Privacy Policy
MaxEra Talent ("we," "our," or "us") provides staffing and recruitment services globally. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with GDPR, India's DPDP Act, and applicable US privacy laws.
This policy applies to candidates, clients, and individuals whose data we may encounter in the course of providing our recruitment services.
1. Information We Collect
a. Candidate Data
- Full name, email address, phone number
- Resume/CV, employment history, educational background
- Skills, certifications, professional qualifications
- Work authorization status and location preferences
- Interview notes and assessment records
b. Client Data
- Name, company name, email address, phone number
- Hiring requirements, role specifications, and business communications
c. Sourced / Publicly Available Data
We may collect publicly available professional data from:
- LinkedIn and professional networking platforms
- Job boards and career websites
- Company websites and public directories
- Professional databases and sourcing platforms (e.g., Apollo)
When we collect data from public sources and contact individuals, we will inform them of the source of their data and our purposes at or before first contact, in accordance with GDPR Article 14 requirements.
2. Legal Basis for Processing
EU / EEA (GDPR) — Legal Bases
For individuals in the EU/EEA, we process personal data under the following legal bases:
- Consent — for candidate submissions, opt-ins, and newsletter communications
- Legitimate Interests — for recruitment outreach, sourcing, and business development, where our interests are not overridden by your rights
- Contractual Necessity — for fulfilling obligations under client and candidate agreements
- Legal Obligations — where required by applicable law
India (DPDP Act 2023 / DPDP Rules 2025) — Legal Bases
For individuals in India, we process personal data under the following legal bases as defined in the DPDP Act. Please note that the DPDP Act does not recognise 'legitimate interests' or 'contractual necessity' as standalone grounds for processing:
- Consent — the primary basis; freely given, specific, informed, and unambiguous consent obtained from the data principal before processing
- Certain Legitimate Uses (Section 7) — including processing necessary for employment-related purposes, fulfilment of legal or judicial obligations, and other specified legitimate uses defined under the Act
Note: Data principals in India may withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing before withdrawal. Where consent is withdrawn, we will cease processing unless a legitimate use under Section 7 applies.
United States — Legal Bases
For individuals in the US, we process personal data based on:
- Consent — where explicitly provided
- Legitimate business purposes — for recruitment and staffing activities
- Contractual necessity — to fulfil service agreements
3. How We Use Your Information
We use personal data for the following purposes:
- Matching candidates with relevant job opportunities
- Sharing candidate profiles with potential employers (with appropriate notice)
- Conducting outreach for hiring or business development
- Communicating updates, opportunities, and service information
- Improving internal processes and conducting analytics
- Complying with legal and regulatory obligations
- Detecting, investigating, and reporting data breaches as required by law
5. International Data Transfers
MaxEra Talent operates globally and personal data may be transferred between the United States, India, and the European Union.
For transfers from the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other appropriate safeguards as required by GDPR Chapter V
For transfers from India, we comply with any applicable cross-border data transfer restrictions under the DPDP Act and DPDP Rules 2025, including requirements regarding countries approved for transfer by the Government of India.
We implement appropriate technical and organisational security measures for all international data transfers.
6. Data Retention
We retain personal data for the following periods:
- Active recruitment and future opportunities: typically 2 to 5 years from the date of last interaction
- Minimum 1 year: retained for breach detection, investigation, and regulatory compliance purposes, as required under DPDP Rules 2025
- Longer periods: where required by applicable law or legal proceedings
Upon withdrawal of consent or a valid deletion request, we will erase or anonymise your personal data unless we are required to retain it by law or for the resolution of disputes.
7. Your Rights
EU / EEA (GDPR Rights)
- Right to access your personal data
- Right to correct inaccurate or incomplete data
- Right to erasure ("Right to be Forgotten")
- Right to restrict or object to processing
- Right to data portability
- Right to withdraw consent at any time
- Right to lodge a complaint with your national supervisory authority
India (DPDP Act 2023 Rights)
- Right to access information about your personal data
- Right to correct, update, or complete your personal data
- Right to withdraw consent at any time
- Right to erasure of personal data upon withdrawal of consent (subject to legal obligations)
- Right to grievance redressal — you may submit a complaint to our Grievance Officer or to the Data Protection Board of India
- Right to nominate a representative — you may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity
United States (CCPA-Style Rights Where Applicable)
- Right to know what personal data is collected and how it is used
- Right to request deletion of personal data
- Right to opt-out of the sale of personal data (we do not sell data)
- Right to non-discrimination for exercising your rights
How to Exercise Your Rights
To exercise any of the rights listed above, please contact our Data Protection / Grievance Officer:
Email: MEvans@maxeratalent.com
Website: www.maxeratalent.com
We will respond to all verified requests within 30 days (GDPR) or a reasonable period as required under applicable law. For India data principals, we will respond within the timeframes set out under DPDP Rules 2025.
8. Data Breach Notification
In the event of a personal data breach, MaxEra Talent will:
- Notify the relevant supervisory authority (e.g., the Data Protection Board of India, or the applicable EU supervisory authority) without undue delay — and within 72 hours where feasible under GDPR — upon becoming aware of a breach
- Notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms
- Maintain records of all data breaches, including those not reported to authorities, as required by law
Under India's DPDP Act and DPDP Rules 2025, all personal data breaches must be reported to the Data Protection Board of India, regardless of their severity or damage caused.
9. Email Outreach & Communication Compliance
We may contact individuals regarding job opportunities or business services based on:
- Consent — where explicitly provided
- Legitimate interests (EU/EEA) or certain legitimate uses (India) — for B2B outreach using publicly available professional information
All outreach communications include:
- Clear identification of MaxEra Talent as the sender
- A clear business purpose for the communication
- An easy and immediate option to opt-out or unsubscribe
We honour all opt-out requests promptly and maintain suppression lists to prevent further contact. All email communications comply with applicable laws including GDPR, CAN-SPAM Act, and India's DPDP Act.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:
- Access controls and role-based access management with regular reviews
- Encryption, obfuscation, and masking of personal data where appropriate
- Secure storage systems and data backups
- Regular security audits and assessments
- Contractual provisions with data processors to safeguard personal data
However, no information system is completely secure. If you have reason to believe your data has been compromised, please contact us immediately at MEvans@maxeratalent.com.
12. Third-Party Tools
We use the following categories of third-party tools, each bound by data processing agreements:
- Applicant Tracking Systems (ATS) and CRM platforms
- Email outreach and communication tools (e.g., Apollo)
- Analytics and website performance tools
These providers process personal data solely on our instructions and under contractual obligations consistent with applicable data protection laws.
13. Multilingual Access
In compliance with India's DPDP Act, we are committed to making privacy information accessible. Key privacy notices and consent requests are available, or can be provided upon request, in English and in any of the 22 scheduled languages of the Indian Constitution where applicable.
To request a translated version, please contact us at MEvans@maxeratalent.com.
14. Data Protection Officer & Grievance Officer
MaxEra Talent has designated a responsible contact to handle data privacy queries, rights requests, and grievances across all jurisdictions.
Mark Evans
Email: MEvans@maxeratalent.com
Website: www.maxeratalent.com
India data principals may also submit complaints directly to the Data Protection Board of India if they are not satisfied with our response to a grievance.
15. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in law, our practices, or our services. Updated policies will be posted on our website with a revised effective date. Where required by law, we will provide direct notice of material changes.
16. Contact Information
MaxEra Talent
Email: MEvans@maxeratalent.com
Website: www.maxeratalent.com
Your Data is Secure
For any queries regarding our privacy practices or to request data deletion, please reach out to our compliance team.
Contact Compliance