GDPR & DPIA
Practical guidance, a quick DPIA screener, and an AI helper — aligned to privacy-by-design and GDPR Art.25.
Our Commitment
We process personal data in accordance with UK GDPR and the Data Protection Act 2018, upholding fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, and accountability.
Privacy by Design & Default
We embed controls across Candidates, Employers, Advertisers, and Admin areas. All major changes start with DPIA screening to identify risks and implement safeguards prior to launch.
Lawful Bases & Retention
We rely on consent, contract necessity, legal obligation, or legitimate interests as appropriate. Data is retained no longer than necessary and then securely erased or anonymised.
Your Rights
- Access — request a copy of your data;
- Rectification — correct inaccuracies;
- Erasure — the “right to be forgotten”, where applicable;
- Restriction — limit processing in certain cases;
- Portability — receive your data in a structured, commonly used format;
- Objection — object to processing, including direct marketing.
Contact our DPO to exercise your rights. We verify identity and respond within statutory timeframes.
Security Measures
TLS everywhere, strict sessions, CSRF on forms, least-privilege access, encryption at rest where appropriate, audit logs, and incident handling (notify → assess → contain → remediate).
DPO Contact
Email: privacy@thecandidategroup.ltd
Postal: Suite RA01, 195–197 Wood Street, London, E17 3NU
Ask AI about GDPR
Tip: Try “What lawful basis applies to job applications?” or “How do we run a DPIA for a new messaging feature?”
DPIA Screening (Quick)
Use this quick screen to decide whether a full DPIA is required before launching a feature or integration.