GDPR Compliance

    Your rights under the General Data Protection Regulation

    Your Data Subject Rights

    Under GDPR, you have the right to: access your personal data, rectify inaccurate data, erase your data ('right to be forgotten'), restrict processing, data portability, and object to processing. To exercise any of these rights, contact contact@talentspotify.com.

    Data Protection Officer

    Our DPO can be reached at contact@talentspotify.com. We respond to all data subject requests within 30 days as required by GDPR.

    Data Retention

    Active account data: retained for the duration of the subscription. Performance review recordings: 24 months after analysis. Account data after termination: deleted within 30 days. Anonymised analytics: retained indefinitely.

    Sub-Processors

    We use the following sub-processors: AWS (infrastructure, Mumbai region), Google Cloud (AI/ML processing), SendGrid (email delivery), Stripe (payment processing). All sub-processors are GDPR-compliant with appropriate data processing agreements in place.

    International Data Transfers

    Data is primarily stored in AWS Mumbai. For users in the EEA, data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

    Breach Notification

    In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.