Candidate Privacy Statement
RavenPack International | This policy was last updated on Aug 11, 2025
Your privacy and trust are important to us and this Privacy Statement (“Statement”) provides important information about how RavenPack International S.L. and its affiliated companies and subsidiaries (together "RavenPack,” “we,” or “us”) handle personal information. This Statement applies to any RavenPack website, application, product, software, or service of our that hyperlinks to this Statement (collectively, our “Services”).
RavenPack International S.L., with registered office at Centro de Negocios Oasis, Urb. Villa Parra, Ctra. de Cádiz Km. 176 29602, Marbella Spain, is the Data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 (GDPR). We are responsible for determining the purposes and means of the processing of your personal data as described in this Statement.
This Statement does not generally apply to individuals whose personal information forms part of the content included within our products, although you can find further information on that topic here.
Please read this Statement carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices. It is important that you check back often for updates to this Statement. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email.
1. Information We Collect
RavenPack is committed to handling personal information responsibly and protecting it in accordance with applicable data protection laws.
Personal information means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when necessary to provide our Services and for our operational and business purposes, as described in this Statement. Our aim is to be transparent about our privacy practices so that you can make informed decisions about your information. You are encouraged to contact us at any time with questions or concerns.
We may collect various types of personal data during the recruitment process, including:
- Contact Information:
Name
Address
Email address
Phone number
- Application Information:
- Interview Information:
Notes from interviews
Assessment results
- Background Check Information (if applicable and with your consent):
Sensitive Personal Information
In certain cases, we may collect and process what is considered sensitive personal information (Article 9 GDPR). Examples of when we may collect such information include:
Processing payments for purchases or subscriptions (requiring financial or bank card details)
Providing Tax & Accounting Services (requiring financial and tax data)
Offering location-based features (requiring precise geolocation)
Managing recruitment processes (requiring identification documents)
Sensitive personal information will always be handled in accordance with applicable data protection laws and only when necessary for the purposes described in this Statement.
How We Collect Personal Information
We may collect personal information directly from you in situations such as when you:
Information collected may include, for example, your name, postal address, phone number, email address, username and password, and information about your device.
Not all personal information we hold about you will necessarily come directly from you. In some cases, it may be provided by:
Your employer or an organization to which you belong (e.g., a RavenPack Enterprise customer)
Professional service providers acting on your behalf (e.g., tax or legal advisors)
Partners, service providers, or publicly available sources
We may also collect personal information from third parties to help us provide and improve our Services, maintain accurate records, and offer products or services that may be of interest to you. In addition, our servers, logs, and related technologies may automatically collect certain technical and usage information to help us administer, protect, and enhance our Services, analyze usage trends, and improve user experience.
2. How We Use Your Information
We process personal information only for specific, explicit, and legitimate purposes, in accordance with applicable data protection laws.
The table below summarises the purposes of processing, the corresponding legal bases, and the applicable retention periods.
Purpose of Processing Legal Basis Data Retention
Account setup and administration – including creating and managing accounts, verifying identity, providing customer and technical support, and sending essential service communications.
Performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR).
For the duration of the contractual relationship and up to 10 years thereafter to address potential claims, unless a longer period is required by law.
Personalisation of services – delivering tailored content (e.g., news, research, reports), including geolocation-based features where enabled by the user.
Consent (Art. 6(1)(a) GDPR) for optional features such as geolocation; contract performance for core personalisation features.
Until consent is withdrawn or, for contractual purposes, for the duration of the contractual relationship.
Marketing and events – sending promotional communications, event invitations, and related updates via email, phone, SMS, direct mail, or online.
Consent (Art. 6(1)(a) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).
Until consent is withdrawn or, for legitimate interest-based communications, until an opt-out request is received.
Contact forms – responding to user queries submitted via the website.
Consent (Art. 6(1)(a) GDPR).
For the time necessary to process the request and, if applicable, up to 10 years thereafter to address potential claims.
Event registration – managing participation in events organised by RavenPack.
Consent (Art. 6(1)(a) GDPR).
For the duration of the event plus 1 year for administrative purposes, unless longer storage is required by law.
Advertising purposes – sending promotional offers and product news when expressly authorised.
Consent (Art. 6(1)(a) GDPR).
Until consent is withdrawn.
Surveys and polls – conducting market research and service feedback activities.
Consent (Art. 6(1)(a) GDPR).
Until results are aggregated/anonymised, or until consent is withdrawn.
Community forums, chat rooms, and messaging – enabling collaboration and content sharing.
Consent (Art. 6(1)(a) GDPR) by posting content.
Data remains public until removed by the user or upon withdrawal of consent.
Legal obligations – complying with legal and regulatory requirements, responding to lawful requests, and preventing fraud or crime.
Compliance with a legal obligation (Art. 6(1)(c) GDPR).
As required by the applicable legislation.
Legal defense
Legitimate interest (Art. 6(1)(f) GDPR).
10 years.
3. How We Share Your Information
RavenPack shares personal information only when necessary for the purposes described below and always in accordance with applicable data protection and security requirements.
We may share your personal data with the following parties:
Within RavenPack (employees and contractors)To provide Services, manage accounts, deliver customer and technical support, conduct sales and marketing, and support business/product development.Access granted only to authorised personnel; all are bound by RavenPack’s internal privacy and security policies.
Third-Party Service ProvidersTo provide outsourced services such as software and platform support, direct marketing, cloud hosting, advertising, analytics, order fulfilment, and delivery.Providers receive only the information necessary to perform contracted services and are prohibited from using it for other purposes.
Legal and Regulatory AuthoritiesTo comply with applicable laws, respond to lawful requests, prevent or investigate illegal activities, or protect RavenPack’s rights, safety, and property.Disclosures made only when legally required or permitted; may involve authorities outside your country of residence.
E-Recruitment PartnersTo process job applications submitted via RavenPack’s e-recruitment services, including sharing with the organisation to which the candidate has applied.May include transfer to the organisation’s other offices globally; handled in compliance with applicable data protection laws.
4. Where we store and process personal information
RavenPack is a global organization and your personal data may be stored, processed, and transferred across borders, including outside your country of residence. We ensure that any processing of personal data is carried out in compliance with this Privacy Statement and in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where relevant.
RavenPack operates networks, databases, servers, systems, support, and help desks across multiple countries worldwide. To support our business operations, workforce, and customers, we collaborate with third-party service providers such as cloud hosting services, technology suppliers, and support vendors located globally. We take all necessary steps to ensure that personal data processed by RavenPack and its partners is secured, handled lawfully, and transferred in compliance with applicable legal frameworks.
Data Transfers Outside the European Economic Area (EEA)
When personal data is transferred from the European Economic Area (EEA) to countries that do not provide an adequate level of data protection as recognized by the European Commission under Article 45 GDPR, we implement appropriate safeguards to ensure that your rights under the GDPR continue to apply. Such safeguards may include, but are not limited to:
Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46 GDPR);
Binding Corporate Rules (BCRs) for intra-group transfers (Article 47 GDPR);
Multi-party data transfer agreements;
Other measures designed to ensure an adequate level of protection consistent with GDPR requirements.
If you wish to obtain more detailed information regarding the specific transfer mechanisms we use or to receive a copy of the relevant safeguards, please contact our Data Protection Officer.
5. Your Rights
As a data subject, you have the following rights concerning the personal data we process about you, in accordance with the EU General Data Protection Regulation (GDPR):
Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether we process your personal data, and, where that is the case, to access such data and receive information about its processing.
Right to Rectification (Article 16 GDPR): You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17 GDPR): You may request the deletion of your personal data where processing is no longer necessary, you withdraw consent, or other legal grounds apply.
Right to Restriction of Processing (Article 18 GDPR): You can request that we restrict the processing of your personal data in certain circumstances, for example, when you contest the accuracy of the data or object to processing pending verification.
Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
Right to Object (Article 21 GDPR): You may object to the processing of your personal data on grounds relating to your particular situation, including profiling and direct marketing, unless we demonstrate compelling legitimate grounds for the processing.
Right to Withdraw Consent (Article 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact our Data Protection Officer at privacy@ravenpack.com.
6. Security Measures
RavenPack places the utmost importance on the security of personal data and employs appropriate technical and organizational measures in compliance with Articles 5(1)(f) and 32 GDPR to protect personal information against accidental loss, unauthorized access, use, alteration, or disclosure.
Our information security policies and procedures are aligned with widely recognized international standards and are subject to regular review and updates in response to evolving business needs, technological developments, and legal obligations.
Specifically, we implement:
Measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data;
A comprehensive Business Continuity and Disaster Recovery plan to ensure ongoing service availability and protection of personnel and assets;
Access control restrictions to limit personal data access strictly to authorized personnel;
Physical and technical security controls including encryption, monitoring, and secure data transfer protocols;
Privacy Impact Assessments (PIAs) conducted in accordance with legal requirements and internal policies.
Training and Vendor Risk Management
To ensure continuous compliance with data protection and information security standards, RavenPack provides regular mandatory training on privacy, security, and related regulatory requirements to all employees and contractors with access to personal data.
Furthermore, our relationships with third-party vendors and service providers are governed by contractual agreements that require them to adhere to strict security measures and data protection obligations consistent with our policies. We conduct ongoing vendor risk assessments and security reviews to ensure that entrusted personal data is properly safeguarded.
7. Changes to This Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website or by other appropriate means.
8. Contact Us
We understand that you may have questions or concerns about this Statement or our privacy practices or may wish to file a complaint.
Please feel free to contact us in one of the following ways:
To the attention of the Data Protection Officer
Email: privacy@ravenpack.com
RavenPack International SL
Centro de Negocios Oasis, Urb. Villa Parra, Ctra. de Cádiz Km. 176 29602, Marbella -Spain
