Introduction
This Candidate Privacy Notice (“Notice”) explains how DNEG and its affiliates (referred to as “DNEG”, “Company”, “we”,“us” or “our”) process your Personal Data collected during and after the recruitment process through the Career Portal on our websites or by other means. This Notice applies to the individuals or candidates who apply to an open position with us, who we contact for (through any reference or job portals) or who express interest in employment with us, who attend a recruitment event, or who undergo an interview or assessment with us (“Candidate(s)”), whether for a fulltime or a contractual role, internship or assignment with us. This Notice also describes the rights that Candidates may have in relation to the Personal Data that we process about them. As used in this Notice, “Personal Data” means any information that relates to, identifies, or reasonably could be used to identify an individual, directly or indirectly.
The recruitment process is intended only for individuals who are legally eligible to apply for employment or engagement under applicable laws. In jurisdictions such as India, this generally means individuals who are 18 years of age or older. We do not knowingly collect Personal Data from individuals where prohibited by applicable law.
As a multinational company, DNEG operates in different jurisdictions and has a number of legal entities which are responsible for the Personal Data they collect. The data controller, that decides the purpose of processing, for Personal Data collected during the recruitment process is the DNEG company in your jurisdiction to whom you submit your application. Under the DPDP Act, DNEG acts as a “Data Fiduciary” in relation to Personal Data processed under this Notice.
This notice is subject to local laws and regulations, which may have more restrictive requirements, and where applicable, restrictive rules will take precedence. Where local laws require, DNEG will provide you with additional information. This Notice may also be updated with more specific details as needed.
This Notice does not apply to:
- Personal Data we process about you when you interact with any of our websites, mobile applications, social media pages, or other ways you may interact with DNEG as a user of our products and services. In such cases, Privacy Notice posted on the respective platform/website will apply.
- Personal Data we process about you when you successfully join us as an employee and our Employee Privacy Notice will apply.
Upon successful completion of the recruitment process, if you are offered a role and you accept the offer, the Personal Data collected during the recruitment process will become part of your employee file and will be governed by the Employee Privacy Notice. You can access a copy of the Employee Privacy Notice when you onboard as an employee.
Types of information we process and where it comes from
We collect various categories of Personal Data in connection with your application during the recruitment process for reasons including, but not limited to, evaluating your suitability for the role. The categories of Personal Data processed may vary depending on the role applied for, stage of recruitment, applicable legal requirements, and whether an offer of employment is made.
Source of Personal Data: We may collect Personal Data directly from you or other sources, in accordance with applicable laws:
| Source of Information | What It Means |
|---|---|
| Directly from You or Your Use of our Career Portal | Information you provide yourself when applying or using our career portal on our website(s). |
| From Referrers, Referees, or Past Employers | Information shared by people who referred you, gave you a reference, or worked with you before. |
| From Our Recruiters, Executive Search Agencies or Other Representatives | Details gathered during conversations with DNEG staff, or from internet searches and public profiles (like LinkedIn) that show information you've made publicly available about yourself. |
| From Third-Party Recruiters or Agencies | Information shared by external recruiting or staffing agencies hired by DNEG to assist with hiring. |
| From Background Checks (if applicable) | Where permitted by law, we or our authorized third-party vendor may perform a pre-employment background screening. Such checks are performed in compliance with applicable laws and with your prior explicit consent. We will share more information about the nature of such a background check before it begins. |
Types of Personal Data: The kind of information we may hold includes, where applicable:
| Category | Summary |
|---|---|
| Candidate’s Data | Name, contact details, next of kin, marital status, gender, DOB. |
| Financial & Benefit Data | Salary, bonus, bank details, tax and NI info, payroll, health insurance, pensions, dependents, business travel, expenses, corporate card use, educational sponsorships. |
| Recruitment Data | Application and CV details, resume, cover letter, test results, work eligibility documents, references, dependent info, citizenship, immigration information, visa details, proof of vaccination. |
| Employment Records | Job titles, hierarchy, work history, professional qualifications, performance information, contracts, skills, training, signatures. |
| Education Information | Academic degrees, professional qualifications, certifications, training courses, publications, and transcript information. |
| System & Access Data | User IDs, passwords, IP logs, access records to DNEG career portal. |
| Identification Proof | Government issued ID proof including SSN, Passport Number, etc. |
| Sensitive Data | Race or ethnic origin (optional), ethnicity (optional), political/religious views (optional), sexual orientation (optional), union membership (optional), criminal data, medical conditions (optional), military or veteran status (optional), and disability (optional), typically collected directly from you with stated purpose. Provision of such information is voluntary unless required by applicable law or necessary for specific recruitment-related purposes permitted under law. |
| CCTV & Access Info | Audio, electronic, visual, or other sensory information, such as CCTV footage at DNEG physical office locations, badge entry and exit information (including badge photo), and interview recordings (where permissible). |
| Other Information | Any other Personal Data you voluntarily choose to provide in connection with your job application, and not explicitly asked by DNEG. |
How we use your information
We may process your Personal Data for the following purposes and based on the below mentioned specific legal bases.
The legal bases identified below are intended to reflect requirements under applicable global privacy laws. For Candidates located in India, processing of Personal Data may be based on consent or other legitimate uses permitted under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), including recruitment and employment-related purposes where applicable.
| Purpose of Processing | Activities | Legal Basis |
|---|---|---|
| Recruitment Purposes | To evaluate your suitability for the role, to make hiring decisions (i.e. evaluating your candidacy) and communicating with you about the hiring process. Where legally permissible to do so, we may contact you about positions at DNEG for which you may be a fit. | Legitimate interests; Consent |
| Verifying eligibility to work (excluding background checks) | To verify your eligibility to work prior to entering in an employment contract with you, where you are considered for employment. | Legitimate interests |
| Corporate Communications | To send you communications about DNEG job postings, careers fairs, newsletters, and related corporate communications. | Consent |
| Communications regarding your job application | To send you communications about your job application and responding to your queries. | Legitimate interest |
| Events | To inform you about recruitment events in which you choose to participate. For instance, career fairs or university/nonprofit recruitment events. | Consent |
| Accomodation | Where required, to provide accommodations requested for physical or mental conditions during the recruitment process. | Legal obligations |
| Compliances | For the purpose of equal opportunities monitoring, compliance with anti-discrimination laws, or government-reporting obligations. | Legal obligations |
| Contract | To enter into a contract with you are a party or to take steps at your request prior to entering into a contract. For instance, to take steps prior to entering an employment contract with you. | Contract |
| Enhance Operations | To improve our recruitment process and perform analytics on recruitment data. | Legitimate interests |
| Referral | To fulfill a referral request when you are referred for a role with DNEG by our employee. | Legitimate interests |
| Voluntarily provided data | Where you have voluntarily agreed to have your Personal Data processed. | Consent |
| Security | To protect the safety, security, and integrity of our data and technology assets; and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity. To protect your vital interests and those of another person. | Legitimate interests; Vital interests |
How we disclose your information
During the recruitment process, we may share your Personal Data with internal teams involved in the hiring process, such as human resources, hiring managers and interviewers. We may share your Personal Data with trusted third-parties supporting our recruitment activities, including external recruitment agencies, external consultants, background screening providers and technology service providers that may host or manage our career portal.
To comply with applicable laws and regulations, we may share your Personal Data with government authorities or regulators, and where required to comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant.
If the role applied for requires working with or for one of our clients, we may share relevant information with them, where appropriate.
In all cases, we ensure that such disclosures are limited to what is necessary, and that appropriate safeguards are in place to protect your Personal Data.
International data transfers
Due to our global presence and operations, your Personal Data may be shared, disclosed and transferred between the DNEG entities and third parties where such transfers are required for legitimate business reasons. These companies or third parties may be based in countries outside your country of residence and may not have the same level of protection as in your country. As data protection laws vary across jurisdictions, we take appropriate steps to protect your Personal Data.
Where your Personal Data is transferred internationally, to recipients located in countries that are not recognized as providing an adequate level of data protection under applicable laws, we implement appropriate safeguards to ensure such transfers comply with applicable legal requirements and include necessary safeguards to maintain its security and confidentiality. These measures include:
| Measure | Description |
|---|---|
| Standard Contractual Clauses (SCCs) | Use of SCCs or other approved terms to ensure recipients protect Personal Data to standards equivalent to applicable data protection laws. |
| Data Transfer Agreements | Contracts specifically designed to comply with legal requirements of the jurisdictions involved in the transfer. |
| Technical Safeguards | Security measures such as encryption and access controls to protect data during transfer and storage. |
| Organizational Safeguards | Internal controls like access restrictions, employee training, and confidentiality obligations to prevent unauthorized access or misuse of data. |
| Photographs and videos | Images or recordings captured at our events, studios, or in connection with our services. |
| Due Diligence Assessments | Evaluations of the recipient's data protection policies and the local legal environment before initiating the transfer. |
| Ongoing Monitoring and Reviews | Regular checks to ensure the recipient continues to comply with agreed data protection measures after the transfer. |
How we protect your information
DNEG implements a range of robust technical, organizational, and administrative safeguards to protect your Personal Data against unauthorized access, use, disclosure, alteration, or destruction. Access to Personal Data is strictly limited to authorized personnel who have a legitimate business need and are trained in secure data handling practices.
While we are committed to ensuring the security of your Personal Data, please note that no method of transmission over the internet is completely secure. Information transmitted electronically and outside our controlled systems may carry inherent risks. As such, any transmission of Personal Data via online means is undertaken at your own discretion and risk.
How long we keep your information
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and business requirements. The retention periods vary depending on the type of data and its intended use, and the retention decisions are guided by legal obligations, business needs and data minimization principles. All data is securely stored and, once no longer required, is securely deleted or anonymized.
The table below outlines the general retention practices followed by DNEG and is applicable for both successful and unsuccessful candidates, unless explicitly mentioned.
| Category | Retention Period | Purpose / Notes |
|---|---|---|
| Application Data | Up to 2 years from the end of the recruitment process | To assess suitability for the role, and for future job opportunities if legally permissible. |
| Interview and Assessment Data | Up to 1 year from the end of the recruitment process | To evaluate candidate performance and support hiring decisions. |
| Background Check Information (where applicable) | Retained only as long as necessary to make a hiring decision or as required by law | To verify identity, employment history, and compliance with legal or client requirements. |
| Communication Records | Up to 1 year from last contact | To manage communication during the recruitment process and respond to queries or complaints. |
| Equal Opportunity and Diversity Data | Retained only in aggregated or anonymized form after recruitment is complete | To monitor and report on equal opportunity and diversity efforts, where legally required. |
| Job Portal Account Information | Until the candidate deletes their account or after 2 years of inactivity | To verify credentials or obtain feedback from references. |
| Referral or Reference Information | Retained only as long as necessary for verification purposes | To allow candidates to manage their applications and preferences. |
Keeping your data up to date and your rights
You may have certain rights in relation to your Personal Data, and we will honor these rights to the extent required by applicable law.
You can make the following requests in relation to your Personal Data:
-
Right to Access: You have the right to request a copy of the Personal Data we hold about you and to confirm that we are processing it lawfully (commonly known as a "subject access request").
-
Right to Rectification: You have the right to ask us to correct any incomplete or inaccurate Personal Data we hold about you.
-
Right to Erasure (Right to be Forgotten): You have the right to ask us to delete or remove your Personal Data. This right also applies if you have successfully exercised your right to object to processing (see below).
-
Right to Object: Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
-
Right to Restrict Processing: You have the right to ask us to suspend the processing of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it.
-
Right to Data Portability: You have the right to request the transfer of your Personal Data to anothe party, where technically feasible.
-
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority or data protection board, where applicable, in the country where you reside.
-
Right to Withdraw Consent: Where we rely on your consent to process your Personal Data, you may withdraw such consent at any time by contacting us using the details provided in this Notice. Withdrawal of consent will not affect processing already undertaken prior to such withdrawal.
If you want to exercise any of your rights, please contact your Local HR Team or the DPO at dpo@dneg.com.
We may verify your identity and the information in your request before responding, and may ask for additional information to validate your identity.
We won't discriminate against you for exercising your rights and please note that some of these rights are not absolute. We respond to all requests to exercise these rights in line with applicable data protection laws. However, we may deny or limit your request if it would infringe on another person's rights or as otherwise allowed by law. We will keep you informed as to the actions that we can take when you make your request.
Jurisdiction-specific privacy rights
Since we have global operations, this section ensures compliance with local privacy regulations and helps Candidates understand their rights clearly based on where they are located and to the location they are applying for, in addition to the rights mentioned above.
| Jurisdiction | Rights |
|---|---|
| EU | Right to data portability applies specifically and in structured, machine-readable format. Right to lodge a complaint with your national data protection authority. |
| UK | Right to contact the Information Commissioner’s Office (ICO) to lodge a complaint. You can lodge a complaint with ICO. |
| Australia | Right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Cross-border disclosures must comply with APP 8, ensuring comparable data protections unless an exception applies. |
| California (US) | Right to know the categories and specific pieces of personal information collected, and the purposes for collection. Right to limit use of sensitive personal information. No retaliation for exercising rights (CPRA). We do not sell or share your personal information. |
| India | TRight to contact a designated Grievance Officer for complaints or concerns. Under the DPDP Act, 2023, certain processing activities may be undertaken for purposes permitted under applicable law, including recruitment-related activities, verification of information provided by candidates, protection of the employer from liability, or provision of services requested by the Candidate. Candidates may also have the right to withdraw consent and nominate another individual to exercise their rights in accordance with applicable law. |
| Canada (Federal Law,PIPEDA) | Right to withdraw consent, subject to legal or contractual restrictions. Right to complain to the Office of the Privacy Commissioner of Canada (OPC). |
| Canada (Québec) | Enhanced transparency obligations under Law 25, including rights related to automated decision-making and profiling. Right to be informed of data use by third parties. Right to withdraw consent, unless processing is legally required. |
| Canada (British Columbia) | Transfers are carried out in accordance with applicable local privacy laws and regulatory requirements, including contractual obligations, consent, or other appropriate measures. |
Duties or obligations for Candidates as data principals under India’s DPDP Act
While this Privacy Notice outlines your rights concerning your Personal Data and our obligations in handling it, it is equally important to understand your responsibilities as a data subject. This section is applicable to Candidates in India per applicability of India’s DPDP Act which specifically enumerates duties of data subjects.
- Refrain from impersonating another person while providing Personal Data;
- Not suppress material information or provide false or misleading information when requested lawfully;
- Comply with applicable provisions of the DPDP Act and any rules made under it.
Candidates are expected to provide accurate and authentic information and comply with applicable legal requirements. We encourage all Candidates to ensure the accuracy and honesty of the Personal Data they provide.
Contact Us
If you have any queries or comments about this Notice, please contact us at dataprivacy@dneg.com or the Data Protection Officer by email on dpo@dneg.com.
Complaints
If you wish to make a complaint about how we use your information, please contact DNEG’s Data Protection Officer via email at dpo@dneg.com. We will review and respond to grievances and complaints within timelines required under applicable law.
Depending on where you are based, if you're still unhappy, you may also be able to contact your Data Protection Authority as follows:
| Region/Country | Data Protection Authority (DPA) | Contact Guidance and Link to their website |
|---|---|---|
| UK | Information Commissioner’s Office (ICO) | ico.org.uk |
| EU (General) | Your national DPA (via European Data Protection Board) | Contact the DPA in your EU Member State of habitual residence, place of work, or where the alleged infringement occurred. See full list on the EDPB website. |
| Bulgaria | Commission for Personal Data Protection | cpdp.bg |
| Spain | Agencia Española de Protección de Datos (AEPD) | aepd.es |
| Hungary | Hungarian National Authority for Data Protection and Freedom of Information | naih.hu |
| Australia | Office of the Australian Information Commissioner (OAIC) | oaic.gov.au |
| California (US) | California Privacy Protection Agency (CPPA) | cppa.ca.gov This agency handles enforcement of CPRA. |
| India | Data Protection Board | Official website pending rollout under DPDP Act. Contact DPO for assistance. |
| Canada (Federal) | Office of the Privacy Commissioner of Canada (OPC) | priv.gc.ca |
| Canada (British Columbia) | Office of the Information and Privacy Commissioner for BC | oipc.bc.ca |
Changes to this Notice
We reserve the right to modify this Notice whenever necessary. All updates will be published on our career page, so it's important to review the Notice before submitting your Personal Data. We'll highlight any major changes on our career page.
Version Control
| Version & Effective Date | Changes |
|---|---|
| 1.0 Dated 10 August, 2025 | Initial Version |
| 2.0 Dated 29 April, 2026 | Enhanced global privacy compliance disclosures, including updates relating to India DPDP Act requirements and candidate rights. |
This Candidate Privacy Notice was last updated on 29 April 2026.