Privacy Policy

DATA SHARING AGREEMENT

Last updated: September 2025

THIS DATA SHARING AGREEMENT (“DSA”) is entered into as of the Effective Date by and between: (1) Dex Talent Ltd (company number 16276853) whose registered office is at Aston House, Cornwall Avenue, London, United Kingdom, N3 1LF (“Dex”); and (2) the entity or other person who is a counterparty to the Business Terms (as defined below) into which this DSA is incorporated and forms a part (“Client”), together the “Parties” and each a “Party”.

THE PARTIES HEREBY AGREE AS FOLLOWS:

  1. DEFINITIONS AND INTERPRETATION

    1. In this DSA, the following terms shall have the meanings set out in this Section 1.1, unless expressly stated otherwise:

      1. Applicable Data Protection Laws” means the privacy, data protection and data security laws and regulations of any jurisdiction applicable to the Processing of Shared Personal Data under the Business Terms, including, without limitation, the UK GDPR (in each case only if and to the extent applicable).

      2. Business Terms” means the Dex’s Terms for Finding Your Next Great Hire or any other applicable terms entered into by and between the Parties.

      3. Candidate Terms” means the Dex’s Candidate Terms accessible on [INSERT URL]. 

      4. Controller” means the natural or legal person that determines the purposes and means of the Processing of Personal Data.

      5. Data Subject” means an identified or identifiable natural person.  

      6. Effective Date” means the date on which the Business Terms became effective between the Parties in accordance with their terms.

      7. “Personal Data” means any information that relates to a Data Subject. 

      8. Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

      9. Processing”, means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and other inflections of Process shall have the correlative meaning.

      10. Restricted Transfer” means the disclosure, grant of access or other transfer of Shared Personal Data to a third party in a country or territory outside the UK which does not benefit from an adequacy decision from the UK Government, which would be prohibited without a legal basis under Chapter V of the UK GDPR.

      11. Shared Personal Data” means any Personal Data provided or communicated by or on behalf of Dex to the Client under the Business Terms, as more fully set out in the Annex (Data Sharing Details).

      12. Supervisory Authority” means the UK Information Commissioner’s Office (or its successor).

      13. UK GDPR” means the UK General Data Protection Regulation (as amended from time to time).

    2. Unless otherwise defined in this DSA, all capitalised terms in this DSA shall have the meaning given to them in the Business Terms.

  2. PROCESSING OF SHARED PERSONAL DATA

    1. The Parties agree that:

      1. the sharing of the Shared Personal Data by Dex with the Client is necessary to facilitate Introductions in accordance with the Business Terms; and

      2. the Processing of the Shared Personal Data as envisaged by this DSA and the Business Terms is either: (i) necessary for Dex to perform its contractual obligation to the Candidates under and in accordance with the Candidate Terms in in the legitimate interests pursued by the Parties and in the legitimate interests of the Candidates.

    2. In relation to the Processing of Shared Personal Data under the Business Terms, each Party shall:

      1. comply with its respective obligations under Applicable Data Protection Laws as a separate and independent Controller; 

      2. make a Restricted Transfers only in compliance with Applicable Data Protection Laws; and

      3. provide reasonable assistance to the other Party as is reasonably required to enable the other Party to comply with Applicable Data Protection Laws.

    3. In relation to the Processing of Shared Personal Data under the Business Terms, the Client shall:

      1. provide reasonable assistance to Dex if Dex receives a written request from a Data Subject to exercise their rights in relation to the Shared Personal Data, and such request relates to Processing by the Client;

      2. notify Dex without undue delay (and in any event within seventy-two (72) hours) upon becoming aware of a Personal Data Breach affecting the Shared Personal Data, and provide Dex with sufficient information to allow Dex to meet any obligations under Applicable Data Protection Laws to inform affected Data Subjects and/or Supervisory Authorities of such Personal Data Breach; 

      3. taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of its Processing of Shared Personal Data, implement appropriate technical and organisational measures in relation to Shared Personal Data to ensure a level of security appropriate to that risk, which may include where relevant: 

        1. data security controls which include at a minimum logical segregation of data, access monitoring, and utilisation of industry-standard encryption technologies for Shared Personal Data; 

        2. measures designed to ensure ongoing integrity, availability and resilience of systems and services used to Process Shared Personal Data; 

        3. systems for physical and environmental security of production resources which are designed to: (1) protect information assets from unauthorised physical access; and (2) guard against environmental hazards such as heat, fire and water damage; and

        4. network security controls that provide for the use of firewalls and intrusion detection systems designed to protect systems Processing Shared Personal Data from intrusion.

  3. MISCELLANEOUS

    1. Dex may from time to time by notice to the Client make updates to this DSA that are reasonably necessary to address the requirements of Applicable Data Protection Laws.  

    2. This DSA is hereby incorporated into and forms part of the Business Terms with effect from the Effective Date. In the event of any conflict or inconsistency between this DSA and the Business Terms, this DSA shall prevail.

ANNEX

Data Sharing Details

Dex’s Details


Name:

Dex Talent Ltd

Address:

Aston House, Cornwall Avenue, London, United Kingdom, N3 1LF

Contact Details for Data Protection:

Email: privacy@meetdex.ai 

Dex’s Activities:

A company using AI-powered tools to introduce Candidates to businesses like the Client’s for permanent or contract roles.

Role: 

Controller 


Client’s Details


Name:

As set out in the Business Terms

Address:

As set out in the Business Terms

Contact Details for Data Protection:

As set out in the Business Terms

Client’s Activities:

A company wishing to be introduced by Dex to Candidates for software engineering or other roles.

Role:

Controller


Details of Processing of Shared Personal Data


Categories of Data Subjects:

Candidates

Categories of Personal Data:

  • Name and contact details

  • Work experience and employment history

  • Education details

  • Skills

  • Link to a LinkedIn profile

  • Any other relevant information included in a CV and LinkedIn profile

Sensitive Categories of Data:

N/A

Frequency of the Restricted Transfer:

Ongoing / continuous

Nature and purpose of the Processing:

Processing operations relevant to the provision and/or receipt of Shared Personal Data under the Business Terms