Recruitment Privacy

This Recruitment Privacy Notice explains how Delian Alliance Industries Group (“Delian”, “we”, “us”) collects, uses, and shares personal data about you when you apply for a role with us or otherwise participate in our recruitment process.

This notice applies in Greece under the EU GDPR and in the United Kingdom under the UK GDPR.

1. Who controls your personal data

Delian Alliance Industries operates through entities established in Greece and the United Kingdom. The relevant Delian entity will act as the controller depending on the position and employing organization.

Details of Delian Alliance Industries GR SMPC
Registration Nr: 160907701000 (ΓΕΜΗ)
VAT Nr: (EL) 801654449
148A Lavriou Ave
19002 Paiania, Attika, Greece
Τel: (+30) 2160037848

Details of Delian Alliance Industries UK Ltd
Company number 15897040
Arquen House, 4-6 Spicer Street 
St. Albans, United Kingdom, AL3 4PQ
Τel: (+44) 7521057834

Delian operates through Greek and UK entities (mentioned above) that share a common applicant tracking system (ATS) hosted on sovereign infrastructure within the EU/UK (as applicable to the employing entity). Candidate personal data is not transferred to, or accessible from, jurisdictions outside the EEA or the UK except under an adequacy decision or Standard Contractual Clauses supplemented by appropriate Transfer Impact Assessments. For roles subject to national security vetting, export controls, or classified information handling, candidate data is segregated into a restricted vetting environment accessible only to designated security controllers on a strict ‘need-to-know’ basis, logically and physically separated from general HR processes. Candidate data will not be stored on, or processed by, cloud services subject to foreign extraterritorial access laws (including but not limited to the US CLOUD Act, FISA §702, or equivalent third-country regimes) where such access would conflict with our obligations under UK/EU law or contractual commitments to government customers.

If you have questions, you may contact: careers@delian.ai.

2. Personal data we collect

We apply a two-stage data minimisation model. At the application stage, we collect only the data necessary to assess suitability and eligibility. Additional categories are collected only at the conditional offer / vetting stage, and only where required for the specific role.

Stage 1 — Application Stage (all candidates):

  • Identification data (name, date of birth)

  • Contact and administrative information (phone, email, location, LinkedIn)

  • CV, employment history, education, qualifications, shared projects

  • Citizenship and nationality information (including dual/multiple nationalities and any previous nationalities), including information relevant to immigration status; (if applicable)

  • Data of responses in application screening questions (where applicable)

  • Skills, professional experience, languages

  • Responses to application screening questions

  • Confirmation of right to work in the relevant jurisdiction (yes/no)

  • Confirmation of eligibility and willingness to undergo security vetting where required for the role (yes/no)

  • Notice period and availability to join and potential conflicts

  • Notes of interviews and any other communication with you throughout the recruitment process

  • Notes of assessments or test results (where applicable)

  • Military service status, including whether mandatory service obligations have been fulfilled, where relevant to the role (if applicable)

Stage 2 — Conditional Offer / Vetting Stage (successful candidates, where applicable):

  • Passport and identity document data

  • Residency history

  • Reference information from referees you nominate

  • Background screening information 

  • Security clearance information, including whether you hold an existing security clearance, are eligible to obtain one, or are willing to undergo a clearance process, where required for the position 

  • Any other information specifically required by the applicable national/international security vetting authority (e.g. UKSV, NATO, customer-mandated clearance schemes)

  • Any other information you choose to provide during the process and might be relevant to the recruitment process

Stage 2 data is processed in a segregated vetting environment by designated controllers only.

Data Provision

Providing Stage 1 application data is a precondition to our consideration of your application; without it we cannot proceed. For roles involving access to classified information, controlled goods or technology (including items subject to ITAR, EAR, the UK Export Control Order 2008, or EU Dual-Use Regulation 2021/821), or secure facilities, the provision of Stage 2 vetting data is a legal and contractual obligation. Inability or unwillingness to provide such data, or to undergo the relevant national security vetting, will result in our inability to progress or maintain an offer for the specific role, but will not affect your eligibility for non-controlled positions where you otherwise qualify.

3. How we collect personal data

We may collect personal data from:

  • you directly (applications, interviews, communications)

  • our recruitment systems, including our applicant tracking system

  • recruitment agencies or platforms you use, where applicable

  • publicly available professional sources, where relevant 

  • authorised third-party background screening providers, where role-specific checks are required and permitted under applicable law.

4. How we use your personal data

We process applicant personal data to:

  • assess your suitability for employment or engagement

  • manage recruitment activities, including interviews and selection

  • communicate with you regarding your application

  • verify information and meet eligibility requirements

  • comply with applicable legal, regulatory, and governance obligations

  • maintain recruitment records and manage hiring processes

  • improve our recruitment practices and candidate experience

Where appropriate, we may also retain candidate information for consideration for future opportunities through a Talent Pool (see section 8).

5. Legal bases for processing

  • We process personal data on the following legal bases, as applicable to the relevant data category and recruitment stage: Our legitimate interests in operating an effective, fair, and secure recruitment process, assessing candidate suitability, and protecting our facilities and information and our business and operational requirements;

  • Taking steps prior to entering into an employment contract (pre-contractual measures) (Article 6(1)(b) GDPR / UK GDPR), for the core assessment of your application, interviews, and offer process, including evaluating applications, conducting interviews, and assessing eligibility for roles;

  • Compliance with legal obligations (Article 6(1)(c)), including obligations relating to employment law, immigration and right-to-work requirements, applicable equality legislation, and, where relevant, compliance with EU and/or UK sanctions and regulatory frameworks. This includes data comparison (screenings) with official sanctions and anti-terror lists (e.g. in accordance with EU Regulations No. 2580/2001 and 881/2002): as a company, we are required by European and national regulations to perform certain screenings. Persons and organizations listed on those lists may not be provided with funds (prohibition of provision). For this reason, we are obliged to compare the names of our applicants with the official sanction and terror lists.

  • Role-specific compliance and security requirements, where processing is necessary to determine eligibility for positions involving access to controlled facilities, international mobility, or sensitive information, including processing of citizenship, nationality, military service, and security clearance information, as applicable under Articles 6(1)(b), 6(1)(c), and/or 6(1)(f);

  • Recognised Legitimate Interests (Article 6(1)(ea) UK GDPR, as amended by the Data (Use and Access) Act 2025) — UK candidates only: for processing necessary to safeguard national security, public security, and defence, as expressly recognised by Schedule 4 of the Act.

  • Article 10 EU/UK GDPR (criminal convictions and offences data): processed only under the control of official authority (via accredited vetting providers) and only where a lawful basis under the DPA 2018 or Greek Law 4624/2019 applies.

  • Consent, where required for specific optional processing activities (for example, retention in a talent pool beyond the necessary recruitment period). Where we rely on consent, it may be withdrawn at any time.

6. How we share personal data

Internal access is governed by the “need-to-know” principle. General recruitment data is accessible to:

  • Delian recruitment and HR team

  • hiring managers and interviewers involved in the recruitment process

  • service providers supporting recruitment operations (such as applicant tracking and assessment providers)

  • professional advisers, auditors, or consultants where necessary

Stage 2 data, are accessible only to designated, named controllers and/or to public authorities or regulators where required by law. We do not sell applicant personal data.

7. Data Retention

We retain applicant personal data only for as long as necessary for recruitment purposes, including:

  • making hiring decisions

  • maintaining appropriate recruitment records

  • complying with applicable legal and regulatory obligations;

  • establishing, exercising, or defending legal claims.

Where an employment relationship does not materialise, we may retain your personal data for a 12 months period following completion of the recruitment process in order to:

  • consider you for the same or similar roles; and

  • establish, exercise or defend against potential legal claims arising from the recruitment process.

The applicable retention period is determined in accordance with relevant limitation periods and regulatory requirements under applicable EU and UK law.

The retention period generally begins upon completion of the individual recruitment process, including rejection, withdrawal of the application, or acceptance of an offer.

If an employment relationship is established, relevant application data may be transferred, in whole or in part, to your personnel file and retained in accordance with our internal policies. 

Where the role required security vetting and vetting was commenced, vetting records are retained for the period required by the applicable national vetting authority (typically for the life of any clearance issued, plus the statutorily mandated post-clearance retention period) and are not subject to standard recruitment retention periods. Sanctions screening records are retained for the period required by applicable sanctions regulations.

8. Inclusion in the Talent Pool

Where appropriate, you may be offered the opportunity to be included in our Talent Pool. The Talent Pool is a database through which we retain applicant information in order to consider candidates for future suitable opportunities within Delian Alliance Industries.

Inclusion in the Talent Pool is voluntary and, where required under applicable law, based on your consent (Article 6(1)(a) GDPR / UK GDPR). You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

Where candidates are included in the Talent Pool:

  • their data will be retained in accordance with the principles described in the previous section, for successive 12-month retention periods, subject to renewal of consent, as described below:

  • we may periodically seek confirmation that you wish to remain in the Talent Pool. We will generally request renewal of your consent approximately 30 days before the applicable retention period expires.

If you withdraw consent or do not confirm continued interest where requested, we will remove your profile and delete your data in accordance with our retention policy, unless we are required to retain certain information for legal reasons.

9. Your rights

Under the EU General Data Protection Regulation (“EU GDPR”) and the UK General Data Protection Regulation (“UK GDPR”), you have certain rights in relation to your personal data, subject to applicable legal conditions and limitations.

These rights include:

  • Right of access (Article 15 EU GDPR / UK GDPR)

You have the right to request confirmation as to whether we process your personal data and, where that is the case, to request access to that data and related information in accordance with applicable law.

  • Right to rectification (Article 16)

You have the right to request that inaccurate personal data concerning you be corrected and incomplete data be completed.

  • Right to erasure (“right to be forgotten”) (Article 17)

You have the right, in certain circumstances, to request the deletion of your personal data. This right may be subject to limitations where we are required to retain information for legal reasons or where further processing is otherwise lawful.

  • Right to restriction of processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances.

  • Right to data portability (Article 20)

Where processing is based on consent or on steps prior to entering into a contract and is carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.

  • Right to object (Article 21)

Where we process personal data based on our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms or where processing is required for the establishment, exercise, or defence of legal claims.

Where personal data is processed for direct marketing purposes (which is not typically the case in recruitment), you have the right to object at any time to such processing.

  • Right to withdraw consent (Article 7(3))

Where we rely on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

In order to exercise your rights, you may contact careers@delian.ai

  • Right to lodge a complaint with a supervisory authority (Article 77 EU GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent data protection supervisory authority if you consider that the processing of your personal data infringes applicable data protection law.

Restrictions applicable to national security and defence processing: Where processing is carried out for national security, defence, or public security purposes, certain rights set out above may be restricted in accordance with Article 23 EU GDPR and applicable national security exemptions. 

10. Updates

We reserve the right to update this notice from time to time. The latest version will always be made available at our website. Where necessary and possible, we will inform you if any changes require your involvement (e.g. renewed consent).