Data Retention Policy
1. Purpose
This policy defines how Talenteria retains and deletes personal data to ensure compliance with applicable data protection laws, including GDPR, and to support the principles of data minimization, storage limitation, and confidentiality.
2. Scope
This policy applies to all personal data processed by Talenteria on behalf of its customers, including candidate, employee, recruiter, and user data processed through the Talenteria platform and its integrations.
3. Retention Principles
Talenteria adheres to the following principles:
- Personal data is retained only for as long as necessary to fulfill the purposes defined by the customer.
- Retention periods are customer-configurable where applicable.
- Data is not retained for Talenteria own purposes beyond service delivery, legal, or security requirements.
- Data is deleted or anonymized once it is no longer required.
4. Retention Periods (Indicative)
Retention periods may vary by customer configuration, contractual obligations, and legal requirements. The following table provides indicative examples.
| Data Category | Retention |
|---|---|
| Candidate profiles, resumes, applications | As configured by the customer; deleted upon customer request or contract termination. |
| AI interview recordings and transcripts | As configured by the customer; deletion available immediately or after the defined retention period. |
| Recruiter and user account data | Retained for the duration of the customer account. |
| System logs and audit trails | Retained for security and compliance purposes for a limited period. |
| Backup data | Retained according to standard backup cycles and securely deleted on rotation. |
5. Customer Control
- Customers act as Data Controllers and define retention requirements.
- Customers can delete individual candidates or records, configure retention rules, and request bulk deletion or full account deletion.
- Talenteria executes deletion requests without undue delay.
6. Deletion Upon Contract Termination
- Upon termination or expiration of the agreement, personal data is deleted or returned to the customer upon request.
- Deletion is completed within a commercially reasonable timeframe.
- Residual data in backups is deleted through standard backup rotation procedures.
- Talenteria may retain limited data only where required by law.
7. Sub-Processor Retention
- Sub-processors process data only for the duration required to provide their services.
- OpenAI processes data transiently with zero data retention and does not store or train on customer data (where configured).
8. Security of Deleted Data
- Secure deletion methods are used to prevent recovery.
- Access to deletion functions is restricted to authorized personnel.
9. Data Subject Requests
Talenteria supports customers in responding to data subject requests, including the right to erasure, restriction of processing, and access/portability. Talenteria acts on such requests strictly under customer instructions.
10. Review & Updates
- This policy is reviewed annually or upon material changes.
- Updates are communicated to customers where required.