Recommandation: Review the DeepL Privacy Notice for Candidates before applying and keep a copy handy as your quick reference; using it can help you shine in conversations about data handling and inform decisions on sharing personal details.
The guide explains what DeepL collects at first contact, how data flows through networks and systems, and what you can expect about monetary data, salary discussions, and recruitment notes.
Steps you can take now: first, map the data you share during applying; second, opt in only to fields you understand; third, request sources and retention details in writing; fourth, set restrictions to stop sharing after a stage; fifth, use erasure requests to remove misstored items.
Keep your privacy choices clear and contact-friendly: inform the first point of contact about your preferences, and when you want to update, respond through the official channel or phone to avoid confusion and maintain a clean trail.
Although laws vary by jurisdiction, the notice explains when data can be shared with networks or government bodies and how to challenge inaccuracies. If you suspect a misrouting, request correction and erasure of the affected items.
Use the promotional text within the guide to set expectations with recruiters, but stay concise; never share more than needed, and maintain a separate log of all privacy requests and responses to prove compliance if needed.
Apply with confidence: this practical guide helps you safeguard personal data, strengthen your first impression, and keep records aligned with your privacy goals.
What Data Is Collected From Candidates and Why It Is Needed
Collect only the data you need for the role and document the lawful basis for each item, with a clear retention timeline and a defined process for rights requests.
- Identity and contact details
- Data: name, email, phone, current address
- Why: identify the candidate, coordinate interviews, and contact about next steps
- Demographic and diversity data (voluntary)
- Data: gender (provided voluntarily) and other optional attributes
- Why: monitor equitable hiring practices and report on diversity goals; you may refuse to provide this data without affecting the process
- Professional history and qualifications
- Data: resume or CV, job titles, employers, dates, education, certifications
- Why: evaluate fit, verify claimed experience, and assess credential relevance to the role
- Assessments, responses, and samples
- Data: answers to interview questions, task results, coding samples, case analyses
- Why: measure competencies, problem-solving approach, and potential for success in the role
- Work eligibility and compliance data
- Data: right-to-work status, permits, background checks when required by law
- Why: ensure lawful employment and necessary safety checks, limited to what is needed for the role
- References and professional affiliations
- Data: reference contacts, affiliation with partners or networks (affiliates)
- Why: validate experience and behavior; contact references only with consent
- Technical data from application channels
- Data: portal submissions, login activity, device and network metadata
- Why: protect data integrity, detect anomalies, enable secure transfer and portability
Data handling and access controls ensure clarity on why each item is collected and how it will be used. Above all, link every data item to a specific, lawful basis and a defined retention window.
- Sharing and transferring data
- Data may be shared with processors and affiliates under contract, and with third-party services (e.g., background checks) only as needed
- Data transfers occur over secure networks using approved protocol and encryption
- Rights and restrictions are documented in the section that governs data sharing and transfer
- Portability, rectification, and access
- Data subjects may request data portability in a standard format and obtain a copy of their information
- Rectification requests correct inaccuracies; you should re-enter corrected data into the system
- Access requests and corrections are fulfilled within defined timeframes
- Control over processing
- Candidates can refuse to provide non-essential data, and may request to disable processing of certain items
- If consent is withdrawn, processing for that item ceases unless a lawful basis remains
- Return or deletion options are provided after the process ends, following the above section’s retention policy
Data collection aligns with regulation and the protocol established in our privacy notice. Where applicable, the policy references termsfeed for the policy framework that governs disclosures, data sharing, and retention.
How Personal Information Is Used Across the Hiring Process for Business Purposes
Provide an explicit purpose notice at each stage and maintain a clear data flow map to ensure processing stays within the context of recruitment. Safeguards are embedded from collection, and information is maintained in secure systems with access controls and regular audits to protect candidates and the company. There is a defined retention window, and data may be processed only for the stated business purposes.
The источник of data includes CVs, application forms, phone interviews, assessment results, and reference notes. At every step, the recruiter uses this information to evaluate fit, verify identity, assess performance in tasks, and support contracts execution. Data handling remains limited to certain colleagues and departments, and any sharing occurs in accordance with contracts and lawful bases.
In accordance with statute and applicable law, information is retained for a defined period and then deleted when no longer needed. If a candidate requests rectification, portability, or deletion, the company shall respond within the required timelines. The data line of processing across stages–from initial contact to onboarding–ensures context remains explicit. Hereinafter, the term “data” refers to personal information used in hiring.
Data Handling and Rights
The recruiter is responsible for handling information on behalf of the company; they shall define access rights and implement persistent privacy controls. They coordinate with customers and other stakeholders to minimize exposure, and they document every processing activity to support accountability. If there is a court or regulator review, they provide documentation showing the provenance–источник–of data, the context of use, safeguards, and the processing measures.
Who Sees Your Data: Sharing, Subprocessors, and Cross-Border Transfers
Review and tighten your sharing controls today: know who sees your data, where it travels, and how you can enforce explicit access limits. Ensure you can obtain a machine-readable map of data flows and exercise portability requests without delay, so you can confirm that personally identifiable details in applications are used only for legitimate purposes.
Sharing with internal teams and subprocessors
Data is shared with internal recruiters, HR teams, and with subprocessors such as jilda that assist with background checks, storage, and messaging. Access should be limited to defined roles, and you should receive a clear response about who can view each data category, including gender and questionnaire responses. Publicly available descriptions of purposes help you verify benefit to your application, while the most sensitive items stay in confidential records. Anyone who accesses data must comply with acts and policies, and contacting us will allow you to review access or refuse it for any processor without a legitimate business need. Diagnostic checks may be used to confirm access rights, and evidence of contracts or consent should be kept so you can see who received data and for what reason, and what they were charged for.
Cross-border transfers and safeguards
When data moves across states or to united jurisdictions, we apply defined safeguards and monitor subprocessors to comply with data-protection requirements. Transfers occur only to three approved partners or states, with encryption in transit and at rest, and with formal SCCs or other legal mechanisms. We provide evidence of transfer compliance upon request and maintain logs of responses to data subject access requests. We may port data to another service in a machine-readable format, and we will assist you by contacting the provider to review or withdraw access. If finances data is involved, we isolate and limit exposure, and you can review any charges or fees associated with the transfer or storage. You may reach out to obtain copies of data or to request erasure in line with your rights.
Retention, Access, and Deletion: Managing Your Candidate Data
Set a retention window for your candidate data and request a copy or deletion within 30 days of your latest activity. This action relates to your rights under euuk data protection rules and reflects your control over what information remains on file. By choosing the abovementioned options, you shine a light on how data flows across professions and within the different parts of the hiring process. If you are aware of what you want, use the contact channel in your account and we respond soon with precise steps. This approach helps you understand what data is stored and why, at the least ensuring you learn more about the handling of your data.
Retention practices
We minimize data collection with a least-necessary approach, keeping identifying data only to evaluate suitability for the role and to meet legal obligations. For applications that move forward, retention may extend up to 12 months; for unsuccessful cases, we typically purge within 6 months unless you give explicit consent to keep data for future opportunities. Incomplete submissions are removed within 60 days. Backups follow standard purge cycles, and any data kept in machine-readable formats is limited to what is needed to support your rights and our records. This policy applies across many professions and aims to be transparent about what is stored, why, and for how long.
Access and deletion process
To access your data, open the candidate portal and submit a data-access request; we provide a machine-readable export in CSV or JSON. When you request deletion, we remove contact and identifying parts of your file that relate to you; however, some data may remain in backups until the next purge cycle. Deletion is completed within 30 days of receipt, unless regulatory requirements require a longer period on behalf of the controller. If you need immediate action, the in-account contact option helps us respond faster and ensure the request reflects your particular situation. If you learn that someone accessed your data in error or on your behalf, you can ask for a trace of access events and the steps taken to address it.
Practical Steps to Protect Your Privacy and Exercise Your Rights as a Candidate
Review and restrict what you share on every platform you use for job applications. Limit visibility of your qualification, surname, email, and phone number to what is strictly required for evaluation, and avoid exposing addresses unless a line of business requires them. Confirm who will access results and how long data is stored, and insist on a clear data retention line in each related agreement. If marketing messages appear, unsubscribe from those lists to reduce unnecessary profiling. You will not be charged to exercise your rights, and all procedures should feel united, with a direct line of contact for data inquiries. Only certain data fields are required for the assessment, so keep your personal area of exposure to the minimum necessary.
Know Your Rights and How to Exercise Them
Request access to the data provided about you and verify its accuracy. Demand that information be used only for the stated purpose and by the committees involved in the evaluation. If data is processed by third-party platforms, obtain a data processing agreement that shows related data flows and the protocol for handling complaints. In kvkk contexts, ensure compliance when data is stored or shared; for other regions, identify the local data protection law and align your rights accordingly. If you find any entry marked as initial or related to an area outside your control, ask for correction or deletion with a concrete timeline. Seek direct answers from the corp contact arranging the evaluation so you can track progress against your rights.
Practical Controls and Documentation
Keep a documented record of each application, including the initial submission date, the area of assessment, and the evaluation results. Save copies of agreements, notices, and any consent forms provided, noting the years of retention specified and where data is held. Use a separate email channel to minimize exposure of your surname and other identifiers on public pages. Build a simple checklist to verify that rights are respected before you proceed with any next step, and regularly review consent settings on platforms to ensure they remain aligned with your preferences.
| Action | Why it matters | Notes |
|---|---|---|
| Limit data exposure | Reduces risk of misuse or misclassification | Share only what is required for qualification and evaluation |
| Request access and corrections | Maintains accuracy and control | Ask for provided data within a defined period |
| Review data flows | Identifies platforms, corp partners, and third parties | Look for data processing agreements and unsubscribe options |
| Maintain documentation | Supports accountability and potential complaints | Store in a secure area, avoid mixing with personal accounts |
