Dashboard

Records of Processing Activities

GDPR Article 30  ·  Last updated: June 2026

This document describes the categories of personal data processing performed by TalentX as both a data processor (on behalf of your organisation) and as a data controller (for platform operations).
A1 Employee profile management
PurposeStore and display employee professional profiles within the organisation's workspace
Legal basisContract — employment relationship (Art. 6(1)(b))
Data categoriesName, email, job title, department, biography, manager
RecipientsAdministrators, managers, recruiters within the same tenant
RetentionDuration of employment + 30 days
Int'l transfersNone outside EU/EEA
A2 Skills catalog and proficiency tracking
PurposeRecord employee skills, proficiency levels, and experience for internal talent matching
Legal basisLegitimate interest — internal workforce planning (Art. 6(1)(f))
Data categoriesSkill names, proficiency scores (1–5), years of experience
RecipientsManagers and administrators within the same tenant
RetentionDuration of employment; deleted on anonymization request
Int'l transfersNone outside EU/EEA
A3 Talent marketplace and change signals
PurposeAllow employees to signal readiness for internal moves and be matched to open positions
Legal basisConsent (Art. 6(1)(a)) — employee initiates the signal voluntarily
Data categoriesChange reason, urgency, preferred areas, availability date
RecipientsManagers, recruiters, administrators within the same tenant
RetentionUntil signal is cancelled or employee account is anonymized
Int'l transfersNone outside EU/EEA
A4 Algorithmic fit scoring
PurposeCalculate match scores between employee skills and open position requirements to assist hiring managers
Legal basisLegitimate interest (Art. 6(1)(f)) — no fully automated decision; human review required
Data categoriesSkill proficiency data, position skill requirements
RecipientsHiring managers and administrators within the same tenant
RetentionScores are computed on-demand and not stored separately
Int'l transfersNone outside EU/EEA
A5 Position applications
PurposeTrack employee applications to internal open positions
Legal basisContract — internal recruitment process (Art. 6(1)(b))
Data categoriesEmployee identity, fit score, application status, timestamps
RecipientsHiring managers, administrators within the same tenant
RetentionDuration of position lifecycle; deleted on anonymization request
Int'l transfersNone outside EU/EEA
A6 Audit logging
PurposeRecord system actions for security, compliance, and accountability
Legal basisLegal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f))
Data categoriesUser ID, action type, entity affected, timestamps, details JSON
RecipientsAdministrators within the same tenant; platform administrators (TalentX)
RetentionConfigurable per tenant (default 365 days); scrubbed on anonymization
Int'l transfersNone outside EU/EEA
A7 Account authentication
PurposeAuthenticate users via password or Azure AD SSO
Legal basisContract (Art. 6(1)(b))
Data categoriesEmail, password hash (bcrypt), Azure AD OID (SSO tenants only), session tokens
RecipientsNot shared
RetentionPassword hash deleted on anonymization; session expires on logout
Int'l transfersAzure AD OAuth flows subject to Microsoft's EU data boundary
A8 Billing and subscription management
PurposeProcess subscription payments and enforce plan limits
Legal basisContract (Art. 6(1)(b))
Data categoriesOrganisation owner email, Stripe customer/subscription IDs
RecipientsStripe Inc. (processor) — covered by SCCs
RetentionDuration of subscription + 7 years (financial records)
Int'l transfersStripe EU entity; SCCs in place
A9 Transactional email notifications
PurposeSend system notifications (signal alerts, GDPR confirmations, breach notifications)
Legal basisLegitimate interest (Art. 6(1)(f)) — operational necessity
Data categoriesName, email address
RecipientsNot shared with third parties; sent via configured SMTP relay
RetentionNot stored by TalentX after sending
Int'l transfersDepends on tenant's configured MAIL_SERVER