Recruitment
Privacy Notice

Effective Date: May 5, 2026
Last Updated: May 5, 2026
Abstract blue gradient background with darker and lighter blue shades.

If you are reading this notice, you are considering applying, or have already applied, for a role with us.

1. Who we are (Data controller)

We are Dataflow Forensics Inc., a Delaware corporation (“DATAFLOW”, “we”, or “our”).

For the processing activities described in this notice, DATAFLOW acts as the data controller.

Privacy contact: privacy@df-f.com

2. What personal data we process

Depending on how you apply and how the process develops, we may process some or all of the following.

a) Data you provide directly

This may include:

  • Identification and contact details (name, email, phone number, country of residence, address)
  • CV/resume, cover letter, education, qualifications, languages, work history, skills, certifications,
    portfolio links, salary expectations, availability, and interview notes
  • Information collected from the online candidate’s profile (E.g. LinkedIn, Twitter etc.)
  • Referral information and references you choose to provide
  • Any other information you include in your application materials

Providing your data is voluntary, but if you do not provide the information we need, we may be unable to consider you for a role or proceed with the hiring process.

IF YOU SHARE PERSONAL DATA RELATING TO THIRD PARTIES (SUCH AS REFEREES OR YOUR FAMILIAR PERSONAL DATA), YOU ARE RESPONSIBLE FOR ENSURING YOU ARE AUTHORISED TO DO SO. YOU ASSUME ALL THE OBLIGATIONS AND RESPONSIBILITIES PRESCRIBED BY THE LAW, CONFERRING THE WIDEST INDEMNITY WITH RESPECT TO ANY DISPUTE, CLAIM, REQUEST FOR COMPENSATION FOR DAMAGE, ETC. THAT WE MAY RECEIVE FROM THIRD PARTIES WHOSE PERSONAL DATA WERE TRANSMITTED BY YOU AND THEREFORE PROCESSED IN VIOLATION OF THE APPLICABLE DATA PROTECTION LAWS.

b) Special categories of personal data

Your application may contain special categories of personal data (e.g., health, disability of oneself or a family member, racial or ethnic origin, religious beliefs, trade union membership). Please do not include such data unless strictly relevant to the role or required by law — for example, where the role is reserved for protected categories, you request reasonable accommodation, or processing is necessary for employment or social protection purposes. The collection of sensitive data is necessary to establish the relationship, or justified by determined and legitimate purposes, the processing will be based on fulfilling the obligations and exercising ours or your specific rights in the field of labor law and social security and social protection.

If such data is not relevant, we will not use it for evaluation.

c) Data from recruitment partners or referrers

We may receive your data from head-hunters, external recruiters, recruiting platforms, professional networking platforms, or employee referral sources. Where we receive your data from a third party, we expect that party to have a valid legal basis for sharing it with us.

d) Data from public professional sources

Where permitted by law, we may collect or supplement your data using publicly accessible professional sources (such as professional profiles, portfolios, publications, or professional directories), where relevant to assessing suitability or verifying your application.

e) Browser and device data

If you apply through our website, we may process technical data about your browser or device. See the privacy and cookie information at df-f.com.

3. Where we get your data

We collect personal data directly from you, from recruitment partners or referrers, from public professional sources, and from our website or application tools when you interact with them.

4. Why we process your data and the legal basis

a) To manage and assess your application

This includes receiving and reviewing your application, contacting you, arranging interviews, evaluating your qualifications and suitability, keeping records of the process, and responding to your questions.

Legal basis: necessary to take steps at your request prior to potentially entering into an employment or other working relationship.

b) To comply with legal obligations

Legal basis: compliance with a legal obligation to which we are subject.

c) To protect our legitimate interests

This includes protecting our company, personnel, systems, and services; preventing fraud and security incidents; verifying application information using limited public professional sources; and defending legal claims.

Legal basis: our legitimate interests in maintaining a secure recruitment process, protecting our business, and verifying information relevant to recruitment.

d) To retain your data for future opportunities

Where permitted by law, we may retain your application after a selection process ends to consider you for future relevant roles. This is particularly important in our sector, where qualified candidates with the specialised expertise we require are scarce.

Legal basis: our legitimate interest in maintaining a pipeline of qualified candidates for highly specialised roles. You may object at any time (see Section 8), and we will cease retention unless we demonstrate compelling legitimate grounds.

5. How we use your data

We process personal data using organisational, electronic, and manual means, with appropriate security measures. Your data may be reviewed by authorised personnel and, where relevant, combined with information from recruitment partners or public sources.

Automated tools and human review

We may use tools that support recruitment administration, organisation, scheduling, and review of candidate information. We do not make hiring decisions based solely on automated processing that produces legal effects or similarly significant effects. Final recruitment decisions involve human assessment.

6. With whom we share your data

We may share your data with:

  • authorised personnel within DATAFLOW, subject to confidentiality obligations
  • service providers / data processors acting on our behalf (hosting, HR technology provider, security provider, professional advisors, recruitment agencies under our instructions)
  • public authorities, regulators, law enforcement, or courts where required by law or necessary for legal claims

We require our data processors to act only on our instructions with appropriate contractual safeguards.

7. International transfers

Some recipients may be located outside the American territory. Where we transfer data outside the US territory, we rely on appropriate safeguards with any required supplementary measures.

Contact privacy@df-f.com for more information on the transfer mechanisms we use.

8. How long we keep your data

  • Active recruitment files: for the duration of the process and for 5 (five) years afterward for evaluation and administration.
  • Unsuccessful candidates / talent pool: for up to five years from when the data was shared with us or last updated, where justified by our ongoing recruitment needs and the difficulty of sourcing highly specialised technical profiles.
  • Legal compliance and disputes: as long as required by law or to establish, exercise, or defend legal claims.

You may request deletion before the end of the applicable retention period.

9. Your rights

Subject to applicable law, you may:

  • Access your data and related information
  • Rectify inaccurate or incomplete data
  • Erase your data in the cases provided by law
  • Restrict processing in the cases provided by law
  • Port the data you provided in a structured, commonly used, machine-readable format (where applicable)
  • Object to processing based on our legitimate interests, on grounds relating to your particular situation. We will stop unless we demonstrate compelling legitimate grounds or the processing is necessary for legal claims
  • Withdraw consent at any time where processing is based on consent (without affecting prior lawfulness)
  • Contest automated decisions and request human intervention, where applicable

How to exercise your rights: contact privacy@df-f.com. You can also contact the HR Partners who shared your application with us (e.g. LinkedIn) by writing to them.

Supervisory authority: you may lodge a complaint with the competent supervisory authority, including the authority where you live or work.

10. Scope

This notice covers only processing for which DATAFLOW acts as data controller in connection with recruitment. It does not cover processing by third parties acting as independent controllers (such as recruiting platforms or social media providers), who operate under their own privacy notices.

11. Changes

We may update this notice from time to time. The version on our website is the current version. We will provide appropriate notice of material changes where required by law.

Assume compromise Prove otherwise

Contact us
arrow right iconwhite arrow right icon
CONTACT
Contact Formsky blue arrow icon
Dataflow Forensics Logo

Powered by zero-day research. Built to detect what nothing else can. DFFIND detects targeted mobile intrusions on iOS and Android devices at scale by going beyond the sandbox to expose threats that were never meant to be found.

LinkedIn LogoX Logo
PRIVACY NOTICE
TERMS OF USE
Dataflow Forensics © 2026
footer text image
Black background with a blue and white glowing abstract shape on the top right.Blurred blue lights fading into black background, abstract glow effect.