GDPR Compliance
We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR).
Last Updated: January 2025
The General Data Protection Regulation (GDPR) is the most comprehensive data privacy law in the world. At Talenty.ai, we take GDPR compliance seriously and have implemented robust measures to protect the personal data of individuals in the European Union (EU) and European Economic Area (EEA).
This page explains how we comply with GDPR, your rights as a data subject, and how you can exercise those rights. For more general information about our data practices, please see our Privacy Policy.
GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. Talenty.ai is fully compliant with GDPR requirements.
- We process personal data lawfully, fairly, and transparently
- Data is collected for specified, explicit, and legitimate purposes
- We minimize data collection to what is necessary
- Data is kept accurate and up to date
- Personal data is stored only as long as necessary
- We ensure appropriate security of personal data
Legal Basis for Processing
We process personal data only when we have a valid legal basis under GDPR Article 6.
- Consent: You have given clear consent for processing your personal data
- Contract: Processing is necessary to fulfill our contract with you
- Legal obligation: Processing is necessary to comply with the law
- Vital interests: Processing is necessary to protect someone's life
- Public task: Processing is necessary to perform a task in the public interest
- Legitimate interests: Processing is necessary for our legitimate interests (unless overridden by your rights)
Data Subject Rights
Under GDPR, you have specific rights regarding your personal data. We are committed to honoring these rights.
- Right to be informed: Transparent information about how we use your data
- Right of access: Request copies of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: Request limitation on how we use your data
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Rights related to automated decision-making: Not be subject to solely automated decisions
Data Controller Information
Talenty.ai acts as both a Data Controller and Data Processor depending on the context of data processing.
- As a Data Controller: We determine the purposes and means of processing customer account data
- As a Data Processor: We process candidate data on behalf of our customers (who are Controllers)
- Our customers are responsible for their own GDPR compliance when using our service
- We provide tools and features to help customers meet their GDPR obligations
- Data Processing Agreements (DPAs) are available for all customers
- We maintain records of processing activities as required by GDPR
Data Protection Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access controls: Role-based access and multi-factor authentication
- Regular security audits: Third-party penetration testing and vulnerability assessments
- Employee training: All staff receive data protection and security training
- Incident response: Documented procedures for data breach notification
- Vendor management: All processors are carefully vetted and contractually bound
- Physical security: Secure data centers with 24/7 monitoring
- Privacy by design: Data protection built into all our systems from the ground up
International Data Transfers
We transfer personal data outside the European Economic Area (EEA) only with appropriate safeguards.
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs for data transfers
- Adequacy decisions: We rely on adequacy decisions where applicable
- Additional safeguards: We implement supplementary measures to protect transferred data
- Transfer impact assessments: We assess risks for each international transfer
- Processor agreements: All sub-processors sign appropriate data transfer agreements
- You have the right to obtain information about safeguards for your data transfers
Data Breach Procedures
We have established procedures to detect, report, and investigate personal data breaches.
- Detection: Continuous monitoring and incident detection systems
- Assessment: Rapid evaluation of breach severity and impact
- Notification to authorities: Report to supervisory authority within 72 hours if required
- Notification to individuals: Inform affected individuals without undue delay if high risk
- Documentation: Maintain records of all breaches, effects, and remedial action
- Remediation: Immediate action to contain and remedy any breach
- Review: Post-incident analysis to prevent future occurrences
Data Processing Agreement (DPA)
We provide a comprehensive Data Processing Agreement to all customers who process personal data through our platform.
- Defines our role as Data Processor and your role as Data Controller
- Specifies the subject matter, duration, nature, and purpose of processing
- Identifies types of personal data and categories of data subjects
- Outlines our obligations as a processor under GDPR
- Includes Standard Contractual Clauses for international transfers
- Available for download or signature upon request
How to Exercise Your Rights
You can exercise your GDPR rights by contacting us through the methods below. We will respond within one month.
- Email our Data Protection Officer at hello@talenty.ai
- Use the data access request form in your account settings
- Send written requests to our postal address
- We may request additional information to verify your identity
- Responses are provided free of charge (unless requests are excessive)
- We will inform you if we cannot action your request and explain why
- You have the right to lodge a complaint with your supervisory authority
Automated Decision-Making
We use AI and automated systems in our recruitment platform. Here's how we ensure GDPR compliance.
- Candidate matching uses AI but final decisions are made by humans
- No solely automated decisions with legal or significant effects
- Candidates have the right to obtain human intervention
- You can express your point of view and contest automated recommendations
- We provide meaningful information about the logic involved in AI processing
- Regular audits ensure our AI systems comply with data protection principles
- Bias detection and mitigation measures are implemented
Children's Data
Special protections apply to the personal data of children under GDPR.
- Our services are not directed at children under 16 (or lower age in some EU countries)
- We do not knowingly collect data from children
- Parental consent would be required if we did process children's data
- If we learn we have collected data from a child, we delete it immediately
- Parents/guardians can contact us to exercise rights on behalf of children
Data Processing Agreement
Download our standard Data Processing Agreement (DPA) which includes Standard Contractual Clauses (SCCs) for international data transfers.
Contact Our Data Protection Officer
For any questions about GDPR compliance or to exercise your rights, contact our DPO.
Data Protection Officer
hello@talenty.aiPrivacy Team
hello@talenty.aiResponse Time: We will respond to all GDPR-related requests within 30 days (one month) as required by law. For complex requests, we may extend this by up to two months and will inform you accordingly.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data infringes GDPR.