Login
Rectru · Legal

Data Processing Addendum

This Data Processing Addendum forms part of the agreement between Rectru and customers who use Rectru to process personal data on behalf of third parties.

Effective date: 13th March 2026
Primary language: English
Operator: Rectru
This Data Processing Addendum is incorporated into Rectru's Terms and Conditions where applicable to customer use of the service.

1. Scope

This Data Processing Addendum applies where Rectru processes personal data on behalf of a customer in connection with the provision of the services.

2. Roles

The customer acts as the data controller for customer recruitment data processed through Rectru on the customer's behalf. Rectru acts as the data processor for that data, except where Rectru acts as a controller for its own business operations.

3. Nature and purpose of processing

Processing may include account administration, candidate communication, interview workflows, recordings, text processing, AI-assisted evaluations, storage, support, maintenance, and security-related operations necessary to provide the Rectru service.

4. Categories of data subjects

  • candidates;
  • customer personnel and authorised users;
  • customer contacts;
  • other individuals whose data is submitted to Rectru by or on behalf of the customer.

5. Categories of personal data

  • identity and contact information;
  • candidate applications, CVs, and interview materials;
  • recordings, transcripts, and evaluation outputs;
  • usage, device, technical, and security data;
  • other personal data submitted to the services by or on behalf of the customer.

6. Customer instructions

Rectru will process personal data only on documented instructions from the customer, unless otherwise required by applicable law.

7. AI-assisted features and human review

Rectru provides AI-assisted features intended to support, not replace, human decision-making. Customers remain responsible for ensuring meaningful human review and for avoiding unlawful solely automated decisions where prohibited by law.

8. Confidentiality and security

Rectru will ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations and will implement reasonable technical and organisational measures designed to protect personal data.

9. Subprocessors

Customers authorise Rectru to engage subprocessors that support hosting, storage, communications, support, and related service functions, provided those subprocessors are bound by appropriate data protection obligations.

10. International transfers

Where personal data subject to GDPR or similar laws is transferred internationally, Rectru will use appropriate safeguards such as Standard Contractual Clauses or equivalent lawful mechanisms where required.

11. Assistance

Taking into account the nature of the processing and information available, Rectru will provide reasonable assistance to the customer with data subject requests, security obligations, DPIAs, and deletion or return obligations related to the services.

12. Retention, deletion, and return

Rectru applies a default retention approach of up to 30 days for certain data stored in Rectru-managed services and containers, unless a different period is configured, contractually agreed, or required by law.

Upon termination or expiry of the services, and subject to applicable legal, backup, security, dispute, or preservation requirements, Rectru will delete or return personal data in accordance with the applicable agreement and law.

13. Contact

For DPA-related questions, please contact info@rectru.com.

Privacy Policy GDPR Terms and Conditions Back to home