Instructions for Background Checks

This instruction constitutes the Customer’s instruction to Talentwise pursuant to Article 28 of the GDPR. It applies exclusively to the processing of personal data that Talentwise performs as a processor (data processor) within the Refapp Background Check service.

Schedule 2.1c to DPA: INSTRUCTIONS - BACKGROUND CHECKS SERVICE

This schedule constitutes the Customer’s instructions to Talentwise pursuant to Article 28 of the GDPR and applies only to the processing of personal data carried out by Talentwise in its role as data processor within the scope of the Background Checks service.

Talentwise also processes certain personal data as an independent data controller in connection with the Service. Such processing is not governed by this DPA and is explicitly delineated in these instructions.

Heading Content
Purpose Enable the execution of background checks in connection with the Customer’s recruitment processes, including the administration of orders, process management, and the performance of checks according to the Customer’s instructions through the Refapp Background Check service.
Processing activities where Talentwise acts as Data Processor Talentwise may only carry out the following processing activities in its role as data processor:

Administrative and recruitment-related purposes

  • Receive and store order data from the Customer (including identity and
    contact details of the Candidate),
  • Administer user accounts, access rights, and system settings,
  • Provide and operate the Candidate Portal,
  • Manage information and documents uploaded by the Candidate or made available by the Customer, which do not constitute Verification Data in accordance with Section 3 of the Service Agreement.

Process management

  • Initiate verifications in accordance with the Customer’s selections and settings in the Service,
  • Make available status information (e.g. “in progress”, “awaiting candidate”, “completed”),
  • Communicate with the Candidate regarding the upload of documentation and other steps in the verification process.

Checks carried out based on the Customer’s instructions
Talentwise may, based on the Customer’s instructions, initiate and carry out certain checks in the Service where the Customer acts as data controller. This may include:

  • Ordering credit checks from third-party credit information agencies,
  • Searches in public sanctions or PEP lists,
  • Verification of employment history via contact persons provided by the Candidate,
  • Other checks set out in the Service Agreement and Schedule A – Available Checks, where Talentwise acts as data processor.

Support, operations, and security

  • Maintain logs for security, operations, and troubleshooting,
  • Provide support in matters relating to ordering and process flow,
  • Delete personal data in accordance with the Service Agreement and this DPA.
Processing activities where Talentwise acts as Independent Data Controller (not covered by the DPA)

Talentwise acts as an independent data controller for the following processing activities within the Refapp Background Check service:

  • Collection, verification, and validation of information from the Candidate or third parties
  • Analysis and assessment of verification data
  • Compilation of results in report form
  • Selection of methods, sources, or verification processes where Talentwise provides verification services

Processing under this section constitutes independent controller processing and is not subject to this DPA nor carried out based on the Customer’s instructions.
Categories of personal data Candidates
  • Name
  • Contact details (address, email address, phone number)
  • Date of birth / national identification number (where relevant and permitted)
  • Information contained in documents uploaded by the Candidate or the Customer
  • Verification data (e.g. education, licences, employment confirmations, identity documents, etc.)
  • Administrative information and status-related metadata

Customer’s users (e.g. recruiters)
  • Name
  • Company and job title
  • Contact details (phone number, email address)
  • Profile image
  • LinkedIn URL
  • User and access data
  • Login and activity logs
Categories of data subjects
  • Candidates in the Customer’s recruitment processes
  • Users at the Customer (administrators, recruiters, etc.)
Retention period
  • Personal data is retained for twenty-four (24) months, unless otherwise specified in the Background Checks Service Agreement.
  • Logs, technical data, and backups are retained in accordance with Talentwise’s ordinary retention routines.
Limitations Processing carried out by Talentwise as an independent data controller within the scope of the Service is not covered by these instructions and is not governed by the DPA.

 

Version history & Archive

Version Date Change / Comment
 2026.02 2026-03-23 Added the processing activity that Talentwise may conduct checks as Processor based on the Customer’s instructions.
2025.02 2025-12-01

Revised to align with Refapp’s new services and to relocate customer-specific terms to the Main Agreement.
See previous version here: Schedule 2.1c-DPA_Background_Checks_v2025.02