Candidate Manager is fully committed to protecting the privacy of the users of our software / site. This policy outlines this commitment to you as we want to be able to provide you with a user experience that is safe and secure. We want to ensure to our best efforts that any information you give us remains private and used only for the purposes outlined in this policy. Please note that by using our Site, you signify that you agree with the terms of our Privacy Policy 

Application information

If you apply for a vacancy advertised on a website powered by Candidate Manager software that is understood to be permission by you to send your personal details to the recruiter for that vacancy.

Candidate Manager

Candidate Manager is an online recruitment management software system licensed by Candidate Manager Limited to 3rd party clients for the purposes of administrating candidate applications/CV’s the client receives via websites.
In relation to IT performance issues, Candidate Manager cannot take responsibility for any IT faults which arise on the applicant or recruiter side during the application or processing of CV’s.

Privacy Notice

This Privacy Notice explains the use and processing of personal data by [Candidate Manager Limited] a company incorporated in Ireland with registered number [376720] whose registered office is at [Waterways House, Grand Canal Quay, Dublin 2, D02 NF40, Ireland] (“Candidate Manager”, “we”, “us”, “our”) when you access and browse this website [https:/] (“Website”) and when you use a contact us via the Website.

Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your data protection rights.  The Website is not intended for children and we do not knowingly collect personal data relating to children.

  • Controller
    • Candidate Manager is the controller and responsible for the personal data we obtain from your use of the Website, as described in this Privacy Notice.
    • If you are a corporate customer (i.e. direct employer, recruiter, agency or consultant) (“Customer”) who has subscribed for a license to use our recruitment management software system for the purpose of administering candidate applications and CVs (“Candidate Manager Solution”) and you access the Candidate Manager Solution via the Client Login page of this Website, please note that this Privacy Notice does not govern access and use of the Candidate Manager Solution. If you are a Customer, our data protection arrangements with you are governed by our service contract with you.
    • If you are a job candidate who applies to a Customer for a job and/or if you submit personal data to a Customer who use the Candidate Manager Solution please note that we are not controller of your personal data. We encourage you to read the privacy notice of any Customer with whom you share your personal data.
  • The personal data we collect about you
    • We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
  • Identity Data such as [name].
  • Contact Data such as [email address].
  • Technical Data such [internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website].
  • Usage Data includes [information about how you use the Website].
    • [We also collect, use and share aggregated data such as statistical or demographic data for various purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.]
    • Where we need to collect personal data by law, or under the terms of a contract we have with you (e.g. Terms of Use) and you fail to provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to provide all or part of the relevant service.
  • How we collect your personal data
    • Direct Interactions: You may give us your [Identity and Contact Data] and the nature of your query when filling in a contact us / get in touch form on the Website. You may also give us personal data by corresponding with us by post, phone, email or otherwise.
    • Automated technologies or interactions: As you interact with the Website, we collect Technical Data and Usage Data including details of your device, browsing actions and patterns, searches, sections view, traffic data, web logs and other communication data and the resources that you access. We collect this personal data by using cookies, tracking codes, server logs and other similar technologies.  We may also receive Technical Data about you if you visit other websites employing our cookies.  Please see our cookie policy [] for further details[1].
    • Third party sources: We may receive personal data about you from various third parties as set out below:
      • Technical and Usage Data from Hotjar and analytics providers [such as Google based outside the EU];
      • Identity, Contact, Financial and Transaction Data from providers of technical services such as Intercom and Lead Forensics.
    • How do we use your personal data?
      • We will only use your personal data when the law allows us to. We have set out below  a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.  We have also identified what our legitimate interests are where appropriate.  We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.  Please Contact Us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.



Purpose/activity Type of Data Lawful basis for processing your personal data
To respond to any queries you submit through the Website


[Identity and Contact Data] (a) Performance of a contract with you

(b) Necessary for our legitimate interests (for running our business and to develop new business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) [Identity, Contact and Technical Data]


(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To manage our relationship with you which will include notifying you about changes to our terms or privacy notice [Identity and Contact Data] (a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated)

To use data analytics to improve our website, services, customer relationships and experiences


[Technical and Usage Data]


Necessary for our legitimate interests (to define types of customers for our services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)


  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
  • Disclosures of your personal data
    • Except as set out in this Privacy Notice, we do not disclose to any third party personal data that we collect or you provide to us. We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4.1.
      • Internal third parties: Companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for the provision of and administration of the Website.
      • External third parties: Companies that provide products and services to us such as professional advisors, IT systems suppliers and support, data storage, IT developers, insurance, analytics companies, website hosting providers and other service providers.
      • Public and Government Authorities: Entities that regulate or have jurisdiction over us. We will disclose your personal data in order to comply with any legal obligation, if we are ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authorities or in order to enforce or apply our [Terms of Use] and other agreements, or to protect the rights, property, or safety of Candidate Manager, our customers, Website users or others.
      • Corporate activity: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.  If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
    • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.  Unless prevented by applicable law, we will notify you when your personal data may be provided to third parties in ways other than explained above, and you may have the option to prevent such sharing at the time that we notify you.
  • International transfers
    • Your personal data may be transferred, stored and accessed within the European Economic Area (“EEA”) or transferred to, stored in, and accessed from countries outside the EEA in order to fulfil the purposes described in this Privacy Notice. For transfers to countries outside the EEA, the data protection regime may be different than in the country in which you are located and will therefore be based on a legally adequate transfer method.  Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is given to it by ensuring at least one of the following safeguards is implemented:
      • Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
      • We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
      • Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
    • We will provide you on request a list of the countries located outside the EEA to which personal data may be transferred, and an indication of whether they have been determined by the European Commission to grant adequate protection to personal data. Where applicable, you are entitled, upon request to receive a copy of the relevant safeguard (for example, EC model contractual clauses) that have been taken to protect personal data during such transfer.
  • Data security

The Website has security measures in place intended to protect against the loss, misuse and alteration of the personal data under our control.  Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure.  As a result, while we strive to protect your personal data, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.  Once we receive your transmission, we make reasonable efforts to ensure its security on our systems.  Firewalls, intrusion detection and virus scanners are used on all parts of the Website.  Encryption during transmission is also used on sections of the Website where security is particularly important.

By using our services, clients voluntarily agree to receive SMS messages for the sole purpose of enhancing their account security through two-factor authentication during the login process. These SMS messages serve as an additional layer of protection to safeguard their accounts from Unauthorised access and ensure the privacy and integrity of their personal information.

  • How long we keep your personal data

We keep your personal data for no longer than is allowed under applicable data protection law and, in any case, no longer than such personal data is necessary for the purpose for which it was processed.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  We also retain personal data if required by applicable law or regulation or is justified under applicable statutory limitation periods.

  • Third Party Websites

This Privacy Notice does not address, and we are not responsible for, the privacy, information or other practices of any third-party website, including any third party operating any website to which the Website contains a link.  The inclusion of a link on the Website does not imply endorsement of the linked website by us.  When you leave the Website, we encourage you to read the privacy notice of every website you visit.

  • Your legal rights
    • Under certain circumstances data subjects have rights under data protection law in relation to personal data, namely:
      • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
      • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
      • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law.  We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
      • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
      • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
      • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.  Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal data to perform a contract with you.
    • To exercise one or more of your rights in respect of your personal data, please contact us using the Contact Us details below. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
    • Contacting the data protection supervisory authority: Data subjects have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues (  We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission so please contact us in the first instance using the information listed in Contact Us below.
    • Updating your personal data: It is important that the personal data we hold about you is accurate and current.  Please keep us informed, using the Contact Us details below if any of your personal data changes during your relationship with us.
  • Changes to this Notice:

We will change this Privacy Notice from time to time and any changes will be posted to the Website.  This version of the Privacy Notice was last updated on 24/5/2018. 

  • Contact Us

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the following details: The Data Protection Officer, The Stepstone Group Ireland Recruit Ltd, Waterways House, Grand Canal Quay, Dublin 2, D02 NF40, Ireland, or alternatively address your query to the Data Protection Officer through

© 2024 Candidate Manager LTD