Privacy Policy — Hire Decoded

Plain English summary: Hire Decoded processes very little personal data directly. When you engage our screening service, candidate CVs are reviewed within your own ATS or hiring system — we do not download or store candidate data. We collect your business contact details to manage the engagement, and we process your payment via Stripe. We do not sell your data or share it with third parties for marketing purposes.

Contents

Who we are
What personal data we collect
Candidate data and our role
How we use your data
Legal basis for processing
Third parties and data processors
How long we keep your data
Your rights under GDPR
Cookies
International transfers
Contact us
How to make a complaint
Changes to this policy

1. Who we are

Hire Decoded is a recruitment screening and hiring intelligence service operated as a sole trader in Ireland. We provide human CV screening, structured shortlisting, and hiring support services to businesses via our website at hiredecoded.com.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018, we act as the data controller in respect of personal data we collect from clients and website visitors, and as a data processor in respect of candidate data we access on behalf of client organisations in the course of delivering our screening service.

Contact: hello@hiredecoded.com

We maintain internal Records of Processing Activities (RoPAs) as required under GDPR Article 30, available to the Data Protection Commission on request.

2. What personal data we collect

2.1 Client contact data

When you engage our services, we collect your name, business email address, company name, and any other contact information you provide via our intake form or direct correspondence. This data is used solely to manage your engagement and deliver the contracted service.

2.2 Payment data

All payments are processed by Stripe. We do not receive, see, or store your payment card details at any point. Stripe processes payment data on our behalf under their own privacy policy at stripe.com/ie/privacy.

2.3 Intake form data

Our client intake forms (hosted on Tally) collect information about the role you are hiring for, your hiring criteria, and access instructions for your applicant pool. This data is used solely to complete the screening engagement.

2.4 Website analytics

Our website may collect anonymised usage data via our hosting platform. This data does not identify you personally and is used only to understand how visitors use the site.

2.5 General correspondence

If you contact us by email, we hold that correspondence for as long as necessary to respond to and resolve your query.

3. Candidate data and our role

A central feature of our service model is that we do not download, copy, or store candidate CVs or personal data. Screening is conducted by accessing candidate applications within your own ATS or hiring system, using access credentials you provide for that purpose.

In this context:

You (the client) are the data controller for your candidates' personal data. You collected it, you determine the purpose for which it is processed, and you are responsible for your candidates' data protection rights.
Hire Decoded acts as a data processor — we access and assess candidate data solely on your instructions and for the purpose of delivering the agreed screening service.
This relationship is governed by the Data Processing Agreement (DPA) included with every engagement, which sets out our respective obligations under GDPR Article 28.

You are responsible for ensuring that your candidates have been informed that their applications may be reviewed by a third-party screening service, and that your use of Hire Decoded is consistent with your own privacy policy and GDPR obligations.

We do not retain, copy, share, or use candidate data beyond what is strictly necessary to complete the screening engagement. Any notes made during the screening process are included in the shortlist pack delivered to you and are not retained by Hire Decoded after delivery.

4. How we use your data

We use personal data collected from clients for the following purposes only:

To deliver the contracted screening service — contact details and intake form data are used to complete the engagement and communicate with you throughout.
To process payment — handled entirely by Stripe on our behalf.
To respond to queries and provide support — correspondence is used to resolve client queries.
To comply with legal obligations — including retention of transaction records for Irish Revenue purposes.

We do not use your data for marketing purposes without your consent, and we do not share it with third parties for their own commercial purposes.

5. Legal basis for processing

Contract performance (Article 6(1)(b)): Processing client contact and intake data to deliver the contracted screening service.
Legal obligation (Article 6(1)(c)): Retaining transaction records for tax and accounting purposes as required by Irish law.
Legitimate interests (Article 6(1)(f)): Responding to client queries and maintaining basic website analytics.

6. Third parties and data processors

We use the following third-party services:

Stripe — payment processing. Privacy policy
Tally — client intake forms. Privacy policy
Netlify / Framer — website hosting. May process IP addresses and anonymised usage data.

We do not share your data with any other third parties for commercial purposes. The client's ATS or hiring system is accessed using credentials provided by the client — that system is operated by the client and governed by their own data processor arrangements.

7. How long we keep your data

Client contact and engagement data: Retained for the duration of the engagement and for 12 months afterwards for support purposes, then deleted.
Transaction records: Retained for 7 years from the date of the transaction as required by Irish Revenue.
Intake form submissions: Retained only for the duration of the active engagement, then deleted.
General correspondence: Retained for up to 12 months after the matter is resolved, then deleted.

8. Your rights under GDPR

As a data subject under GDPR, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing based on legitimate interests. To exercise any of these rights, contact us at hello@hiredecoded.com. We will respond within one month.

Note: as a client, if you wish to exercise rights on behalf of candidates whose data was processed during an engagement, those requests should be directed to you as the data controller for candidate data. We will cooperate with any such requests within the terms of the DPA.

9. Cookies

Our website uses a small number of cookies for technical functionality and basic analytics. We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings.

10. International data transfers

Some third-party processors (including Stripe and Tally) may process data outside the EEA. Where this occurs, appropriate safeguards including Standard Contractual Clauses apply as required under GDPR Chapter V.

11. Contact us

Hire Decoded
Email: hello@hiredecoded.com
Website: hiredecoded.com

12. How to make a complaint

You have the right to lodge a complaint with the Data Protection Commission (DPC):

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Website: dataprotection.ie
Phone: +353 (0)76 110 4800

We would ask that you contact us in the first instance so we can attempt to resolve any concern directly.

13. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. The date at the top of this page shows when it was last updated. Material changes will be communicated to active clients by email.