Privacy Policy

Talent Lab ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR).

1. What data we collect

When you submit a profile via our forms, we may collect:

• Your name and email address
• Your LinkedIn profile URL
• GitHub, HuggingFace, Google Scholar, or personal website URLs (if provided)
• Career history and skills data obtained via LinkedIn enrichment
• Qualification preferences: work type, day rate or salary expectations, remote preference, availability, notice period, location, and preferred contact method

2. How we use your data

We use your personal data to:

• Score your profile — We use AI to assess your skills, experience, and suitability for AI/ML roles
• Match you with jobs — We compare your profile and preferences against live job opportunities
• Contact you about opportunities — We may reach out via LinkedIn or email with relevant roles
• Improve our service — We analyse aggregated, anonymised data to improve scoring accuracy and job matching

3. Legal basis for processing

We process your data on the basis of legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is the provision of professional technology recruitment services. We collect and analyse publicly available professional data (LinkedIn profiles, GitHub activity, academic publications) to identify and connect skilled technology professionals with relevant career opportunities. We have assessed that this interest is not overridden by your rights and freedoms, given that: the data is limited to professional information you have chosen to make publicly available; we provide full transparency about our processing; and you can opt out at any time.

4. Data retention

We retain your personal data for as long as you have an active profile with us, or until you withdraw your consent or request erasure. If you request deletion, we will remove your data within 30 days, except where we are legally required to retain it.

5. Third parties

We share your data with the following third-party services, solely for the purposes described above:

• Lemlist — Outreach automation (LinkedIn connection requests and email communication)
• Apify / HarvestAPI — LinkedIn profile enrichment to gather public career data
• Anthropic (Claude) — AI-powered profile scoring and analysis

These providers process data on our behalf and are bound by their own privacy policies and data processing agreements.

6. Your rights

Under the UK GDPR, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Ask us to correct any inaccurate or incomplete data
• Erasure — Request that we delete your personal data. To request removal from our talent pool, email jon@midfieldgroup.co.uk with the subject line ‘Opt-out request’ and your name and/or LinkedIn profile URL. We will process your request within 30 days. Where possible, we will anonymise rather than delete your profile, preserving only non-identifiable analytical data (such as skill categories and aggregate scores) that cannot be linked back to you.
• Restrict processing — Ask us to limit how we use your data
• Data portability — Request your data in a structured, machine-readable format
• Withdraw consent — Withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal

6a. Automated decision-making and profiling

We use automated processes to score and rank candidate profiles based on skills, career history, and publicly available data. These scores are used to identify candidates who may be relevant for specific roles. You have the right to request human review of any automated assessment, or to opt out of automated profiling entirely by contacting us at jon@midfieldgroup.co.uk.

6b. Security incidents

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, where the breach is likely to result in a risk to individuals' rights and freedoms. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay. To report a suspected security incident, contact jon@midfieldgroup.co.uk.

7. Contact us

To exercise any of your rights, or if you have questions about this policy, please contact:

Jon Roberts
jon@midfieldgroup.co.uk

8. Supervisory authority

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

https://ico.org.uk/make-a-complaint/