Discover Brand Kits: Exclaimer's new method for governing your brand across the digital communications that matter most.Find out more

Candidate Privacy Notice

1. About this notice

This Candidate Privacy Notice explains how Exclaimer Ltd processes your personal data during our recruitment activities. It applies to all candidates regardless of location and covers any role or opportunity you apply for across our global offices.

We’re committed to handling your data with transparency, fairness, and in line with data protection laws including the UK GDPR, EU GDPR, CCPA (as applicable), and other regional standards.

2. Who we are

Exclaimer Ltd is the data controller responsible for your personal data during the hiring process. For any questions, access requests, or concerns, you can contact our Data Protection Officer via dpo@exclaimer.com

For all other recruitment and hiring support, please contact our People Transformation Director via work@exclaimer.com

3. What data we collect and how

We collect personal data in the following categories:

  • Identifiers: name, contact details, address, email address, job history, education, CV/resume, pronouns, and cover letter.

  • Recruitment: any notes from interviews (including BrightHire or similar recordings where applicable), assessments, references.

  • Technical data: Application metadata via Greenhouse (our applicant tracking system) or any system that may replace it, IP address, technical tests issued during the interview process.

  • Special category data: where required and legally justified, we may collect diversity data (e.g. gender, ethnicity) this is always optional and anonymised.

We may collect this information from:

  • You directly (via application or interview)

  • Job boards and advertising partners

  • External recruitment agents

  • Social networking, including professional networks like LinkedIn

  • Background check providers (where lawful)

  • Referees you nominate

  • Public sources

4. Why we use your data

We use your information to:

  • Manage the recruitment process including screening, interviews, and assessment stages.

  • Determine suitability for open roles and contact you about future opportunities.

  • Keep a record of your application for 365 days.

  • Improve our recruitment and diversity practices.

  • Meet legal and regulatory obligations.

We rely on:

  • Legitimate interests for recruitment processing and future opportunity consideration

  • Consent (where explicitly requested, for retaining your details beyond 365 days)

5. Where do we share your data?

We may share your data with:

  • Greenhouse (our hiring system)

  • Bob HR (our People system)

  • BrightHire (interview notetaking and recording)

  • Slack (via the Greenhouse Slackbot)

  • Trusted background check and reference partners

  • Group companies of Exclaimer Ltd.

  • Legal or regulatory authorities, when required

All providers are contractually required to protect your information.

6. How long do we keep your information for?

  • We retain your application data for 365 days from the date of last activity.

  • At 180 days, you’ll receive an email asking if you'd like us to retain your data beyond 365 days.

  • If no explicit consent is received by day 365, your data will be deleted automatically.

  • You may request deletion at any time by contacting us at dpo@exclaimer.com

7. International transfers

Exclaimer is a global company, so we may transfer your data across regions. We ensure that any transfer of data is safeguarded by appropriate measures including standard contractual clauses or equivalent protections. Please refer to clause 10 for more information if you are an EU/UK resident.

8. Your rights

Depending on your location, you may have the right to:

  • Access the data we hold about you

  • Correct or update inaccurate data

  • Request deletion or restriction

  • Object to processing

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

To exercise any rights, email: dpo@exclaimer.com

9. California residents (CCPA)

If you’re based in California, we also comply with the California Consumer Privacy Act (CCPA). As a California resident, you have the right to:

  • Know what personal information we collect and how we use it

  • Access the personal data we hold about you

  • Correct inaccurate information

  • Request deletion of your personal data (subject to legal retention obligations)

  • Opt out of certain processing (where applicable)

  • Limit the use and disclosure of sensitive personal information

We will not discriminate against you for exercising your privacy rights. To make a request, email us at: dpo@exclaimer.com Please note that we may need to verify your identity before completing your request.

10. GDPR Compliance (UK and EEA)

We process personal data of candidates based in the UK and European Economic Area (EEA) in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR. This means:

Lawful Basis for Processing

We process your data on the following legal bases under Article 6 of the GDPR:

  • Legitimate Interests to assess your suitability for a role, manage recruitment workflows, and maintain candidate records

  • Legal Obligations where required for compliance with employment or anti-discrimination laws

  • Consent where we ask for it (e.g. to retain your details beyond 365 days or process sensitive data)

Where we process special category data (e.g. health or diversity data), we do so based on:

  • Explicit consent (Article 9(2)(a)) - always optional and anonymised wherever possible

  • Employment and equality obligations (Article 9(2)(b)) - where required to comply with workplace law

Data Transfers Outside the EEA/UK

If your data is transferred outside the UK or EEA (for example, to our teams or systems in the US or APAC), we ensure appropriate safeguards are in place such as:

  • UK International Data Transfer Agreements (IDTAs)

  • EU Standard Contractual Clauses (SCCs) or Adequacy Decisions

  • Data Processing Agreements with all relevant vendors, including Greenhouse and BrightHire.

Your GDPR Rights

As a candidate in the UK or EEA, you have the following rights:

  • Access to your data

  • Rectification of inaccurate data

  • Erasure (‘right to be forgotten’)

  • Restriction of processing

  • Objection to processing based on legitimate interest

  • Data portability (where applicable)

  • Withdraw consent at any time (if applicable)

You may also lodge a complaint with your local supervisory authority:

  • UK: ICO

  • EEA: Your national data protection authority

To exercise your rights, email: dpo@exclaimer.com

11. Additional information for candidates based in Germany

If you are applying for a role in Germany or are a resident in this country, please note:

  • We process your personal data in accordance with the EU GDPR and the German Federal Data Protection Act (BDSG).

  • We rely primarily on legitimate interest and statutory legal bases (e.g. for pre-employment steps under §26 BDSG) to process your data, rather than consent alone.

  • Where we process sensitive information (e.g. health data or diversity data), this will only be done in compliance with Article 9 GDPR and §26(3) BDSG, with appropriate safeguards.

  • If you are represented by a Betriebsrat (works council), we will consult them where applicable.

12. Additional information for candidates based in APAC

If you are applying for a role in the Asia-Pacific region, we process your personal data in line with local privacy laws such as:

  • Australia: Privacy Act 1988

  • Singapore: Personal Data Protection Act (PDPA)

  • India: Digital Personal Data Protection Act 2023 (DPDPA)

  • Japan: Act on the Protection of Personal Information (APPI)

  • New Zealand: Privacy Act 2020

We treat your information in accordance with global standards, including UK/EU GDPR, and apply the same security and retention policies to all candidates, including the right to request access, correction, and deletion of your data where permitted.

Your information may be securely transferred outside your country (e.g. to our UK or US systems), and where required, we apply contractual safeguards or equivalent protections to meet local standards.

13. Updates and version control

We may update this notice from time to time. Material changes will be highlighted in the version history and is available on request via dpo@exclaimer.com