Compliance & Certifications

The General Data Protection Regulation (GDPR) is the European Union's global standard for data privacy and protection. It governs how organizations collect, process, store, and share personal data to ensure individuals retain control over their information.

At Talentpool, we design every workflow with privacy by design and by default. We ensure complete adherence to GDPR compliance requirements with the following measures:

• Lawful Basis: Talentpool processes personal data strictly for recruitment purposes under contractual and legitimate interest grounds (general best practice).
• Data Subject Rights: Processes are in place for access, rectification, deletion, and portability requests.
• Data Minimization: Only necessary candidate data is collected and retained as long as required by clients.
• Data Centres and Backups: Talentpool hosts customer data in geography specific data centers, giving clients the flexibility to host data in their preferred region for GDPR compliance. The infrastructure is designed with redundancy, if one location is unavailable, backups from another can take over seamlessly. Two parallel backups are maintained in different geographies to ensure high availability and business continuity.
• Subprocessors and Vendor Management: Talentpool does not engage directly with vendors. If subprocessors are required (e.g., for assessment service providers or HRMS integrations), they are introduced only with customer knowledge and approval. Customers receive complete visibility into each vendor's terms and conditions, and all subprocessors operate under strict Data Processing Agreements (DPAs) that include confidentiality and compliance clauses. No integrations are performed without explicit customer consent.
• Responsible AI and Data Privacy: Candidate Personally Identifiable Information (PII) is never exposed to AI models. All AI-driven features within Talentpool operate on anonymized data, ensuring there is no profiling or bias. Our AI integrations are designed to eliminate biased language, and clients receive transparent reports at every stage, from sourcing to onboarding, so they can validate compliance within their own policies.
• Breach Notification: In the event of a breach, we follow a defined escalation and notification process. Security incidents are logged, assessed, and remediated promptly, with clients informed of any material impact. Oversight of GDPR compliance is managed within the Information Security and Compliance functions.
• Ongoing Compliance: Our team is continuously trained on GDPR principles, ensuring that compliance practices remain up-to-date and consistently applied across all operations.

While Talentpool ensures robust data protection, customers also share responsibility for safeguarding their data within their own environments. Adhering to security best practices and access controls ensures end-to-end protection of candidate and employee information.

Talentpool has achieved SOC 2 Type II compliance, audited independently. They found no deviations across the Trust Service Criteria of Security, Availability, and Confidentiality. This certification covers our technology, infrastructure, processes, and people, and provides independent verification that our controls are operating effectively over a full audit period.

• Security: Talentpool enforces strict access controls, encryption at rest and in transit, multi-factor authentication, continuous monitoring, and incident response protocols to safeguard sensitive recruitment and candidate data.
• Availability: With distributed data centres in Mumbai, Singapore, and Dubai, customers can choose regional hosting to meet compliance needs. Our infrastructure includes built-in redundancy, two global backups, disaster recovery plans, and SLAs that ensure consistent uptime.
• Confidentiality: Role-based access controls, anonymization in AI models, and secure integrations ensure customer and candidate data is protected. Subprocessors, if engaged, are only introduced with full client knowledge and contractual agreements, providing complete transparency.

ISO 27001 is an internationally recognized framework for managing information security. It defines how organizations establish, operate, monitor, and improve their Information Security Management System (ISMS). Our information security management practices, such as risk assessment, awareness training, and continuous improvement, align with ISO 27001:2013 requirements.