Recruitment & Candidate
Data Protection Policy
TechMagic
1. Purpose and Scope
This Recruitment & Candidate Data Protection Policy (“Policy”) sets out the principles and requirements governing the processing of personal data of job applicants, candidates and potential candidates (“Candidates”) by TechMagic (individually “TechMagic LLC”, “TechMagic UK LTD”, “TechMagic PL”, MagicHire or collectively the “Companies”).
This Policy is adopted in accordance with:
• EU General Data Protection Regulation (EU) 2016/679 (“GDPR”)
• UK GDPR (where applicable)
• Applicable Ukrainian data protection legislation
• TechMagic Personal Data Processing Policy (PDPP)
• ISO‑based Information Security Management System implemented within TechMagic.
This Policy applies to all recruitment‑related processing activities conducted by or on behalf of TechMagic.
2. Roles and Governance
For recruitment activities TechMagic acts as an independent Data Controller.
Depending on the vacancy and employing entity, the relevant TechMagic entity acts as Data Controller.3
Where recruitment is conducted centrally for multiple group entities, TechMagic entities may act as joint controllers in accordance with Article 26 GDPR.
Processing is governed in accordance with:
• TechMagic Personal Data Processing Policy (PDPP)
• Internal information security policies
• Access control and confidentiality rules.
TechMagic applies the accountability principle and maintains records of processing activities in accordance with Article 30 GDPR.
3. Categories of Personal Data
TechMagic processes only data necessary for recruitment purposes.
Identification Data:
• full name
• location (city/country)
• date of birth (if voluntarily provided)
• photo (if voluntarily provided)
Contact Data:
• email address
• phone number
• professional profile links (LinkedIn, GitHub etc.)
Professional and Qualification Data:
• CV / resume
• employment history
• education and certifications
• skills and competencies
• portfolio or project references
• test task results
Recruitment Process Data:
• interview notes
• evaluation records
• communication history
• salary expectations and availability
TechMagic does not intentionally collect special categories of data under Article 9 GDPR.
4. Sources of Personal Data
Personal data may be obtained:
• directly from the Candidate
• via Company website or Applicant Tracking System (ATS)
• via professional platforms (LinkedIn, Djinni, DOU etc.)
• from recruitment agencies
• from publicly available sources.
Where personal data is not collected directly from the Candidate, TechMagic ensures compliance with Article 14 GDPR transparency requirements.
5. Purposes of Processing
Candidate data is processed exclusively for:
• assessment of suitability for employment or engagement
• communication during recruitment
• conducting interviews and technical assessments
• verification of qualifications and experience
• preparation of employment or contractor agreements
• maintaining a talent pool for future vacancies (where lawful)
• establishment, exercise or defence of legal claims.
6. Legal Bases for Processing
Processing may rely on one or more of the following legal bases:
• Article 6(1)(b) GDPR – steps prior to entering into a contract
• Article 6(1)(f) GDPR – legitimate interest in managing recruitment processes
• Article 6(1)(a) GDPR – consent where required (e.g., talent pool retention)
• Article 6(1)(c) GDPR – compliance with legal obligations.
Where legitimate interest is used, balancing tests may be conducted.
7. Data Sharing
Candidate data may be shared strictly on a need‑to‑know basis with:
• authorized HR personnel
• hiring managers
• relevant TechMagic affiliated entities
• IT service providers including ATS providers
• recruitment agencies
• background check providers (where applicable).
All processors are engaged under written agreements compliant with Article 28 GDPR.
8. International Transfers
Where personal data is transferred outside the EU/EEA or UK, TechMagic ensures appropriate safeguards including:
• Standard Contractual Clauses (SCC)
• adequacy decisions where applicable
• supplementary technical and organisational measures.
9. Data Retention
Candidate data is retained:
• for the duration of the recruitment process; and
• up to 24 months after the last meaningful interaction.
Retention beyond this period requires explicit consent or another lawful basis.
Upon expiration of retention periods, personal data is securely deleted or anonymised in accordance with internal retention schedules.
10. Data Security
TechMagic implements appropriate technical and organisational measures in accordance with Article 32 GDPR, including:
• role‑based access controls
• encryption in transit and at rest
• logging and monitoring
• secure cloud infrastructure
• confidentiality agreements
• incident response procedures
• periodic security assessments.
11. Data Subject Rights
Candidates have the right to:
• access their personal data
• request rectification
• request erasure
• request restriction of processing
• object to processing based on legitimate interests
• request data portability where applicable
• withdraw consent
• lodge a complaint with a competent supervisory authority.
12. Data Breach Management
In case of a personal data breach affecting Candidate data, TechMagic:
• assesses risks without undue delay
• notifies supervisory authorities where required within 72 hours
• informs affected individuals where there is high risk to their rights and freedoms.
13. Non‑Discrimination Principle
Candidate data shall not be used for discriminatory decisions based on race, gender, religion, political views, sexual orientation, disability or any other protected characteristic.
14. Miscellaneous
Submission of an application does not create any obligation for TechMagic to enter into employment or contractual relationships.
This Policy shall be read together with the TechMagic Personal Data Processing Policy (PDPP), to the extent relevant and applicable to the recruitment-related processing activities described herein. In case of inconsistency, PDPP prevails.
Questions or concerns & contact details
If you have any questions or concerns regarding privacy at TechMagic, please contact us at: viktoria.kliushta@techmagic.co
