Candidate Privacy Policy

GDPRDemo (“Company”, “we”, or “us”) values the trust you place in us when you give us access to your personal data. We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable laws.

The Company is a “data controller” of your personal data (for the purpose of the General Data Protection Regulation (“GDPR”) and is responsible for the lawfulness of what we do with your personal data. These Privacy Policy provisions will apply to our processing of your personal information where you apply to a job opening posted directly by us. Where you apply to a job opening for our Company through the application process of another source, such as a job board, that source may collect and retain your personal information as part of the application process. Any use of your personal information by another source shall be in accordance with that source’s own Privacy Policy.

We use Applicant Tracking Software, branded as Applicant Tracking Software, an online applicant tracking tool, as a “data processor” to process personal information on our behalf. Applicant Tracking Software is only entitled to process your personal data in accordance with our instructions.

Data Protection Principles

Your data will be:

  • Used lawfully, fairly and in a transparent way.

  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

  • Relevant to the purposes we have told you about and limited only to those purposes.

  • Accurate and kept up to date.

  • Kept only as long as necessary for the purposes we have told you about.

  • Kept securely.


Security Technology and Practices

We always transmit and store personal information securely. This prevents potential hackers from “tapping” a data conversation. The data security standards we have in place include auditing, logging, backups, and safe-guarding data. Our servers are housed in datacenters that are ISO27001 certified, the highest and most current standard for managing systems and data securely. All datacenter facilities are protected by professional security staff utilizing video surveillance, intrusion detection systems and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. We are SOC 2 compliant and audited annually by a third party CPA firm.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at [email protected].

Data Retention

Your personal data will be deleted upon receipt of a written request by you to us.

What information do we collect as part of the application process?

We may collect and process some or all of the following types of information from you when you apply for one of our positions:

  • Name and other personal information such as gender, date and place of birth;

  • Contact information, such as address, telephone number, and e-mail address;

  • Employment history (including current and/or previous employers, job titles, or positions) and references;

  • Other academic, professional, training and salary-related information, such as academic degrees and professional qualifications;

  • Your CV/résumé (which may include details of any memberships or interests constituting Sensitive Personal Information (as that term is defined herein));

  • National identifiers such as nationality/ies, national IDs/passport, social security/ insurance numbers, immigration information, and visa status;

  • Information relating to previous applications you have made to our Company and/or any previous employment history with our Company;

  • A record of your progress through any hiring process we may conduct;

  • If you contact us, we may keep a record of that correspondence;

  • Your video interview if one was performed; and

  • Any other information you voluntarily provide throughout the process, including information provided during an interview or as part of an assessment.


Sensitive Personal Information

  • As a general rule, during the recruitment process, we try not to collect or process any “Sensitive Personal Information” unless authorized by law or where necessary to comply with applicable laws. Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation.

  • However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruiting-related purposes. For example, information about your racial/ethnic origin, gender and disabilities may be collected for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations. Any reports prepared for this purpose would not contain personal information, i.e., the information would be aggregated and anonymized. Furthermore, information about your physical or mental condition may be collected in order to consider accommodations we need to make for the recruitment process and/or subsequent job role.

  • You may provide, on a voluntary basis, other Sensitive Personal Information during the recruiting process.


Information we may collect from other sources (in each case where permissible and in accordance with applicable law):

  • References provided by referees;

  • Other background information provided or confirmed by academic institutions and training or certification providers;

  • Criminal records data obtained through criminal records checks;

  • Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries);

  • Information provided by recruiting or executive search agencies; and

  • Information collected from publicly available sources, including any social media platforms you use or other information available online.


If you fail to provide personal data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application further. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

What other information do we collect?


Social Media Widgets

  • Our website includes Social Media Features, such as the Facebook and X (formerly Twitter) buttons or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our site. Your interactions with these Features are governed by the privacy policy of the company providing it.


Purposes for processing personal information


Application Information

  • We collect this personal information to be used primarily for recruiting purposes – in particular, to determine your qualifications for employment and to make a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying out reference and / or background checks (where applicable) and generally managing the hiring process and communicating with you about it.

  • If you are accepted for a role at our Company, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

  • If you are not successful, we may still keep your application to allow us to consider you for other suitable openings with our Company in the future.


Automated Decision Making

We may use Applicant Tracking Software’s technology in order to automatically sort, select, rate, or filter candidates using criteria specified by us. However, any decision made with respect to hiring a candidate for one of our positions will be made by our staff.

Disclosures of your personal information and transfers abroad

We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

Transfers Within Our Company

  • Your personal information may be shared with other members of our Company around the world in order to administer our recruitment processes and store data.

Transfers to Third Party Service Providers

  • In accordance with applicable law, certain personal information may be made available to third parties who provide services relating to the recruiting process, including (a) recruiting or executive search agencies involved in your recruiting; (b) background checking or other screening providers and relevant local criminal records checking agencies; (c) data storage, shared services and recruiting platform providers, IT developers and support providers and providers of hosting services; and (d) third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing / reporting issues.

  • Your personal information may also be disclosed to third parties of other lawful grounds, including: (a) where you have provided your consent; (b) to comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant; (c) in response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes); (d) as necessary to establish, exercise or defend against potential, threatened or actual legal claims; (e) where necessary to protect your vital interests or those of another person; and/or (f) in connection with the sale, assignment or other transfer of all or part of our business.


Transfers Abroad

  • Your personal information may be processed by third parties for the reasons explained in this Notice, third party vendors, who may be based in countries other than your country of residence. These countries may have data protection laws that are different, and potentially less protective, than the laws of your own country. However, our Company will implement measures with any recipients of your personal information to ensure it remains protected in accordance with this Notice and applicable data protection laws.


Legal basis for processing your personal information (EEA applicants only)


Under European data protection law, our legal basis for collecting and processing your personal information will depend on the information concerned and the context in which we collect it. However, we will normally collect personal information from you only where: (a) the processing is in our legitimate interests (as summarized above) (and not overridden by your data protection interests or fundamental rights and freedoms); (b) we need the information to comply with applicable immigration and/or employment laws and regulations; (c) we need the information to take steps prior to entering an employment contract with you, where you are considered for employment; (d) you have made the data public; (e) we have your consent to do so; and (f) we need to protect the rights and interests of our Company, our employees, applicants and others, as required and permitted by applicable law.

Where we rely on your consent to collect and process your personal information, you have the right to withdraw or decline your consent at any time. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Your rights in connection with personal data


Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that it is being lawfully processed.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affecting you.

  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal data to another party.


If you would like to exercise any of those rights, please contact us using our Contact information below, allow us to collect enough information to identify you, and provide us with the information to which your request relates.

Links to 3rd party sites


Our site includes links to other websites whose privacy practices may differ from those of our Company. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Who to contact

Please address any questions or requests relating to this Notice to Support.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.