Privacy Policy

Talent Atrium is a structured candidate evaluation platform that sits between job applicants and recruiters. This Privacy Policy explains how we collect, use, store, and delete personal data when you use the platform.

References to "we", "us", or "the platform" mean Talent Atrium. References to "you" mean any person who uses the platform as a candidate, recruiter, or visitor.

Talent Atrium acts as the data controller for personal data collected through the platform. Where we engage third-party processors (including AI processing services and infrastructure providers) we have entered into appropriate data processing agreements with those parties.

We process personal data on the following lawful bases under applicable data protection law:

Contract: Processing necessary to provide the service you have requested, including candidate evaluation and recruiter vacancy management.

Legitimate interests: Processing necessary for platform security, fraud prevention, and operational improvement where these interests are not overridden by your rights.

Legal obligation: Processing required to comply with applicable law, including responding to regulatory requests.

Consent: Where we rely on consent (for example, behavioural assessment data), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.

We do not use your data for advertising, profiling for unrelated purposes, or sale to third parties.

We collect the following categories of personal data:

From candidates: - Name, email address, and account credentials on registration - CV content uploaded during profile setup (parsed into a structured profile), including employment history, education, skills, and dates - Behavioural assessment responses and results - Application history and status - Notice period and salary expectations provided as part of an application

From recruiters: - Name, email address, and account credentials on registration - Vacancy details created on the platform - Evaluation and shortlisting decisions

From all users: - Session and authentication data - Basic usage and navigation data to support platform operation - Audit and system logs required for platform integrity and legal compliance

The platform uses AI to assist with evaluation. Specifically, AI is used to:

- Parse CV content into structured fields - Interpret candidate profiles against vacancy criteria and produce compatibility scores - Generate written compatibility and feedback reports - Interpret behavioural assessment responses and produce plain-language reports

AI processing uses structured candidate data. Candidate information is passed to our AI processing provider (OpenAI API) under a data processing agreement. The AI provider does not retain data for training on the basis of this processing.

Under Article 22 of the UK GDPR and equivalent regulations, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Talent Atrium is designed so that all shortlisting, rejection, and hiring decisions are made by a human recruiter. AI scores and reports are decision-support tools, not binding outcomes. If you have questions about how AI evaluation applied to your specific application, see the Candidate Rights page or contact us directly.

Application data and candidate profile data (CVs, evaluation results, compatibility reports, structured profile, and behavioural assessment results) are retained for 12 months from the date of the relevant application or last platform activity. Two weeks before deletion, you will receive a notification and the option to keep your data for longer. You can delete or update your data at any time from your candidate portal. You may delete your account and all associated data at any time from your candidate portal.

Recruiter account data is retained for as long as the account remains active.

Audit and system logs required for platform integrity and regulatory compliance are retained for a period of up to four years from the date of creation. These logs do not contain CV content or evaluation report text. Retention of these logs may be required under applicable law including US state AI employment law (California FEHA, Colorado SB24-205) and cannot be reduced in response to an individual deletion request.

Full details are set out in our Data Retention Policy.

We do not sell personal data. We do not share personal data with third parties except in the following circumstances:

- With AI processing services (OpenAI API) for the purpose of CV parsing, evaluation, and report generation. Data transmitted for this purpose is processed under a data processing agreement and is not used for AI training without explicit consent. - With hosting and infrastructure providers (Vercel, Supabase) as necessary to operate the platform. - With regulators, law enforcement, or other authorities where required by law or in response to a lawful request.

Where data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including standard contractual clauses where required.

You have the right to:

- Access the personal data we hold about you - Correct inaccurate data - Request deletion of your data - Withdraw consent at any time - Object to processing - Data portability - Request a meaningful explanation of any AI-assisted evaluation and how it applied to your profile - Request human review of a decision where you believe an error has occurred

To exercise any of these rights, contact us via the Contact page. We will respond within the timeframes required by applicable law. Full details of candidate-specific rights, including rights under UK GDPR Article 22 and equivalent US state laws, are available on our Candidate Rights page.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Access to candidate data is restricted to platform systems and authorised personnel only.

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The date of the most recent update appears at the bottom of this page. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Questions, requests, or complaints regarding this Privacy Policy should be directed to us via the Contact page. We aim to respond to all privacy-related enquiries within two business days.