Privacy Policy
Applicant Privacy Notice
Welcome to Dex’s Applicant Privacy Notice for applicants for employment or other engagements at Dex.
What does this Privacy Notice Cover?
Dex respects your privacy and is committed to protecting your Personal Data.
The purpose of this Privacy Notice is to provide our applicants with information about how and why we process their Personal Data and to tell them about their privacy rights and how the law protects them.
With that in mind, this Privacy Notice is designed to describe:
The table of contents is empty because you aren't using the paragraph styles set to appear in it.
Important notes:
This Privacy Notice is intended to meet our duties of transparency under the UK’s implementation of the General Data Protection Regulation (the “UK GDPR”).
It is important you read this Privacy Notice so that you are aware of how and why we are using your Personal Data, your rights and how the law protects you.
This Privacy Notice does not form an operative part of any future contract you may have with Dex and is not intended to create any employment relationship between you and Dex.
You should be aware that if you fail to provide certain Personal Data when requested, we may not be able to perform steps necessary to enter into a contractual relationship with you or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
We may update this Privacy Notice from time to time. If we do so, we will provide you with and/or make available, a revised Privacy Notice.
Who we are and how to contact us
Who we are
Dex Talent Ltd (“Dex”, “we”, “us” or “our”) is the Controller (as defined in the UK GDPR) for the purposes of the Processing of your Personal Data described in this Privacy Notice.
Our address is: Aston House, Cornwall Avenue, London, United Kingdom, N3 1LF.
How to contact us.
To contact us, you can either:
email us at privacy@meetdex.ai; or
write to us at the postal address noted above.
Your rights relating to your Personal Data
Your rights in connection with your Personal Data
Under certain circumstances, by law you have the right to:
Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data which you have provided to us, in a structured, commonly used, machine-readable format. Note that this right only applies to Personal Data we process by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent. This right only exists where we are relying on consent to process your Personal Data.
How to exercise your rights
If you want to exercise any of the rights described above, please contact us using the contact details shown in the “Who We Are and How to Contact Us” section above.
We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to assist us in responding to your request.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to withdrawal of your consent (see above), we may charge a reasonable fee if your request is clearly unfounded or excessive, or, we may refuse to comply with your request in these circumstances.
Please also note that in certain circumstances the rights above will not apply and/or in certain circumstances some categories of Personal Data will be exempt from the scope of those rights. We will notify you where this is the case.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you would like to make a complaint regarding this Privacy Notice, you can contact us using the contact details shown in the “Who We Are and How to Contact Us” section above. We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that the UK GDPR also gives you the right to make a complaint directly to the UK Information Commissioner’s Office:
Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Telephone: +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/
What Personal Data we collect
All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.
Category of Personal Data collected | What this means |
Identity Data | First name, middle name(s), surname, title, national identification and/or passport details, national insurance / social security number or other tax-related information, driver’s licence, photographs. |
Contact Data | Your home address, work address, email address and telephone numbers. |
Biographical Data | First name, middle name(s), surname, maiden name, marital/civil partnership status, title, date of birth, gender, ethnicity, education history, professional history, professional qualifications and memberships, references, information relating to references such as referees’ names and contact details, information contained within letters of application and CVs, language proficiencies and other skills, certifications, certification expiration dates and information necessary to complete background checks. |
Immigration Data | National identification and/or passport number, details of residency and/or work permit and other information that would allow us to verify your eligibility to work for us in your relevant role. |
Engagement Data | Title and description of your prior roles, department, work location, dates of prior employment/engagement, employment/engagement status and type (e.g., full-time/part-time), terms of employment/engagement, contracts, work history (current, past, or prospective), training and learning program participation, termination date(s) and reason, length of service, willingness to relocate, current salary, desired salary, employment/engagement preferences, information necessary to complete background checks, drug and/or alcohol tests, and other screens permitted by law. |
Facilities Data | Information about your access to Dex offices and facilities (e.g., keycard scans and security camera footage). |
Other Data | This might include data not listed above that you provide to us, such as your feedback and survey responses where you choose to identify yourself. |
Personal Data from Third-Party Sources
In addition to the Personal Data that we collect from you directly, in certain circumstances, we may also collect Personal Data from third-party sources. Please see below for a list of the types of third-party sources from which we may collect your Personal Data (including whether the source of that Personal Data is publicly available):
Agencies or recruiters that refer you to us.
Job board websites you may use to apply for a job with us.
Prior employers, companies or persons, when they provide us with references.
Professional references that you authorise us to contact.
Providers of background check, credit check, or other screening services (where permitted by law).
Your social media profiles or other publicly-available sources (information gathered from these sources is publicly-available).
How we use your Personal Data and why
In respect of each of the purposes for which we use your Personal Data, the UK GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:
Where we need to take steps at your request prior to entering into a contract with you (“Contractual Necessity”).
Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.
The table below shows at a very high-level how we may use your Personal Data and the relevant legal bases we rely upon for that use.
For more information – see the Appendix to this Notice. In that Appendix, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.
Purpose | Legal basis |
Pre-contractual performance. We may process your Personal Data (including sharing it with third parties, where appropriate) where necessary to take pre-contractual steps relating to your potential employment or engagement, including managing the recruitment process and taking any associated steps you may request prior to entering into any contract with you. | Contractual Necessity. |
Talent management. We may process your Personal Data (including associated sharing with third parties, where appropriate) for talent management purposes, including for the purposes of considering your job application and determining whether, and on what terms, to make an offer to employ or engage you. | Legitimate Interests. |
Business operation and improvement. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our business. | Legitimate Interests. |
Facilities management. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our premises and facilities. | Legitimate Interests. |
Protection of health and vital interests. We may process your Personal Data to protect your vital interests or those of a third party. | Vital Interests. |
Compliance and protection. We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise or defence of legal claims). | Depending on the circumstances: Compliance with Law or Legitimate Interest. |
Data sharing in the context of corporate transactions. We may Process and disclose Personal Data in the context of actual or prospective corporate transactions. | Legitimate Interest. |
Privacy Protective Steps. We may create aggregated, de-identified and/or anonymised data from your Personal Data. | Legitimate Interest. |
Further uses. In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to such use of your Personal Data for those further purposes in so far as they are not compatible with the initial purpose for which information was collected. | Consent or the original legal basis where the relevant further use is compatible with the initial purpose. |
In addition to establishing a legal basis, where we use any ‘special categories’ of Personal Data (e.g., your Health Data), we also have to satisfy an additional condition to process such Personal Data, because it is considered to be more sensitive in nature. The condition that may apply will depend on the circumstances and the purposes of the relevant processing. However, as examples of the conditions that we may rely upon:
We may need to Process that data because it is necessary for reasons of substantial public interest (e.g., for equal opportunities monitoring, preventing or detecting unlawful acts etc).
We may need to Process that data because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).
Automated decisions
We may automatically process your Personal Data to match you with open opportunities at Dex.
We use natural language processing to extract and evaluate your skills, experience, qualifications and interests. We compare this information against job descriptions to generate matches we believe to be of mutual interest. The data you submit may influence the roles visible to you on the Dex platform.
Depending on where you are based, you may have the right to request a review of any decision made solely by automated means, to express your point of view, and to contest the decision. To exercise this right, please contact us using the contact details shown at the start of this Privacy Notice.
Who we share your Personal Data with
As part of our business and in relation to your application, we may share your Personal Data with certain third parties – please see the list below for information about the categories of such third-party recipients:
Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent. For example, this may occur:
to enable our group to operate shared infrastructure, systems and technology,
as part of our reporting activities on performance of the group and its members,
in the context of a business reorganisation or restructuring exercise.
Service Providers. Providers of services to Dex or our group. For example, this may involve sharing of Personal Data with such providers for the purposes of:
human resources,
travel, transportation and accommodation,
IT systems and support, information and physical security,
background checks and other screenings.
Professional advisers. Accountants, auditors, lawyers, insurers, bankers, and other professional advisors.
Parties involved in corporate transactions. We may disclose Personal Data in the context of actual or prospective business transactions (e.g., investments in Dex, financing of Dex, public share/stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose your Personal Data to an acquirer, successor, or assignee of Dex as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets. Please note, we would always look to take steps to minimise the amount and sensitivity of any Personal Data shared in these contexts where possible and appropriate.
Compliance and protection related sharing. We may need to or may have a legitimate interest in, sharing your Personal Data with entities that regulate or have jurisdiction over us (such as regulatory authorities, public bodies and judicial bodies). We may also share your Personal Data in the context of protecting our, your or others' rights, privacy, safety or property (including by establishing, making and defending legal claims).
Data transfers
We may share your Personal Data with third parties who are based outside the UK (including with certain of our Affiliates) in connection with the Processing of Personal Data described in this Privacy Notice.
In such circumstances, their processing of your Personal Data will involve a transfer of your Personal Data to countries based outside the UK. Whenever we transfer your Personal Data outside the UK, we try to ensure a similar degree of protection is afforded to it by making sure that at least one of the following mechanisms is implemented:
Transfers to territories with an adequacy decision. We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Government from time to time.
Transfers to territories without an adequacy decision. We may transfer your Personal Data to countries that have not been deemed to provide an adequate level of protection for Personal Data by the UK Government – provided that, in these cases:
we may use specific appropriate safeguards, which are designed to give Personal Data effectively the same protection it has in the UK (e.g., the UK’s International Data Transfer Agreement or International Data Transfer Addendum to the European Commission’s ‘Standard Contractual Clauses’); or
in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – e.g., reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).
You can contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK. You may have the right to receive a copy of the appropriate safeguards under which your Personal Data is transferred – you can make a request by contacting us using the contact details shown in the “Who We Are and How to Contact Us” section above.
How we keep your Personal Data secure
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.
How long we store your Personal Data
Dex’s retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which it was collected, as set out in this Privacy Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.
When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the Personal Data.
Appendix – Detailed Processing Information
In the table below, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.
Processing activities | Personal Data | Legal basis |
Pre-contractual performance We may process your Personal Data (including sharing it with third parties, where appropriate) where necessary to take pre-contractual steps relating to your potential employment or engagement, including managing the recruitment process and taking any associated steps you may request prior to entering into a contract with you. |
| Contractual Necessity. |
Talent management We may process your Personal Data (including associated sharing it with third parties, where appropriate) for talent management purposes, including:
|
| Legitimate Interests. We have a legitimate interest in assessing applications and managing the recruitment process. |
Business operation and improvement We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our business, developing, improving and innovating in respect of present and future business plans and strategies and associated operations (such as our recruitment processes). |
| Legitimate Interests. We have a legitimate interest in operating, developing and improving our business and our products and services. |
Facilities management We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our premises and facilities, including:
|
| Legitimate Interests. We have a legitimate interest in managing and securing our premises and facilities, including conducting monitoring and investigations for these purposes. |
Protection of health and vital interests We may process your Personal Data (including sharing it with third parties, where appropriate) to protect your vital interests or those of a third party. This may include:
| Any and all data types relevant in the circumstances. | Vital Interests. We may need to process and share your Personal Data where necessary to protect your (or someone else's) vital interests – this typically means matters of life and death. |
Compliance and protection We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes, including to:
| Any and all data types relevant in the circumstances. | Compliance with Law. Legitimate Interests. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest in ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety. |
Data sharing in the context of corporate transactions We may Process and disclose Personal Data in the context of actual or prospective corporate transactions (for more information – see the details in “Who we share your Personal Data with” in the main body of the Privacy Notice). | Any and all data types relevant in the circumstances. | Legitimate Interests. We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate transaction (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations). |
Privacy Protective Steps We may create aggregated, de-identified and/or anonymised data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into de-identified and/or anonymised data by removing information that makes the data identifiable to you. | Any and all data types relevant in the circumstances. | Legitimate Interests. Where Compliance with Law is not applicable, we have a legitimate interest, and believe it is also in your interests, that we are able to take these privacy protective steps. |
Further uses In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to use your Personal Data for those further purposes if they are not compatible with the initial purpose for which information was collected. | Any and all data types relevant in the circumstances. | Consent, if the relevant further use is not compatible with the initial purpose for which the Personal Data was collected. The original legal basis relied upon (which will be as set out in this Privacy Notice) if the relevant further use is compatible with the initial purpose for which the Personal Data was collected. |