This policy explains how TalentWorldGroup Plc. ("TWG") handles personal data. We comply with the European Union’s General Data Protection Regulation (GDPR – EU 2016/679) and maintain records of all data processing activities as required.
We collect and store your personal data for different reasons depending on your relationship with us. This can include contacting you, evaluating your application, managing our contractual relationship, or providing access to our platforms.
| Scope of data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Full name | Contact | Consent | 2 years or until consent is withdrawn |
| Email address | Contact | Consent | 2 years or until consent is withdrawn |
We collect personal data through online application forms, email communication, and onboarding processes, such as identity verification processes or online meetings. All data points, retention periods and specific details are included in our Data Protection Policy, which we send to everyone once contracted. All intake methods are reviewed by our HR and compliance teams to ensure they are fair and compliant with GDPR.
When you apply to TWG or contact us through our platform, you consent to us collecting and using your personal data as described above. We may use this data for recruitment, onboarding, and to support our services. If required, we will ask for your explicit permission.
You may withdraw your consent at any time by writing to:
Please note: withdrawing consent may affect our ability to process your application or continue our services.
If we want to use your data for something not already described here, we’ll inform you and request new consent if necessary.
If you would like to know what personal data we hold about you, you can request access by writing to dpo@talentworldgroup.com. For your protection, we will verify your identity before releasing any information.
We will provide a copy of your personal data in a clear and understandable format and free of charge, along with a list of third-party vendors or platforms with whom their data has been shared. Responses will be provided within 30 days in accordance with applicable privacy laws.
You can also ask us to correct or update inaccurate or incomplete data. If we have shared your data with others, we will do our best to inform them about the changes if applicable.
If we cannot grant your request for access or correction, we will explain why in writing and let you know how to challenge the decision, unless we are prohibited from doing so by law.
If you request that we delete your personal data, we will review the request and flag your records for secure removal. Our team identifies the relevant data across our systems and ensures it is properly erased or anonymized.
Once your data is no longer needed or if you have withdrawn your consent, we securely delete it from our systems. This includes removing data from databases, internal tools, and backups (where feasible), or converting it into an anonymized format that can no longer be linked to you.
To request deletion, please contact dpo@talentworldgroup.com.
For your protection, we may take steps to verify your identity before responding to your request to access or modify your personal data.
TWG may receive applicant or contact data from external platforms or recruitment services that are committed to fair data collection practices. We only share personal information with third parties when it is necessary for the purposes stated in this policy and when the data subject has provided their implicit or explicit consent.
All third parties receiving personal data from TWG are required to sign a data protection agreement or similar contractual terms that ensure the security, confidentiality, and proper handling of the information. We also take reasonable steps to assess these third parties and ensure they meet our privacy and security standards.
We do not process sensitive personal data (such as health or biometric data). Voice recordings used for internal quality assurance do not identify individuals and are not considered sensitive.
Some of the systems we use may collect basic device or browser data (e.g., cookies, system logs) to help support access or improve workflow. If applicable, we will inform you and ask for your consent in line with legal requirements.
We take care to make sure that your personal data is not deleted or lost by mistake. Whether your information is stored in our systems, email, or internal tools, we have procedures in place to prevent accidental deletion or unauthorized changes.
Only authorized staff can access or manage this data, and we use secure systems that protect it from being altered or erased. This helps ensure that your data is available when needed, and only removed when it’s appropriate to do so — based on our defined retention periods or your withdrawal of consent.
You can see what data we have about you.
You have the right to ask if we’re processing your personal information and get a copy of it.
You can ask us to fix incorrect or incomplete data.
If anything we hold about you is wrong or out of date, you can ask us to correct it.
You can ask us to delete your data.
In some cases, you can ask us to remove your personal data completely — for example, if it’s no longer needed or you’ve withdrawn your consent.
You can limit how we use your data.
You can request that we stop using your data in certain situations (for example, while we’re checking if it’s accurate).
You can say no to how we’re using your data.
If we’re using your data for something based on our “legitimate interest,” you have the right to object.
You can take your data with you.
You can ask us to send your personal data to you, or to another company, in a format that’s easy to read and transfer.
You can withdraw your consent.
If you give us consent to use your data, you can change your mind at any time. Just email us — it’s as easy to withdraw as it was to give consent.
You can file a complaint.
If you’re unhappy with how we handle your data, you can contact us — or go directly to the national privacy authority.
If a personal data breach is likely to result in a risk to the rights and freedoms of individuals, TWG will notify affected data subjects without undue delay. In cases where notification is legally required (e.g., under GDPR), TWG will also inform the relevant supervisory authority (such as the Hungarian NAIH) within 72 hours of becoming aware of the breach. All such incidents will be documented, and corrective actions will be taken to prevent recurrence.