose data if required by law or in response to valid legal requests from public authorities.

Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Correct inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Right to data portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interest, including for analytics purposes.
  • Right to withdraw consent: If processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@kernstein.eu. We will respond within 30 days.

Cookies

We use cookies to enable basic site functionality and measure site performance. You can control cookie preferences through your browser settings. Disabling cookies may affect site functionality.

Strictly necessary cookies: Enable core site features like form submission and session management. These cannot be disabled.

Analytics cookies: Used by PostHog to measure site usage. These can be disabled through your browser settings or by opting out of analytics tracking.

International data transfers

All data is processed and stored within the European Union. We do not transfer personal data outside the EU/EEA. If you are a US-based client and engage engineers through staffai.eu, any data flows related to service delivery will be governed by Standard Contractual Clauses (SCCs) as required under GDPR Chapter V.

Contact and complaints

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@kernstein.eu

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority under GDPR Article 77.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.