Instructions for Background Checks

This instruction constitutes the Customer’s instruction to Talentwise pursuant to Article 28 of the GDPR. It applies exclusively to the processing of personal data that Talentwise performs as a processor (data processor) within the Refapp Background Check service.

Schedule 2.1c to DPA: INSTRUCTIONS - BACKGROUND CHECKS SERVICE

This schedule constitutes the Customer’s instructions to Talentwise pursuant to Article 28 of the GDPR and applies only to the processing of personal data carried out by Talentwise in its role as data processor within the scope of the Background Checks service.

Talentwise also processes certain personal data as an independent data controller in connection with the Service. Such processing is not governed by this DPA and is explicitly delineated in these instructions.

Heading Content
Purpose To enable digital verification of information provided by the Candidate in connection with a recruitment process, including identity information, education, employment history, licences, and other relevant qualifications.
Processing activities where Talentwise acts as Data Processor Talentwise may only carry out the following processing activities in its role as data processor:

Administrative and recruitment-related purposes

  • Receive and store order data from the Customer (including identity and contact details of the Candidate),
  • Administer user accounts, access rights, and system settings,
  • Provide and operate the Candidate Portal,
  • Manage information and documents uploaded by the Candidate or made available by the Customer, which constitute Verification Data in accordance with Section 3 of the Service Agreement.

Process management

  • Initiate verifications in accordance with the Customer’s selections and settings in the Service,
  • Make available status information (e.g. “in progress”, “awaiting candidate”, “completed”),
  • Communicate with the Candidate regarding the upload of documentation and other steps in the verification process.

Support, operations, and security

  • Maintain logs for security, operations, and troubleshooting,
  • Provide support in matters relating to ordering and process flow,
  • Delete personal data in accordance with the Service Agreement and this DPA.
Processing activities where Talentwise acts as Independent Data Controller (not covered by the DPA) Talentwise acts as an independent data controller for the following processing activities within the Refapp Background Check service:
  • Collection, verification, and validation of information relating to the Candidate from the Candidate or third parties,
  • Analysis and assessment of verification data,
  • Compilation of verification results into a report format.
Processing under this section constitutes independent controller processing and is not subject to this DPA nor carried out based on the Customer’s instructions.
Categories of personal data Candidates
  • Name
  • Contact details (address, email address, phone number)
  • Date of birth / national identification number (where relevant and permitted)
  • Information contained in documents uploaded by the Candidate or the Customer
  • Verification data (e.g. education, licences, employment confirmations, identity documents, etc.)
  • Administrative information and status-related metadata

Customer’s users (e.g. recruiters)
  • Name
  • Company and job title
  • Contact details (phone number, email address)
  • Profile image
  • LinkedIn URL
  • User and access data
  • Login and activity logs
Categories of data subjects
  • Candidates in the Customer’s recruitment processes
  • Users at the Customer (administrators, recruiters, etc.)
Retention period
  • Personal data is retained for twenty-four (24) months, unless otherwise specified in the Background Checks Service Agreement.
  • Logs, technical data, and backups are retained in accordance with Talentwise’s ordinary retention routines.
Limitations Processing carried out by Talentwise as an independent data controller within the scope of the Service is not covered by these instructions and is not governed by the DPA.

Version history

Version Date Change / Comment
2025.02 2025-12-01 Revised to align with Refapp’s new services and to relocate customer-specific terms to the Main Agreement.