Privacy Policy — Talent at Platform

Controller: (Talent at Platform), the data controller for applicant processing.

1) Controller & Contact
1.1 Address: Othman Bin Affan Road, Al Narjis, Riyadh, Kingdom of Saudi Arabia.
1.2 DPO/Privacy contact: Talent at Platform — Email: Info@talentat.org — Phone/WhatsApp: +966 56 094 7755.

2) Data We Collect
2.1 Identity data name, contact data, career history and skills, qualifications/education/professional licenses, languages, start availability and notice periods, current/expected pay and benefits, location/relocation preferences, work authorization/visa status, professional references, interview and assessment outcomes, uploaded documents/CV.
2.2 We may request optional, role-related information.
2.3 Sensitive personal data (e.g., health/biometric for specific roles) is collected/processed only where strictly necessary, for a defined purpose, and with an additional explicit consent where required.

3) Sources of Personal Data
3.1 Directly from you via forms or communications.
3.2 From referees or professional references you provide.
3.3 From publicly available professional profiles or job platforms.
3.4 From testing/verification providers where lawful and relevant.

4) Purposes & Legal Bases for Processing
A) Suitability assessment, shortlisting, and cross-client matching — Legitimate interests, with separate consent where needed (e.g., broader matching or long-term retention).
B) Interview, assessment, and logistics management — Pre-contractual steps/legitimate interests; explicit consent for sensitive data where required.
C) Professional/education/immigration verifications and regulatory compliance — Legal obligation and/or legitimate interests.
D) Communications and job alerts — Consent (revocable at any time); no use of sensitive data for marketing.
E) Security, quality, and aggregated anonymous analytics — Legitimate interests with data-minimization and limited retention.

5) Sharing & Recipients
5.1 Clients (hiring organizations): receive your CV/profile for evaluation as independent controllers under their own privacy notices.
5.2 Processors: technology vendors (ATS, hosting, video-interview, testing) acting under data processing agreements and appropriate safeguards.
5.3 Regulators/authorities: where required by law or to respond to complaints.

6) International Data Transfers
6.1 By default, data is stored in technology vendors (ATS).
6.2 Limited transfers outside KSA may occur under applicable conditions (e.g., adequacy decisions or approved contractual/legal safeguards) following a transfer risk assessment.
6.3 We will seek separate explicit consent for international transfers where required by law and will explain residual risks and your choices (including the option to refuse).

7) Retention & Deletion
7.1 We retain your data for the active hiring process and then for 6 months in a long-lived talent pool to notify you about future roles.
7.2 We will request re-consent before extending retention.
7.3 We delete or pseudonymize data upon purpose completion or consent withdrawal, with limited retention for compliance or legal defense.

8) Your Rights & How to Exercise Them
8.1 Rights: access and copy, rectification, deletion, restriction, objection to processing, withdrawal of consent, and complaint to the competent regulator.
8.2 How to submit: via Info@talentat.org with appropriate identity verification.
8.3 Timeline: target response within 10 work days of a complete, verified request.
8.4 Withdrawal of consent does not affect lawful processing prior to withdrawal. Limited retention may apply for compliance.

9) Automated Decision-Making & Profiling
9.1 We may use initial automated parsing/matching to triage applications; human review occurs before any final progression or permanent rejection.
9.2 You may object and request human review.

10) Security & Incident Response
10.1 We apply organizational and technical measures (least-privilege access, encryption in transit/at rest, access logging, security testing, staff training).
10.2 If a breach presents a risk of harm to you, we will notify the competent authority within a reasonable time frame and inform you without undue delay, in line with applicable requirements.

11) Children’s Data & Those Lacking Capacity
11.1 Where the data subject is a minor or lacks legal capacity, a legal guardian exercises rights and grants/withdraws consent, subject to verification and the child’s best interests.

12) Cookies & Tracking
12.1 Our careers portal/ATS may use cookies and similar technologies for technical, analytics, and experience-enhancement purposes.
12.2 Manage your choices, which details categories, purposes, retention, and consent options.

13) Changes to this Policy
13.1 We may update this Policy from time to time. We will indicate the Effective Date and Version and seek fresh consent where required.

Effective Date: October 01, 2025 — Version: V.03