We are committed to protecting the personal data of candidates who apply for positions with us. This Candidate Privacy Notice explains how we collect, use, and protect your personal data during our recruitment and selection process.
This notice applies to all candidates applying for roles at Multiverse Group Ltd (UK) and Stackfuel GmbH (Germany), including employees and contractors. This is a unified privacy notice, with jurisdiction-specific requirements clearly marked where applicable. Once you become an employee of Multiverse or Stackfuel, our separate Employee Privacy Notice will apply.
You can locate the defined terms contained in this notice at the end of this document.
During the recruitment process, we collect information about you to assess your suitability for the role. We refer to this information as "Personal Data" and it includes any information that may be used to identify you individually. Below outlines the Personal Data we may collect from you during recruitment. The following is a description of the Personal Data that may be collected from you throughout the recruitment process.
Personal Details - Name, address, phone number, email address, date of birth
Recruitment Information - CV, cover letter, LinkedIn profile (optional), application form responses, qualifications and certificates, references (post-offer), salary expectations
Assessment Data - Interview recordings and notes, test results, assessment scores, feedback from interviewers
Special Categories of Data (optional) - Diversity and inclusion information (age, ethnicity, disability status, sexual orientation, religion), Health information for reasonable adjustments
DBS check (UK only) - basic or enhanced dependant on role
Right to Work eligibility - confirmation on your eligibility to work in the UK, Germany or contracted country as applicable (evidence is requested at point of employment)
Communication Records- Email correspondence
We collect and process your information for the following recruitment purposes:
• Managing the Recruitment Process: Reviewing applications, conducting interviews, assessments and tests, communicating with you about your application, making hiring decisions, conducting reference checks, performing background checks post-offer and pre-employment (where required, such as DBS checks), providing feedback
• Legal Compliance: Conducting right to work checks, performing DBS checks (where required), complying with equality legislation, maintaining records for potential employment tribunal claims
• Reasonable Adjustments: Making necessary adjustments to our recruitment process to ensure accessibility and equal opportunities
• Candidate Leads: We may collect your personal information from third-party sources, such as LinkedIn, to consider you for relevant opportunities. In these instances of indirect collection, we will provide you with our privacy information at the earliest opportunity and, in any event, within 30 days of adding your details to our systems.
• Future Opportunities (Talent Pool): With your consent we retain your CV and contact details on file in our talent pool to inform you about suitable future vacancies. This consent is valid for two years from the date you provide consent, after which we will contact you to request re-consent if you wish to remain in our talent pool. If you do not re-consent, your data will be anonymised. You can withdraw your consent at any time.
We use AI-powered tools to assist our recruitment process, including Ashby (for applicant tracking and CV screening), Brighthire (for interview transcription and analysis), and other AI systems to assist with candidate assessment. These tools help us process applications more efficiently and identify suitable candidates. However, all AI outputs are subject to human review and oversight. Our recruitment team reviews all AI-generated recommendations and makes independent decisions at every stage of the process. We may employ automated checks to pre-screen suitability. Where an applicant is not suitable, an application may be automatically rejected. Applicants can request a human review. Final hiring decisions are made by our recruitment team.
If you have any questions about AI use in your application, please contact our Privacy team at privacy@multiverse.io
We need a lawful reason to collect your personal data. We process your information based on:
• Legitimate Interests: To assess your suitability for the role, manage our recruitment process and to help us better understand, analyse and improve our recruitment processes.
• Legal Obligation: To comply with employment law requirements such as right to work checks
• Consent: Where you have agreed to us processing your data for specific purposes, such as keeping your details for future opportunities
• For candidates applying to Stackfuel (Germany): Section 26(1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) in conjunction with Article 6(1)(b) GDPR for processing necessary to decide on establishing an employment relationship
For Special Categories of Data, we rely on:
• Explicit Consent(Article 9(2)(a) GDPR): Where you have specifically agreed to provide diversity information or health data for reasonable adjustments
• Employment Law Obligations(Article 9(2)(b) GDPR): Where processing is necessary for employment law, social security, and social protection law purposes
• For Germany: Section 26(3) BDSG in conjunction with Article 9(2)(b) GDPR for processing special categories of data necessary for employment purposes
We may share your personal data with:
• Internal Teams: Hiring managers, HR team, interview panel members, and other Multiverse employees involved in the recruitment process
• External Partners: Reference providers and background check agencies (UK only, If an offer is made), assessment providers, recruitment agencies (where applicable)
• Legal Requirements: Regulatory bodies or law enforcement where required by law
Access to your personal data is limited to those who have a need to know the information for recruitment purposes.
We retain your personal data for different periods depending on the outcome of your application:
• Successful Candidates: Your recruitment data will be transferred to your employee file and retained in accordance with our Employee Privacy Notice
• Unsuccessful Candidates: We will retain your data for 2 years after the recruitment process ends to handle any queries or potential employment tribunal claims under UK law or under the German General Equal Treatment Act (AGG) .
If you do not re-consent, your data will be deleted or anonymised.
We will securely delete or anonymise your personal data once the retention period expires, unless we have a legal obligation to retain it longer.
You have various rights regarding your personal data:
• Access: Request a copy of the personal data we hold about you
• Rectification: Ask us to correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Ask us to limit how we use your information
• Objection: Object to our processing of your personal data
• Portability: Request your data in a portable format
• Withdraw Consent: Where we rely on consent, you can withdraw it at any time
To exercise these rights, please contact the Privacy Team at privacy@multiverse.io
We may transfer your personal data to countries outside the UK and European Economic Area (EEA), including to the United States where some of our service providers (processors) are located. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information, including: the Data Privacy Framework, UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses approved by the European Commission, for transfers to countries without an adequacy decision. We rely on the UK adequacy decision for transfers between our UK and EU operations.
For further information, please see our processor list - https://trust.multiverse.io/subprocessors
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. This includes secure storage systems, access controls, and staff training on data protection and information security.
We may update this Candidate Privacy Notice from time to time. Any significant changes will be communicated to active candidates before the changes take effect.
If you have any questions about this notice or how we handle your personal data, please contact:
For Multiverse Group Ltd (UK) -
Data Protection Officer - privacy@multiverse.io
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are concerned about how we process your personal data. Contact details can be found at ico.org.uk.
For Stackfuel GmbH (Germany) -
Data Protection Officer - datenschutz@stackfuel.com
You also have the right to lodge a complaint with the German supervisory authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany.
Controller: The organisation that determines when, why and how to process personal data.
Personal Data: Any information identifying a candidate or information relating to a candidate that we can identify (directly or indirectly) from that data alone or in combination with other identifiers.
Processing: Any activity that involves the use of personal data, including collecting, storing, using, sharing or deleting it.
Special Categories of Personal Data: Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.