At GoHire, we are fully committed to protecting the personal data of our clients and their candidates in accordance with the UK General Data Protection Regulation (UK GDPR) and EU GDPR. We take our responsibilities as a data processor seriously and provide features to help our clients (as data controllers) remain compliant.
The General Data Protection Regulation (GDPR) is a legal framework that governs the collection, use, and protection of personal data of individuals within the UK and EU. Any organisation processing personal data from these regions — including recruitment data — must comply with GDPR requirements.
When using GoHire to collect and manage applications, your organisation is the data controller. This means you determine what data is collected, why it’s processed, how long it’s kept, and who it’s shared with.
As a controller, you are responsible for:
Providing candidates with a privacy notice
Determining a lawful basis for processing data
Responding to subject access and deletion requests
Ensuring appropriate retention and data hygiene policies
GoHire gives you the tools and infrastructure to help meet these obligations efficiently.
GoHire acts as a data processor, meaning we process candidate data only under your instructions and never for our own purposes. Our obligations and responsibilities are defined in our Data Processing Agreement (DPA), which forms part of our Terms of Service.
We have implemented a comprehensive GDPR compliance programme and offer features that include:
Customisable candidate consent tools
Full access and deletion controls for applicant data
Data retention policy enforcement options
Detailed activity logs and audit trails
Encryption at rest and in transit (AES-256 / HTTPS)
All data stored in the United Kingdom (AWS London region)
You can find GDPR-specific settings in your GoHire dashboard under Settings > GDPR.
Data is hosted in ISO 27001-certified data centres via Amazon Web Services (AWS), London.
All web traffic is encrypted via HTTPS.
All stored data is encrypted using AES-256.
Access to personal data is strictly limited to authorised personnel.
We regularly conduct security reviews and external audits.
See our Security page for more details
We work with a small number of trusted subprocessors to deliver our service (e.g. email, infrastructure). We maintain an up-to-date list of subprocessors here, including their location and purpose.
If you have specific questions about how GoHire handles GDPR, or if you need help fulfilling a data subject request, please contact: support@gohire.io.