Privacy Policy

About this Policy

Here at Madgex, we are committed to protecting the privacy and security of your personal information. This policy explains what we collect, how and why we collect it, how we use it and how it is protected.

This policy was last updated on May 24th 2018. We may change the policy from time to time so please revisit this page to ensure you’re still happy.

Who we are

We’re Madgex, the market-leading career technology and solutions provider and we’re formed of Madgex Ltd operating from the UK and Toronto and Madgex Inc operating from the USA.

Under the terms of GDPR for the purposes of general sales and marketing, Madgex Ltd acts as the ‘Data Controller’, the company which manages and decides why and how your personal information is processed. This Privacy Policy sets out how we manage and protect that data.

How do we collect information from you?

The information you provide voluntarily

We collect the information you give to us when you visit and provide your details via our online forms, including credentials to access third party sites (Dropbox, OneDrive and Google Drive) with your permission through the use of cookies. See the sections on cookies below for more details.

What information are we collecting?

You’ll see when you complete one of the forms on our website that we’re asking for your credentials for access to cloud-based third-party storage platforms, specifically Dropbox, OneDrive and/or Google Drive on your behalf.

How do we use that information?

We use the information you provide to enable you to easily access cloud-based third-party storage platforms, specifically Dropbox, OneDrive and/or Google Drive, in order to then allow you to select file(s) which may then be uploaded to our platform at your request.

If you have expressly agreed to our use of your personal information, the lawful basis of our processing of your information will be consent, unless one of the above also applies.

If you have any questions about the lawful basis on which we are processing your personal data, please contact us.

Will we ever share your information?

Sharing with third parties

We may need to disclose your personal information to third parties (provided that they are bound by appropriate obligations to safeguard your information) as follows:

We will not share your personal information with third parties for the purposes of further marketing. We’re good like that.

Where are we storing your data?

Our main hosting data centres are located in the EEA, currently in London (UK) and [other hosting regions].

Transfers to third countries and safeguards

We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in other countries. We do not transfer any data to third counties or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognized legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).

Any international transfers of your personal information will also be subject to binding privacy and confidentiality terms enabling us to ensure compliance with this Privacy Policy.

How do we protect your information?

We take Data Security very seriously, in fact, we pride ourselves on it.

We restrict access to personal information to our employees, contractors and agents on a need-to-know basis and ensure that they are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet those obligations.

We will only ever work with trusted third parties having first completed due diligence to ensure they also enforce an adequate level of data security to protect your information.

We have multiple layers of security in place to protect the security of our clients and their clients’ information. Details of these measures may be provided upon request.

How long do we hold your information for?

We will endeavor not to keep your personal information for longer than necessary. We will delete your data on request, according to the Erasure section below. Subject to this, your information is retained and deleted as follows:

What are your rights?

We regard the principles of GDPR as the gold standard in Data Protection and therefore will extend the rights outlined below to all our global contacts, regardless of whether you’re within the territorial scope of GDPR.

You have several rights as a data subject as summarised below:


You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others.


We will rectify any errors in the personal information we hold on request.


In addition to any Madgex functionality that enables you to delete information, you may ask us to erase your personal information from our systems in the following situations:


Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.

Data portability:

You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.

Right to object:

In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical research purposes.

Automated individual decision making:

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.

How can I exercise my rights?

If you would like to exercise any of these rights, please email, call or write to us using the contact details below.

We will require additional information from you so that we can correctly verify your identity.

For more information about the circumstances in which these data subject rights apply, see the guidance provided by your local regulatory authority, for example in the UK;

Complaining to the regulator

We hope we can help you to resolve any query or concern you have over the use of your information, however the General Data Protection Regulation also gives you the right to make a complaint with your local supervisory authority where any alleged infringement of data protection law has occurred.

The supervisory authority within the UK is the Information Commissioner who may be contacted at or telephone at 0303 123 1113 or other channels as updated at

What happens if a data breach occurs?

Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.

In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorized access to information.

If we believe that our data has been compromised, we will report the issue to the Information Commissioner's Office (ICO).

We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.


On we use cookies to store information to improve the functionality of the website and allow us to understand you as our audience. The majority of our cookies are ‘first party cookies’ which means we set them ourselves.

The types of cookies we use on the site are:

Essential cookies

These are important to make the website function properly and aren’t involved in tracking. These allow us to ensure our web servers can scale and serve you with the content in an efficient manner.

Managing cookies

Some people find the idea of a website storing information on their computer or mobile device intrusive. If preferred, it is possible to block some or all cookies or even to delete cookies but, as we’ve explained above, cookies help you to get the most out of our website. Blocking or removing cookies may have a negative effect on the user experience of the site.

If you don’t want to receive cookies, you can modify your browser, so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set. This can be done through your browser settings. The Help function within your browser should tell you how.

If you do wish to disable cookies, you can find information on how to do this with your browser here.

Madgex as data processor

This Privacy Policy applies where Madgex is deemed the ‘data controller’ of personal information i.e. where we exercise control over the data processing, decide what personal information to collect, how to process it and for what purposes. In some situations, we may be deemed under applicable law to be your ‘data processor’ e.g. under a Madgex SaaS Agreement i.e. where we process personal information controlled by you, on your behalf. In those situations, our Data Processor Terms shall apply to our processing activities.

Changes to this Policy

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.

We may also notify you in other ways from time to time about the processing of your personal information.

Our details

Please contact us if you have any questions regarding this privacy notice or the information we hold about you.

You can send us an email at, or visit our Contact page for your relevant local mailing address and contact phone numbers.

Our Data Protection Officer services are provided by Advent-IM, Unit 5, Coombswood Court, Steelpark Rd, West Midlands, UK B62 8BF.