Candidate Privacy Policy

1. Who We Are

2. Personal Data We Collect

• Personal Data Provided by You (“Application Data”) – Talon.One collects personal data from you when you apply for a role with us or when you attend one of our meet-up or recruiting events. We may ask you for your name, address, contact information, work and educational qualifications and other information relevant to the recruitment process and the position for which you are applying or are generally interested in.

• Personal Data from Third Parties – We may also obtain personal data from third parties that provide services to Talon.One or to you, such as companies that provide recruitment services to you, or that referred you for potential employment, such as a Talon.One employee. For example, if you apply through a third-party staffing firm, we will receive personal data regarding your experience and qualifications from such firms. We may also receive information from prior employers and other references that you authorize us to contact. Finally, we obtain personal data from the public areas of third-party professional social networks and websites. For example, we may find your profile on a professional social media website such as LinkedIn or Xing and contact you about suitable roles.

• Personal Data Generated by Us – We generate personal data from the interviews in which you participate (electronically or verbally) and evaluations provided by those who have interviewed you. In addition, we may collect data from your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that may have referred you to our website and any kind of correspondence between you and us.

3. How We Use Personal Data

4. Our Legal Bases for Processing

5. How We Disclose Personal Data

• Personnel and Affiliates – Talon.One GmbH provides recruiting management services to all Talon.One companies. This means that if you do not apply to a job at Talon.One GmbH that Talon.One GmbH will process your data on behalf of the Talon.One company to which you applied for, as a processor, which may be in a different country. Relevant personal data of applicants and potential candidates is shared with our personnel, including selected interviewers, hiring managers and relevant human resources and finance personnel. 

• Service Providers – We share personal data with trusted third-party providers (“Service Providers”) to perform services on our behalf or to assist us with providing services to you (e.g. IT service providers, recruiting and talent management software providers and HR information systems). Your personal data will be processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. For example, we share your personal data with Greenhouse Software, Inc., our recruiting and talent management software service provider. We also process your personal data using Google Workspace, which means that we share it with Google Ireland Limited, our principal storage and cloud computing services provider. With respect to certain candidates who have accepted a position with us, we may share personal data with our partner relocation agencies in order for them to provide relocation and immigration compliance services to our new hires. We grant our Service Providers access to your information only for purposes of performing these tasks on our behalf. Our Service Providers have been carefully selected and instructed by us. They are contractually bound to our instructions, have suitable technical and organizational measures to protect the rights of the data subjects and are regularly monitored by us.

• Other Disclosures – Regardless of any choices you make regarding your personal data, we may disclose your personal data to certain authorities or other third parties, including, for example, law enforcement agencies, law firms or public authorities, if we believe in good faith that such disclosure is necessary in connection with any legal investigation, to comply with relevant laws, to protect or defend our rights or property and to investigate or assist in preventing any violation or potential violation of the law or this Policy.

• Business transfer – As a matter of policy, we do not rent or sell personal data about our candidates with non-affiliated third parties unless we have specific consent to do so. In the event that our business or a division of our business is reorganized or sold and we transfer all or substantially all of our assets to a new owner, your personal data may be transferred to the buyer, subject to appropriate privacy safeguards.

6. Automated Decision Making

7. International Data Transfers

8. Retention Periods

• If you apply for a role and are unsuccessful or if you reject an offer of employment, we will delete/anonymize your Application Data after 6 months following communication to you of our decision, unless you consent for us to retain your data in order to consider you for potential future roles.

• If you apply for a role and are successful, and if you accept your offer of employment, relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained no longer than necessary for the purpose for which we obtained them and for any other permitted compatible purposes, including compliance with legal obligations in the field of employment law.

• As mentioned above, if you consent for us to retain your data in accordance with Art. 6 (1) a) GDPR, we will store and process your personal data to contact you later to let you know of any open positions for which we believe you would be a potential fit, which consent you may withdraw at any time by contacting us at privacy@talon.one. We will renew this consent every 3 years.

9. Data Security

10. Your Legal Rights

• Right to access: You have the right to access your personal data and obtain additional information on how we process it. You may also request a copy of the data we maintain relating to you.

• Right to rectification: If you notice that your personal data is incorrect, you can always request that we correct it.

• Right to erasure: You have the right to ask us to delete your personal data. Please note that even if you exercise this right, we may be required to retain some of your information if we process it as part of our legal obligations.

• Right to restriction of processing: If you have requested the deletion of your personal data, but we are legally obliged to retain some of it, we will store your data in our archives and only reintegrate it into our operational systems with your consent. However, you will not be able to use our Services during this time, otherwise we will need to process your data again.

• Right to data portability: You can ask us to transmit your personal data in a machine-readable format to you or to another data controller. However, please note that this right only applies to personal data that we process under a contract or with your consent.

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to any processing of your personal data, which is processed on the basis of our legitimate interests. If you object, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend against legal claims

• Right of complaint: You can raise a complaint about our processing with the data protection authority in the EU Member State of your habitual residence, place of work, or the place where you think a violation of the GDPR has occurred. In the case of cross-border data processing, you can also lodge a complaint with our lead supervisory authority in Berlin, Germany.

• Right not to be subject to a decision based solely on automated processing: You have the right to object to a fully automated decision (i.e. without any human intervention in the decision-making process) that has legal effects or significantly affects you.

• Right to withdraw consent: Where we rely on consent to process your personal data, you have the right to withdraw your consent at any time. If there is no other legitimate ground upon which Delivery Hero is allowed to process your personal data, we will immediately stop processing it. Withdrawal of consent does not affect the legality of the processing carried out before the withdrawal.

11. Changes to this Policy