Privacy Notice
Last updated: January 2025
Introduction
Marxel (“we”, “us”, “our”) operates an applicant tracking system that helps businesses manage their recruitment process. This privacy notice explains how we collect, use, store, and protect personal data when you use our services.
We are committed to protecting your privacy and handling your data in an open and transparent manner. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable data protection laws.
Who This Notice Applies To
This notice applies to:
- Customers: Businesses and individuals who use Marxel to manage recruitment
- Candidates: Individuals whose personal data is uploaded to Marxel by our customers
- Website visitors: Individuals who visit our website
Data We Collect
Customer Data
When you sign up for Marxel, we collect:
| Data Type | Purpose | Lawful Basis |
|---|---|---|
| Name and email address | Account creation and communication | Contract performance |
| Company name | Account setup | Contract performance |
| Billing information | Payment processing | Contract performance |
| Usage data | Service improvement and support | Legitimate interest |
Candidate Data
Our customers upload candidate data to Marxel. This may include:
| Data Type | Purpose | Lawful Basis |
|---|---|---|
| Name and contact details | Recruitment management | Legitimate interest of our customer |
| CV/resume content | Recruitment assessment | Legitimate interest of our customer |
| Employment history | Recruitment assessment | Legitimate interest of our customer |
| Education history | Recruitment assessment | Legitimate interest of our customer |
| Interview notes and assessments | Recruitment decisions | Legitimate interest of our customer |
| Communication history | Recruitment management | Legitimate interest of our customer |
Important: For candidate data, our customers are the data controllers. We act as a data processor on their behalf. If you are a candidate and wish to exercise your data rights, please contact the company that collected your information directly. You may also contact us at hello@marxel.co and we will direct your request appropriately.
Website Visitor Data
When you visit our website, we collect:
| Data Type | Purpose | Lawful Basis |
|---|---|---|
| IP address | Security and analytics | Legitimate interest |
| Browser and device information | Service optimisation | Legitimate interest |
| Pages visited | Analytics and improvement | Consent (via cookies) |
How We Use Your Data
We use personal data to:
- Provide and maintain our services
- Process payments and manage subscriptions
- Send service-related communications
- Provide customer support
- Improve our services
- Comply with legal obligations
- Detect and prevent fraud
We do not sell your personal data to third parties.
AI Features
Marxel uses artificial intelligence to enhance certain features. When AI features are used:
- Candidate data may be processed by OpenAI's API
- Data is used only to provide the requested feature
- We have a Data Processing Agreement with OpenAI
- Data is not used to train AI models
You can opt out of AI features by contacting us at hello@marxel.co.
Data Sharing and Third Parties
We share data with the following service providers who process data on our behalf:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Vercel | Application hosting | USA | Standard Contractual Clauses |
| Railway | Database hosting | USA | Standard Contractual Clauses |
| Resend | Transactional email | USA | Standard Contractual Clauses |
| Stripe | Payment processing | USA | Standard Contractual Clauses |
| PostHog | Product analytics | EU/USA | Standard Contractual Clauses |
| Google Analytics | Website analytics | USA | Standard Contractual Clauses |
| OpenAI | AI-powered features | USA | Standard Contractual Clauses |
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Data Transfers
Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States.
When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreement where applicable
- Adequacy decisions where available
You can request a copy of the relevant safeguards by contacting us at hello@marxel.co.
Data Retention
We retain personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Customer account data | Duration of account plus 2 years |
| Candidate data | 2 years from date of upload, unless deleted earlier by customer |
| Billing and transaction records | 7 years (legal requirement) |
| Website analytics | 26 months |
Our customers can configure shorter retention periods for candidate data within their account settings. Customers may also delete candidate data at any time.
After the retention period, data is securely deleted or anonymised.
Your Rights
Under UK and EU data protection law, you have the following rights:
Right of Access
You can request a copy of the personal data we hold about you.
Right to Rectification
You can request that we correct inaccurate or incomplete personal data.
Right to Erasure
You can request that we delete your personal data in certain circumstances.
Right to Restrict Processing
You can request that we restrict how we process your personal data.
Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
Right to Object
You can object to our processing of your personal data based on legitimate interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at hello@marxel.co.
We will respond to your request within 30 days. There is no fee for making a request, unless your request is clearly unfounded or excessive.
For candidates: If your data was uploaded by one of our customers, please contact that organisation directly to exercise your rights. You can also contact us and we will help direct your request.
Cookies
We use cookies and similar technologies on our website.
Essential Cookies
Required for the website to function. Cannot be disabled.
Analytics Cookies
Help us understand how visitors use our website. We use:
- PostHog — Product analytics
- Google Analytics — Website analytics
You can manage your cookie preferences through our cookie banner or your browser settings.
Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS)
- Encryption of data at rest
- Access controls and authentication
- Regular security reviews
- Employee training on data protection
Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at hello@marxel.co.
Changes to This Notice
We may update this privacy notice from time to time. We will notify you of significant changes by:
- Posting a notice on our website
- Sending an email to registered customers
We encourage you to review this notice periodically.
Complaints
If you have concerns about how we handle your personal data, please contact us first at hello@marxel.co.
You also have the right to lodge a complaint with a supervisory authority:
EU: You may contact your local data protection authority.
Contact Us
For any questions about this privacy notice or our data practices:
Email: hello@marxel.co
Data Protection Contact: hello@marxel.co
Summary
| What | Details |
|---|---|
| Who we are | Marxel, United Kingdom |
| What we collect | Customer data, candidate data (as processor), website data |
| Why we collect it | Service delivery, legal compliance, improvement |
| Who we share with | Service providers listed above |
| How long we keep it | 2 years for candidate data, varies for other data |
| Your rights | Access, rectification, erasure, portability, objection |
| How to contact us | hello@marxel.co |
See also our Terms of Service or contact us with any questions.