/Legal

Last updated: 2026-05-11

Your rights as a data subject

The GDPR and Spain's LOPDGDD grant you a set of rights over your personal data. Mainder, acting as Data Processor, facilitates the exercise of these rights together with the Data Controller (the contracting company you applied to or that runs the process).

Rights you can exercise

  • Access (Art. 15 GDPR) — request confirmation of whether we process your data and obtain a copy.
  • Rectification (Art. 16 GDPR) — correct inaccurate data or complete incomplete data.
  • Erasure (right to be forgotten) (Art. 17 GDPR) — request deletion when the data are no longer necessary or you withdraw your consent.
  • Restriction of processing (Art. 18 GDPR) — request a pause on processing while a rectification or objection is resolved.
  • Portability (Art. 20 GDPR) — receive your data in a structured, commonly used format to transmit them to another controller.
  • Objection (Art. 21 GDPR) — object to processing based on legitimate interest, including profiling.
  • Automated decisions (Art. 22 GDPR) — request human intervention, express your point of view, contest the decision, and obtain understandable information about the logic applied.
  • Complaint before the supervisory authority lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing does not comply with the law.

How to exercise your rights

You can exercise any of these rights by writing to privacy@mainder.ai or directly to the Data Controller (the contracting company). To speed up the response, clearly indicate the right you want to exercise and attach an identification document if needed to verify your identity.

Request template

Subject: Exercise of right [access / rectification / erasure / restriction / portability / objection / automated decisions]

Requester details:
- Full name: [...]
- ID / passport: [...] (attach copy)
- Email: [...]

I hereby exercise my right of [right] over the personal data that Mainder and/or [customer company] processes about me in the context of the recruitment process [reference if applicable].

[Additional detail if applicable]

I look forward to your response within the legal deadline of one month (Art. 12 GDPR).

Best regards,
[Name]
[Date]

Response timeline

Mainder responds to your request within a maximum of one month from receipt (Art. 12.3 GDPR). This period may be extended by up to two additional months for complex or high-volume requests; in that case we will inform you of the reason within the first month. Internally we operate to a 15-day SLA to avoid exhausting the legal deadline.

Identity verification

To prevent unauthorized access to your data, we may ask for additional documentation to verify your identity before processing the request (Art. 12.6 GDPR). If you submit the request on behalf of another person, we will require explicit authorization and a copy of the data subject's identification document.

Contact

For any questions about your rights or about the processing of your data by Mainder, write to privacy@mainder.ai.

Your rights as a data subject — Mainder