At Talk & Hire ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered recruitment platform ("Platform").
Important: Our Platform uses advanced artificial intelligence and voice technology to enhance recruitment services. This policy specifically addresses how we handle voice recordings, AI-generated insights, transcripts, and other sensitive data. Please read carefully to understand your rights and our obligations under UK GDPR and applicable data protection laws.
1. Who We Are
Legal Entity & Data Controller
Talk & Hire is the data controller responsible for your personal data.
Registered Office:
[Insert Full Business Address]
Contact & DPO
For data protection queries:
Email: support@talkandhire.ai
Data Protection Officer: dpo@talkandhire.ai
ICO Registration: [Insert ICO Registration Number]
2. Personal Data We Collect
We collect personal data that is necessary to provide our recruitment services. This includes:
Contact & Identity Information
Name, email address, phone number, postal address, date of birth, and any other identifying information you provide.
Professional Information
CV/resume, employment history, educational qualifications, professional certifications, LinkedIn profile, work portfolio, references, salary expectations, location preferences, and eligibility to work.
User-Generated Content
Any documents, files, images, or materials you upload to the Platform, including cover letters, portfolios, and supporting documents.
Usage & Technical Data
IP address, browser type and version, device information, operating system, time zone setting, browser plug-in types, location data, log files, cookies, and analytics data about how you interact with our Platform.
Communications Data
Your preferences for receiving marketing communications, records of correspondence via email, phone, SMS, WhatsApp, or other channels.
3. Voice Data & AI Interactions
Voice Recordings & Transcripts
We record and transcribe telephone conversations with our AI assistant ("Talk"). Voice recordings constitute personal data under UK GDPR as they can identify you through voice characteristics, accent, speech patterns, and content.
What Voice Data Includes:
- Audio recordings of conversations with our AI
- Automated transcriptions of these recordings
- Voice characteristics and biometric voice data
- Content of conversations, including any information you voluntarily share
- AI-generated summaries and analysis of conversations
Important Notice
You will be notified at the start of each call that it is being recorded. Continuing the call after this notification constitutes your consent. Voice data may reveal special category information about your health, ethnic origin, or other protected characteristics. We screen and minimize such data where possible, but cannot guarantee complete removal.
AI-Generated Data
Our AI systems generate insights, recommendations, candidate scores, and structured summaries based on your interactions. This derived data is also considered personal data.
Special Category Data
If you voluntarily disclose information about health, disabilities, race, religion, or other protected characteristics during conversations, we process this under explicit consent (Article 9(2)(a) UK GDPR).
4. How We Use Your Personal Data
Job Matching & Placement
To identify suitable job opportunities, match you with employers, facilitate introductions, and provide personalized recruitment services tailored to your skills and preferences.
AI Training & Development
To improve our AI systems, train machine learning models, conduct quality assurance, and enhance platform functionality. We use anonymized and aggregated data where possible.
Communication
To contact you via email, phone, SMS, or WhatsApp regarding job opportunities, platform updates, feedback requests, or on behalf of partner employers.
Security & Compliance
To prevent fraud, misuse, or unauthorized access; comply with legal obligations; resolve disputes; and enforce our Terms of Service.
Analytics & Research
To understand platform usage, conduct market research, generate business insights, and improve user experience through aggregated, anonymized data analysis.
Marketing
To send promotional communications about our services (with your consent). Aggregated data may be used for marketing materials without identifying individuals.
Aggregated & Anonymized Data
We may compile aggregated statistics (e.g., "500 software engineers registered this month" or "average salary expectation for senior roles is £X") for marketing, analytics, or public reporting. This data does not identify you personally and is not subject to GDPR restrictions.
5. Legal Basis for Processing
Under UK GDPR Article 6, we process your data based on the following lawful grounds:
Consent (Article 6(1)(a))
For voice recording, AI-driven matching, and marketing communications. You can withdraw consent at any time without affecting prior processing.
Contractual Necessity (Article 6(1)(b))
To provide recruitment services, facilitate introductions, and fulfill our obligations under our Terms of Service.
Legitimate Interests (Article 6(1)(f))
For platform security, fraud prevention, business analytics, and operational improvements where our interests are not overridden by your fundamental rights.
Legal Obligation (Article 6(1)(c))
To comply with applicable laws, regulations, court orders, or governmental requests.
Special Category Data (Article 9(2)(a))
We process special category data (health, ethnicity, religion, etc.) only with your explicit consent provided during registration or collected at the time you volunteer such information. You can withdraw this consent at any time.
6. AI Processing & Transparency
How Our AI Works
Our Platform uses large language models and machine learning algorithms to analyze your profile, conversations, and preferences to generate job recommendations and insights. This includes:
- Natural language processing of voice transcripts
- Matching algorithms that compare your profile to job requirements
- Sentiment and skills analysis from conversations
- Predictive scoring for role suitability
AI Limitations
AI systems may occasionally produce inaccurate outputs ("hallucinations"), exhibit bias, or make errors. We implement bias detection measures but cannot guarantee complete accuracy.
You should not regard AI outputs as definitive professional advice.
Human Oversight
All final recruitment decisions involve human review. Our team members review AI-generated recommendations, and employers make independent hiring decisions. You have the right to request human review of any automated decision.
Data Protection Impact Assessment (DPIA)
We have conducted Data Protection Impact Assessments for our AI processing activities, particularly voice recording and automated profiling, as required by UK GDPR Article 35. Summaries are available upon request.
7. Data Sharing & Third Party Disclosure
Automatic Employer Sharing
For Job Seekers who registered via Talk: By default, we automatically share your candidate profile with employers we reasonably believe align with your experience and preferences. This is necessary to provide our core recruitment service.
What We Share:
- Name and contact information
- CV/resume and professional details
- Relevant conversation summaries (not full recordings)
- Skills and preferences
Opt-Out: You can change your settings to require explicit consent before each employer introduction. Contact support@talkandhire.ai
Service Providers & Processors
We engage third-party service providers who process data on our behalf:
- AI & Cloud Services: Anthropic, OpenAI, Google Cloud, AWS
- Communications: Twilio, SendGrid, WhatsApp Business API
- Analytics: Google Analytics, Mixpanel
- CRM & Database: Salesforce, MongoDB
All processors are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance.
Legal & Regulatory Disclosure
We may disclose your data to comply with legal obligations, court orders, law enforcement requests, or to protect our rights, property, or safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified of any such change.
No Data Selling
We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
8. International Data Transfers
Some of our service providers are located outside the UK and European Economic Area (EEA). When we transfer your personal data internationally, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved contracts ensuring GDPR-level protection
- UK International Data Transfer Agreement (IDTA): UK-specific safeguards for data transfers
- Adequacy Decisions: Transfers to countries deemed adequate by UK government
- Binding Corporate Rules: For processors with approved internal data governance
Specific International Transfers
| Provider | Location | Safeguard |
|---|---|---|
| AI Services (Anthropic, OpenAI) | USA | SCCs + IDTA |
| Cloud Storage (AWS, GCP) | USA, EU | SCCs + IDTA |
You may request copies of the safeguards in place by contacting our DPO.
International Users Notice
If you access our Platform from outside the UK, you acknowledge that your data will be processed in the UK and potentially other jurisdictions. By using our services, you consent to such transfers where they are necessary for service provision.
9. Data Retention & Deletion
Standard Retention Period
We retain your personal data for as long as necessary to provide our services and for legitimate business purposes. Standard retention periods:
- Active accounts: Duration of service use
- Inactive accounts: Up to 48 months after last activity
- Voice recordings: 48 months or upon request
- Transaction records: 6-7 years (tax/accounting requirements)
Account Deletion
You may request deletion of your account and personal data at any time by emailing support@talkandhire.ai
Response Time: We will action deletion requests within 30 days. Some data may be retained where legally required or for legitimate interests (e.g., fraud prevention).
Exceptions to Deletion
We may retain certain data beyond your deletion request where:
- Required by law (e.g., accounting records, legal disputes)
- Necessary for legal claims or defense
- Aggregated/anonymized data that no longer identifies you
- Backup systems (deleted within 90 days of next backup cycle)
Important: Impact of Deletion
Deleting your voice recordings or conversation data may limit our ability to provide optimal services, as our AI relies on this information for personalized matching. Consider requesting restriction of processing instead.
10. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data. We provide this free of charge within one month.
Right to Rectification
Correct inaccurate or incomplete personal data. Update your profile anytime via account settings.
Right to Erasure
Request deletion of your personal data ("right to be forgotten") where no legitimate grounds exist for continued processing.
Right to Restrict
Limit how we process your data while we investigate accuracy concerns or legitimate grounds.
Data Portability
Receive your data in a structured, machine-readable format to transfer to another controller.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes. We will cease unless compelling grounds exist.
Exercising Your Rights
To exercise any of these rights, email us at support@talkandhire.ai or contact our DPO at dpo@talkandhire.ai
- We will respond within one month (extendable to three months for complex requests)
- We may require proof of identity to prevent unauthorized disclosure
- All requests are free of charge unless manifestly unfounded or excessive
Right to Lodge a Complaint
If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK supervisory authority:
11. Security Measures
Technical Safeguards
- End-to-end encryption for data in transit (TLS 1.3)
- AES-256 encryption for data at rest
- Multi-factor authentication (MFA) for account access
- Regular security audits and penetration testing
- Automated threat detection and monitoring
Organizational Safeguards
- Role-based access controls (RBAC)
- Employee confidentiality agreements
- Regular data protection training
- Incident response procedures
- Third-party security certifications (SOC 2, ISO 27001)
Data Breach Notification
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the ICO within 72 hours of becoming aware
- Inform affected individuals without undue delay where high risk exists
- Provide details of the breach, likely consequences, and mitigation measures
Important Limitation: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute protection against unauthorized access, theft, or data loss. You are responsible for maintaining the confidentiality of your login credentials.
12. Automated Decision-Making & Profiling
Use of Automated Processing
Our Platform uses automated decision-making and profiling to match you with suitable job opportunities. This includes:
- AI-powered candidate scoring and ranking
- Automated job matching based on skills and preferences
- Sentiment analysis of voice conversations
- Predictive assessment of role suitability
Your Right to Human Intervention
Under UK GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. You may request:
- Human review of AI-generated decisions
- Explanation of automated decision logic
- Challenge or contest automated decisions
Safeguards in Place
- All employer introductions reviewed by humans
- Final hiring decisions made by employers, not AI
- Regular bias audits of AI systems
- Transparency about automated processing
- Ability to opt-out of certain profiling activities
To request human intervention or contest an automated decision, email support@talkandhire.ai with details of the decision you wish to challenge.
13. Children's Privacy
Age Restriction
Our Platform is not intended for individuals under the age of 16 years. We do not knowingly collect personal data from children.
If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete such information. Parents or guardians who believe we may have collected data from their child should contact us immediately at support@talkandhire.ai
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.
How We Notify You
- Material Changes: We will notify you via email to your registered address at least 30 days before changes take effect
- Minor Changes: Announced via prominent notice on our website
- Continued Use: Your continued use after the effective date constitutes acceptance of the updated policy
Version History: Previous versions of this Privacy Policy are available upon request. We maintain an archive dating back to our initial policy publication.
This Privacy Policy will be reviewed and updated at least annually or as required by changes in applicable law or our business practices.
15. Contact Us
General Inquiries
Email: support@talkandhire.ai
Website: talkandhire.ai
Data Protection Officer
Email: dpo@talkandhire.ai
For: Data protection rights, complaints, GDPR inquiries, DPIA requests
Regulatory Authority
If we cannot resolve your data protection concern, you may contact:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk