Version: August 2021
This Privacy Policy is effective from April 30th 2018. We may change this Privacy Policy at any time and will post the changed policy to this page. This policy is made compliant with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679) and is therefore also compliant with Directive 95/46/EC and national implementations thereof.

      1. Introduction

        1. Talexio Ltd. of Capital Business Centre, Entrance C, level 2, Triq taz-Zwejt, San Gwann, Malta is the data controller for the purpose of the Data Protection Act and the GDPR. This Privacy Policy sets out the way in which Talexio (“we” or “us”), collects and processes Personal Information, as well as the steps we take to protect such information (as defined in paragraph 2 below).
        2. By using the Services, you acknowledge that you have read, and agree to, the terms of this Privacy Policy and that you consent to the use by us, of your Personal Information for the purposes set out in paragraph 4 of this Privacy Policy. If you do not wish to provide your Personal Information on the basis set out in this Privacy Policy, you should not enter the relevant information on the Website or provide any Personal Information to us otherwise. However, if you do not provide Personal Information, you may not be able to use the Services.
        3. Definitions
          1. “You” – The user of the Services.
          2. “Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.
          3. “Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
        4. Principles
          This policy is based on the following principles:
          1. The processing of personal data shall take place in a lawful, fair and transparent way;
          2. The collecting of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
          3. The collecting of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
          4. The personal data shall be accurate and where necessary, kept up to date;
          5. Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
          6. Personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
          7. All personal data shall be kept confidential and stored in a manner that ensures appropriate security;
          8. Personal data shall not be shared with third parties except when necessary in order for them to provide services upon agreement.
      2. The information we collect

        1. We use the information we collect from all of our services to provide, protect, maintain, support, administer and improve our products/services. We collect your Personal Information through the use of online forms, when you email us your details or use our chat functionality. This includes:
          1. Your name and surname;
          2. Company identification;
          3. Designation;
          4. Company e-mail address;
          5. Phone number;
          6. Other supporting information relating to your requirements.
        2. On signing of the Agreement, we collect company and employee related information in order to provide you with the Service. This can include:
          1. Employee personal details
          2. Employee employment details including salaries
          3. Employee bank details
          4. Employee leave information
          5. Employee time & attendance records
          6. Employee training records
          7. Employee performance management records
          8. Payroll information
          9. Company details including bank details
        3. When you visit our website the following information will automatically be processed and this solely for the use of this company:
          1. The requested web page or download;
          2. Whether the request was successful or not;
          3. The date and time when you accessed the site;
          4. The Internet address of the web site or the domain name of the computer from which you accessed the site;
          5. The operating system of the machine running your web browser and the type and version of your web browser.
        4. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user.
        5. The Google Analytics Advertising Feature of Demographics and Interest Reporting has been implemented on This means that Google Analytics will be gathering demographic (ie. age and gender) and user interest category preferences when users visit the website. This information is gathered when users browse Google partner websites, through a Google advertising cookie in the user’s browser. These cookies help to understand the types of pages that users are visiting. Talexio will use demographic and interest category data to create content and services which better target its users and will in no way use this data at the detriment of its users. Should users of would like to opt-out of the Google Analytics Advertising Feature, they can do so from their personal Google Ad Settings, after logging into their Google account, or by downloading the browser extension.
      3. Where do we store your data?

        1. Unless with explicit, prior, written consent, Talexio shall only store Personal Data either within the European Economic Area (EEA) or with subcontractors who are compliant with GDPR.
      4. How we use your Personal Information

        1. Your Personal Information is processed by us to provide you with the Services. In particular, we collect your Personal Information in order to enable us to:
          1. provide personalised and accurate Service to suit the Client;
          2. help us improve the Service we offer;
          3. administer the website;
          4. process quotations or assist in the sales process;
          5. troubleshoot any queries with both the Client and its employees.
        2. We’d like to keep in touch with you about related product or service information, updates pertaining to your order, occasional company news etc. We will never sell your data and we promise to keep your details safe and secure. You will always be provided with an opportunity to opt-out when you receive such information. “We”, refers to Talexio and/or its partner companies, including, Payroll Malta and
      5. To whom we disclose information

        1. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This excludes trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. For a list of subcontractors visit: 
        2. In addition, we may disclose your personal information:
          1. to the extent that we are required to do so by law;
          2. in connection with any legal proceedings or prospective legal proceedings;
          3. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
          4. to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
          5. to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
        3. If at any time you wish us to stop processing your Personal Information for the above purposes, then you must contact us and we will take the appropriate steps to stop doing so. Please note that this may mean that the Service will be discontinued.
      6. Data Subject Rights

        1. We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. Your principal rights under data protection law are:
          1. the right for information;
          2. the right to access;
          3. the right to rectification;
          4. the right to erasure;
          5. the right to restrict processing;
          6. the right to object to processing;
          7. the right to data portability;
          8. the right to complain to a supervisory authority; and
          9. the right to withdraw consent.
      7. Security

        1. We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Integrated steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident. Transferred information is encrypted in transit and, once stored in our servers, is protected by the most up-to-date firewall technology available to protect data from being misused and/or lost. All information gathered is kept confidential and is used solely for the calculation of salary.
        2. If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.
        3. Talexio Security Protocols
          1. Database
            1. Database access; web application has read and write access specifically for individual tables. Fine grained DB privileges. 
            2. Database hosted on Amazon RDS with restricted access by IP Address – only the machines that host the web applications can reach it. This is occasionally opened for access from our offices when we need to deploy / debug an issue.
            3. Database is encrypted at rest using Amazon RDS encryption.
          2. Web Application
            1. Web Application hosted on Amazon RDS with a scalable infrastructure. Security Group only allows access via HTTP and HTTPS, SSH is opened to a specific IP Address only when necessary to deploy/debug by software providers. SSH access requires secure keys only available to Software Provider.
            2. Talexio ensures data is secure and available only based on the business logic. Any changes to the code are reviewed and signed off before release.
            3. Two factor authentication is enabled for Talexio client users.
            4. Talexio ATS – Storage of CVs – Documents are hosted on Amazon S3 Storage. Access only to Web Application based on business logic.
          3. Deployment
            1. Deployments are built into a continuous integration process – changes are automatically deployed when reviewed and approved. This removes any room for human error.
      8. Data Retention & Archiving Policy

        1. We will retain your information for as long as needed to provide you with our services, or to comply with our legal obligations, resolve disputes and enforce our agreements, as follows:
      9. Data Type Retention Policy
        Personal data submitted through the website forms, chat or email 30 days
        Client data and data stored for the client, throughout the provisioning of service Ongoing for the duration of Service
        Automated daily backups of client data 30 days
        Client data and data stored for the client, following termination Up to 30 days following termination of the relationship with Client (Subscription end date)
      10. International Transfers

        1. As part of the services offered to you, the information you provide to us will be transferred to and stored in countries within the European Economic Area (EEA). We will always take reasonable steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with data protection laws.
      11. Changes to this Privacy Policy

        1. Please note that we may amend or revise this Privacy Policy from time to time. Your continued use of this website following any changes signifies that you agree to be bound by such changes. Regular review of this Policy is suggested.
      12. Contacting Us

        1. Please address any questions, comments and requests regarding our data processing practices to