Privacy Notice

Last updated: _to be set on first publication_

This notice explains how Formula Recruitment Ltd handles personal data when you use the Talent Intelligence Platform ("TIP"). It is written in plain language; the technical safeguards behind it are described in our Data Protection Impact Assessment and the more detailed records we maintain internally.

Who we are

Formula Recruitment Ltd is a company registered in England and Wales, operating the Talent Intelligence Platform. We are the data controller for our own platform-level processing (your account, audit log, support interactions). For assessment data, we act as a processor on behalf of the organisation that invited you onto the platform; that organisation is the controller of your responses and scoring results.

If you have any question about this notice, write to privacy@formulati.co.uk. Our Data Protection Officer is appointed during Phase 6b of our rollout; until that appointment is published, your enquiry is routed to the engineering and compliance lead jointly.

What data we process

We process the following categories of personal data:

• Account data — your name, your email address, and (optionally)

your profile avatar from the OAuth provider you used to sign in.

• Assessment responses — the free-text and structured answers you

provide when you take an assessment. This is the substance of the service. We retain the exact wording you submitted so that the scoring result is auditable; we treat your responses as forensic records.

• Scoring results — the dimensional scores, narrative, and

recommendation produced by our AI scoring step. Your individual result is visible to you; the org user who manages the assessment also sees it.

• Audit metadata — who looked at what, and when. Strictly the

minimum necessary to demonstrate compliance and to investigate security incidents.

We do not process special-category data under Art. 9. If you choose to include such data in a free-text response — for example, mentioning a health condition in the context of a scenario — please be aware that it will be stored as part of your response.

Lawful basis

The lawful basis we rely on depends on how you came to be on the platform:

• Candidates (external recruitment). We rely on your consent

(Art. 6(1)(a)). You are asked to consent before the assessment begins, and you can withdraw consent at any time by contacting the org that invited you or by writing to privacy@formulati.co.uk.

• Employees taking an internal capability assessment. Your

employer relies on legitimate interest (Art. 6(1)(f)) — the legitimate interest of managing capability planning — and is required to give you advance notice. You can object under Art. 21.

• Paying organisations using TIP. We process the org's data on

the basis of contract performance (Art. 6(1)(b)) — performing our SaaS contract with them.

How long we keep it

Retention defaults are:

• Assessment responses: 365 days from submission.
• Scoring results: 730 days from scoring.
• Person records (identity attributes): 730 days from last

activity.

• Audit metadata: held for the longer of (a) seven years for

security forensics and (b) the duration required by applicable law.

Organisations can configure shorter retention windows for their own tenant; the windows above are the platform defaults and the maximum periods we hold this data without an explicit longer-retention agreement. A daily retention sweep hard-deletes rows past the configured window.

Your rights

Under UK GDPR you have the following rights. To exercise any of them, write to privacy@formulati.co.uk; we respond within one month.

• Access (Art. 15). We provide a machine-readable dump of every

record we hold on you. The org-admin surface inside TIP can produce this for you directly.

• Rectification (Art. 16). We correct inaccurate identity

attributes on request. Assessment responses are forensic records and are not rectified — if you want to change a substantive answer, we instead re-run the assessment and supersede the prior result.

• Erasure (Art. 17). On request we cryptographically erase your

personal data. The mechanism is described in the DPIA; the practical effect is that the encrypted payload on disk becomes mathematically unrecoverable, and the audit log retains only the minimum metadata necessary to prove the erasure happened.

• Restriction (Art. 18). This right is deferred to a v2 release of

the platform. Until it ships, please raise restriction requests via the privacy mailbox and we will handle them as exceptions.

• Portability (Art. 20). Your access dump is provided in a

machine-readable JSON format that you can transmit to another controller.

• Objection (Art. 21). You can object to processing based on

legitimate interest at any time. We stop the processing unless we can demonstrate compelling legitimate grounds.

• Human review (Art. 22). The AI scoring step in TIP is advisory

only. The final hiring decision is always made by a human. You can request human review of any scoring result, and you can also ask us to re-run the scoring on the same responses.

Sub-processors

We use a small number of carefully chosen sub-processors to deliver the service. Each is contractually bound to UK GDPR-compatible terms and, where the processing involves a transfer outside the UK/EEA, the transfer is protected by the appropriate Art. 44–50 mechanism (typically the Standard Contractual Clauses, 2021/914).

The current list is maintained in SUBPROCESSORS.md.

Contact

For any privacy enquiry, including exercising your rights, write to:

privacy@formulati.co.uk

For security incidents and vulnerability reports, write to:

security@formulati.co.uk