Live product reveal: A first look at TheyDo Agent
Candidate privacy policy
Introduction
This Candidate Privacy Policy outlines how we, TheyDo BV, collect, use, and protect your personal data throughout the candidate journey. This policy also describes the rights that Candidates may have in relation to the personal data that we process about them.
As used in this policy, ‘personal data’ means any information that relates to, identifies, or reasonably could be used to identify an individual, directly or indirectly. Our data processing practices may be more restricted in certain jurisdictions due to local legal requirements. In such cases, we modify our internal practices to comply with the applicable local laws.
For personal data collected under this policy, the controller will be TheyDo BV.
Definitions
What is Personal Data? Personal data refers to any information that directly or indirectly identifies an individual. Examples include:
Name
Contact number
Personal email address
Home address
Date of birth
Employment history
Education details
What is Sensitive Personal Data? Sensitive personal data is a subset of personal data that is more sensitive in nature, such as:
Racial or ethnic origin
Gender Identity
Sexual orientation
Health information
Medical information
Disability
Nationality
At TheyDo, we are committed to fostering a diverse, inclusive, and equitable workplace. We strictly adhere to a policy of non-discrimination on any grounds, including but not limited to those listed under sensitive personal data above.
We value the unique perspectives and backgrounds of all individuals and strive to create an environment where everyone feels respected and empowered. Sensitive personal data is collected solely with your consent if shared with us directly, to ensure that we can provide appropriate accommodations during the recruitment process. For example disability information, to be able to facilitate necessary adjustments and/or to provide a comfortable interview setting.
We handle all personal data with the utmost care and confidentiality, using it only for the intended purposes and in compliance with applicable laws and regulations. We always aim to create an inclusive hiring process that respects and supports every candidate's individual needs. We believe that diversity drives innovation and strengthens our organisation, and we are dedicated to ensuring that our recruitment practices reflect these values.
Data Collection
What Personal Data Do We Collect? We collect various types of personal data about you. This could be by directly inputting the information from your side on our TheyDo website application, Applicant Tracking System (ATS) Ashby, via the resume documentation you provide, LinkedIn or any other social links you provide, including:
Name
Contact information (phone number, email address)
Home address (Optional)
Date of birth
Employment history
Education information
Professional certifications
Interview notes
References
How is Data Collected? We collect personal data:
Directly from you (applications, interviews, communications)
From our ATS (Ashby)
From third parties (e.g., referrals, references, public profiles such as LinkedIn)
Through the use of AI/ML technologies that may assist in processing your application (see section on Artificial Intelligence below).
Artificial Intelligence (AI)
TheyDo may use Artificial Intelligence (AI) and Machine Learning (ML) technologies to assist in the initial assessment of employment applications. These tools help evaluate applications against job-relevant qualifications and support efficiency in our recruitment process.
Data Analyzed: Our AI tools may analyze resume content, work experience, educational background, skills mentioned, and responses to application questions. We do not analyse protected characteristics such as race, gender, age, or other legally protected attributes.
Decision-Making Process: AI tools assist our recruitment team by identifying potentially relevant candidates and highlighting qualifications. All hiring decisions are made by human recruiters and hiring managers. AI tools do not make final employment decisions.
Fairness & Compliance: We monitor our AI/ML systems to reduce bias, ensure equal treatment, and comply with applicable laws.
Candidate Choice: If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form. Opting out will not negatively impact your application, which will be reviewed manually by our team.
Notice for New York City Residents: When applying for jobs through the TheyDo career site, AI/ML technologies may be used in connection with your application. You have the right to take at least 10 business days to decide whether to proceed. By continuing, you confirm your understanding of this notice.
Use of Candidate Personal Data
We may process your personal data for the following purposes:
Processing Purpose | Lawful Basis | Details |
|---|---|---|
Application evaluation | Legitimate interests | To assess your qualifications, experience, and suitability for the role. Our legitimate interest is identifying suitable candidates for employment. |
Interview Scheduling and Communication | Legitimate interests | To coordinate interviews, provide updates on your application status, and communicate throughout the recruitment process. |
Conducting Interviews and Assessments | Legitimate interests | To evaluate your skills, competencies, and cultural fit through interviews, skills tests, or other assessment methods as part of our hiring process. |
AI/ML Application Screening (where applicable) | Legitimate interests | To assist in initial screening of applications for efficiency. Human oversight ensures all final decisions are made by our recruitment team. You may opt out of AI screening at any time. |
Employee Referral Processing | Legitimate interests | When a TheyDo employee refers you for a position, we process your contact information to reach out about potential opportunities. You may decline further contact at any time. |
Reference Checks | Consent | We will only contact your references after obtaining your explicit consent and the specific contact details you provide. |
Background Verification (where legally required) | Legal obligation | For certain roles, we may be legally required to conduct background checks as mandated by applicable employment laws or industry regulations. |
Diversity and Inclusion Monitoring | Consent | If you voluntarily provide demographic information for diversity monitoring purposes, we process this data only with your explicit consent. This data is anonymized and used for statistical purposes only. |
Maintaining Candidate Records | Legitimate interests | To keep records of our recruitment process for potential future opportunities, legal compliance, and process improvement. Data is retained according to our retention policy. |
Legal Compliance and Defense | Legal obligation / Legitimate interests | To comply with employment law requirements, respond to legal requests, or defend against legal claims related to our hiring process. |
Disclosure of Personal Information
We may share your personal information with third parties only as necessary for our recruitment process and in accordance with GDPR and applicable laws:
Service Providers and Vendors:
Applicant tracking system providers (for application management)
Background check companies (with your explicit consent)
Skills assessment platforms (for technical evaluations)
Video interviewing platforms (for remote interviews)
IT service providers (for data hosting and security)
Government Authorities:
Regulatory bodies when legally required (e.g., employment law compliance)
Law enforcement agencies pursuant to valid legal requests
Tax authorities for employment verification purposes
Other Disclosures:
With your explicit written consent for specific purposes
In connection with business transactions (mergers, acquisitions) with appropriate safeguards
To legal advisors for employment law compliance and dispute resolution
All third parties are contractually bound to protect your personal information and use it only for the specified purposes.
Security of Personal Information
TheyDo B.V. implements comprehensive security measures to protect your personal information:
Technical Safeguards:
Data encryption in transit and at rest
Multi-factor authentication for system access
Regular security vulnerability assessments
Secure data centers with 24/7 monitoring
Organizational Measures:
Access controls limiting data access to authorized personnel only
Regular data protection training for all staff handling candidate information
Data processing agreements with all third-party providers
Incident response procedures for potential data breaches
Ongoing Protection:
Regular review and updating of security measures
Compliance monitoring and audit procedures
Secure data disposal methods for expired information
Retention of Personal Information
Candidates Not Hired Personal data of candidates who are not hired will be deleted following (1) one year or retained for a maximum of (2) two years with your consent, as per application form for future opportunities.
Hired Candidates Once hired, your personal data will be transferred to your employee record and will be retained in accordance with our People Privacy Policy.
Automatic Deletion
All candidate data is automatically deleted at the end of the applicable retention period unless legal requirements mandate longer retention.
Rights of Candidates
You have the following rights regarding your personal data:
Access Your Data: You can request to see the personal information that we hold about you, including the purpose of processing and the recipients of the data.
Rectify Your Data: If you believe that any personal information we hold about you is incorrect or incomplete, you can request that we correct or update it.
Erase Your Data: You can request the deletion of your personal information under certain conditions, such as if the data is no longer necessary for the purposes for which it was collected.
Withdraw Consent: If you have given consent for the processing of your personal data, you have the right to withdraw your consent at any time.
Opt Out of AI Screening: Request that your application not be processed using AI/ML tools. If you opt out, your application will be reviewed manually without prejudice.
How to Make a Request
To exercise any of these rights, please contact us at privacy@theydo.com. When making a request, please:
Provide sufficient information to verify your identity: Include your full name and any other relevant details that will help us identify you in our records. For example, include details such as the position you applied for and the date of your application.
Provide details of your request: Specify the exact data you wish to access, rectify, or erase, or any other details relevant to your request.
This will help us process your request efficiently.
We will respond to your request within 30 days. If we need more time to process your request, we will inform you and explain the reason for the delay.
Updates to this Policy
We may update this Candidate Privacy Policy to reflect changes in our practices or legal requirements. Any updates will be communicated to all candidates and reflected in this policy page.
Contact Information
If you have any questions or concerns about this Candidate Privacy Policy or our data protection practices, please reach out to privacy@theydo.com.
Additional Information
For more details about our general data protection practices, please refer to our Privacy Policy available on our TheyDo website.