Skip to main content

Your GDPR Rights

A comprehensive guide to your data protection rights under the EU General Data Protection Regulation

Last Updated: March 30, 2026

Who Can Exercise GDPR Rights?

You can exercise these rights if you are:

  • Located in the European Union (EU) or European Economic Area (EEA)
  • A UK resident (UK GDPR applies with equivalent rights)
  • An EU/EEA/UK citizen living outside these regions (certain rights still apply)

Introduction

The General Data Protection Regulation (GDPR) grants individuals in the European Union comprehensive rights over their personal data. This guide explains each of your eight fundamental rights under Articles 15-22 of the GDPR, how to exercise them, and what to expect from DAKDAN Talent.

These rights are free to exercise (with limited exceptions for excessive requests), and DAKDAN Talent is legally obligated to respond within specific timeframes.

Your Eight Fundamental GDPR Rights

1. Right of Access (Article 15)

"Subject Access Request" or "SAR"

What This Means

You have the right to obtain confirmation that we process your personal data and receive a copy of that data, along with supplementary information about how we use it.

Information You'll Receive

  • Confirmation of whether we process your personal data
  • Copy of the personal data we hold about you
  • Categories of data collected
  • Purposes of processing
  • Categories of recipients who receive your data
  • Retention periods or criteria for determining them
  • Your other GDPR rights
  • Source of the data (if not collected from you)
  • Existence of automated decision-making, including profiling
  • Safeguards for international data transfers

How to Exercise

Submit a request via our Data Subject Request Portal or email dpo@dakdantalent.com with subject "GDPR Access Request."

Response Time

Within 30 days (extendable to 60 days for complex requests with notification)

2. Right to Rectification (Article 16)

Correct inaccurate or incomplete data

What This Means

You can request correction of inaccurate personal data or completion of incomplete data. We must rectify without undue delay.

Examples

  • Correcting misspelled name or email address
  • Updating outdated employment history
  • Adding missing qualifications or certifications
  • Fixing incorrect graduation dates
  • Updating changed contact information

How to Exercise

Most corrections can be made directly in your account settings. For data you cannot edit yourself, submit a request via our Data Subject Request Portal.

Response Time

Within 30 days (corrections will be communicated to recipients of your data where applicable)

3. Right to Erasure "Right to be Forgotten" (Article 17)

Request deletion of your personal data

What This Means

You can request deletion of your personal data when one of the following grounds applies:

When Erasure Applies

  • Data is no longer necessary for the purposes it was collected
  • You withdraw consent (and no other legal basis exists)
  • You object to processing and no overriding legitimate interests exist
  • Data has been unlawfully processed
  • Data must be erased to comply with legal obligations
  • Data was collected from a child for online services

Exceptions (When We Can Refuse)

We may retain data when necessary for:

  • Compliance with legal obligations (tax, employment law, etc.)
  • Establishment, exercise, or defense of legal claims
  • Archiving purposes in the public interest
  • Freedom of expression and information

How to Exercise

Submit a deletion request via our Data Subject Request Portal or delete your account directly in account settings.

Response Time

Within 30 days (deletion will be permanent and may affect your ability to use services)

4. Right to Restriction of Processing (Article 18)

Limit how we use your data

What This Means

You can request that we restrict processing of your data (we can store it but not use it) in specific circumstances:

When Restriction Applies

  • Accuracy Challenge: While we verify the accuracy of disputed data
  • Unlawful Processing: You oppose erasure and prefer restriction instead
  • No Longer Needed: We no longer need the data, but you need it for legal claims
  • Objection Pending: While we verify whether our legitimate grounds override yours

What Happens During Restriction

During restriction, we will:

  • Store the data but not process it further
  • Only use it with your consent or for legal claims/protection of rights
  • Inform you before lifting the restriction

Response Time

Within 30 days (restriction will be applied immediately upon verification)

5. Right to Data Portability (Article 20)

Receive and transfer your data

What This Means

You can receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and transmit it to another controller.

When Portability Applies

This right applies only when:

  • Processing is based on consent or contract performance
  • Processing is carried out by automated means

Data Included

You can port:

  • Profile information (name, contact, education, work history)
  • Resume and application materials
  • Account settings and preferences
  • Application history and saved jobs
  • Communication records

Available Formats

We provide data in JSON (default), CSV, or XML format. You can also request direct transmission to another service (where technically feasible).

Response Time

Within 30 days (data will be provided via secure download link)

6. Right to Object (Article 21)

Object to certain types of processing

What This Means

You can object to processing of your data in specific situations:

Grounds for Objection

  • Legitimate Interests: Object to processing based on our legitimate interests (unless we can demonstrate compelling legitimate grounds)
  • Direct Marketing: Absolute right to object to marketing at any time (we must stop immediately)
  • Profiling: Object to automated profiling for marketing purposes
  • Scientific/Historical Research: Object unless processing is necessary for public interest tasks

Marketing Objection

Immediate Effect: If you object to marketing, we will cease all marketing communications immediately. You can also use the "unsubscribe" link in any marketing email.

Response Time

Marketing: Immediate cessation
Other Objections: Within 30 days (we will assess whether our legitimate grounds override)

7. Rights Related to Automated Decision-Making (Article 22)

Protection from automated decisions without human oversight

What This Means

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you.

DAKDAN Talent's Automated Processing

We use AI-powered systems for:

  • Candidate-Job Matching: Recommending jobs based on your profile
  • Resume Screening: Ranking applications for employers
  • Skill Assessment: Analyzing competencies from your experience

Your Protections

Important: No final hiring decisions are made solely by AI

  • All automated scores/rankings are recommendations only
  • Human recruiters make final hiring decisions
  • You can request human review of automated recommendations
  • You can obtain explanation of automated decision logic
  • You can challenge automated decisions

How to Exercise

Request human review or explanation by contacting dpo@dakdantalent.com or via our Data Subject Request Portal. See our AI Terms of Service for more details.

8. Right to Withdraw Consent (Article 7)

Withdraw previously given consent

What This Means

Where we process your data based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Examples of Consent-Based Processing

  • Marketing communications (newsletters, job alerts)
  • Optional cookies and tracking
  • Sensitive data processing (diversity information, disability accommodations)
  • Profile photo usage for identification
  • Participation in research studies

How to Exercise

Withdrawing consent is as easy as giving it:

  • Email preferences: Click "unsubscribe" or manage in account settings
  • Cookies: Update preferences via cookie banner or Cookie Policy
  • Sensitive data: Contact dpo@dakdantalent.com

Response Time

Immediate effect (processing will cease upon withdrawal, though historical processing remains lawful)

📋How to Exercise Your Rights

Method 1: Data Subject Request Portal (Recommended)

Use our dedicated portal for the fastest processing:

→ Go to Data Subject Request Portal

Method 2: Email

Email: dpo@dakdantalent.com
Subject: "[GDPR Right Name] Request"

Method 3: Account Settings

For simple changes (rectification, withdrawal of consent), use your account settings dashboard.

What to Include in Your Request

  • Your full name and email address associated with your account
  • Clear description of which right you want to exercise
  • Sufficient information for us to verify your identity
  • Preferred format for data portability requests (if applicable)

Identity Verification

To protect your privacy, we must verify your identity before responding to requests. We may ask for:

  • Email verification (verification code sent to registered email)
  • Account login credentials
  • Additional identifying information (last 4 digits of phone, birthdate)
  • For high-sensitivity requests: Government-issued ID

Authorized Representatives

You may authorize someone to exercise rights on your behalf. We will require proof of authorization (e.g., power of attorney, written consent with signature).

Response Timeframes

GDPR mandates specific response times:

Request TypeStandard TimeframeExtension Possible
Access (SAR)30 days+30 days (complex)
Rectification30 days+30 days
Erasure30 days+30 days
Restriction30 days+30 days
Portability30 days+30 days
Objection (Marketing)ImmediateN/A
Objection (Other)30 days+30 days
Withdraw ConsentImmediateN/A

If we need more time for complex requests, we will inform you within 30 days and explain the reasons for the extension.

Fees and Charges

Free of Charge

Exercising your GDPR rights is completely free in most cases.

We may charge a reasonable fee only when:

  • Your request is clearly unfounded or excessive (especially if repetitive)
  • You request multiple additional copies beyond the first free copy

We will inform you of any fees before processing your request.

Right to Lodge a Complaint

If you believe we have not handled your request appropriately or are violating GDPR, you have the right to lodge a complaint with a supervisory authority.

EU/EEA Supervisory Authorities

You can complain to the supervisory authority in:

  • Your country of residence
  • Your place of work
  • The place where the alleged infringement occurred

Find Your Supervisory Authority

European Data Protection Board (EDPB) maintains a list of all EU/EEA supervisory authorities:

→ View EDPB Members List

UK Supervisory Authority

Information Commissioner's Office (ICO)

Website: www.ico.org.uk/make-a-complaint
Phone: 0303 123 1113

Important: Lodging a complaint with a supervisory authority does not affect your right to seek judicial remedy. You can also pursue legal action through courts.

Contact Us

Data Protection Officer

Email: dpo@dakdantalent.com

EU Representative (GDPR Article 27)

Email: eu-privacy@dakdantalent.com

UK Representative (UK GDPR Article 27)

Email: uk-privacy@dakdantalent.com

Data Subject Request Portal

→ Submit a Request

Related Privacy Resources

→ Privacy Policy→ EU Privacy Policy→ CCPA Rights (California)→ Data Subject Request Portal→ Data Privacy Framework→ Privacy Center